diff --git a/Makefile b/Makefile index 67e0d93180..648cb5e98a 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,9 @@ clean_all: clean clean_hugo_mod serve: bundle hugo server --buildDrafts --noHTTPCache --buildFuture +serve_production: bundle + hugo server --noHTTPCache --environment production + metrics: bundle hugo --gc --minify --enableGitInfo --templateMetrics --templateMetricsHints diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/config.toml b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/config.toml deleted file mode 100644 index f57cfe44a1..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[params.inspec-alicloud] -gh_path = "https://github.com/inspec/inspec-alicloud/tree/main/docs-chef-io/content/" diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_apsaradb_rds_instance.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_apsaradb_rds_instance.md deleted file mode 100644 index 2d6608b934..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_apsaradb_rds_instance.md +++ /dev/null @@ -1,170 +0,0 @@ -+++ -title = "alicloud_apsaradb_rds_instance Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_apsaradb_rds_instance" -identifier = "inspec/resources/alicloud/alicloud_apsaradb_rds_instance Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_apsaradb_rds_instance` InSpec audit resource to test detailed properties of an individual ApsaraDB RDS instance. - -ApsaraDB RDS supports the MySQL, SQL Server, PostgreSQL, PPAS (highly compatible with Oracle) and MariaDB database engines. - -## Syntax - -An `alicloud_apsaradb_rds_instance` resource block uses resource parameters to search for an ApsaraDB RDS instance, and then tests that -RDS instance. If no RDS instances match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. - -```ruby -describe alicloud_apsaradb_rds_instance('test-instance-id') do - it { should exist } -end -``` - -You can also use hash syntax: - -```ruby -describe alicloud_apsaradb_rds_instance(db_instance_id: 'test-instance-id') do - it { should exist } -end -``` - -## Parameters - -`db_instance_id` _(required)_ - -: This resource accepts a single parameter, the user-supplied instance identifier. - This can be passed either as a string if it is the only parameter, or using hash syntax, `db_instance_id: 'value'`. - -`region` _(optional)_ - -: The Alicloud Region ID - see the [Alicloud documentation on Regions and Zones](https://www.alibabacloud.com/help/doc-detail/40654.htm). - If provided, it must be passed as `region: 'value'`. - If not provided, the `ALICLOUD_REGION` environment variable will be used. - -See also the [Alicloud documentation on ApsaraDB RDS](https://www.alibabacloud.com/help/doc-detail/26092.htm). - -## Properties - -`instance_id` -: The ID of the database instance, e.g. 'rm-uf6wjk5xxxxxxxxxx'. - -`description` -: The display name of the instance, e.g 'test-database'. - -`instance_type` -: The role of the instance: 'Primary'/'Readonly'/'Guard'/'Temp'. - -`category` -: RDS edition of the instance: 'Basic'/'HighAvailability'/'AlwaysOn'/'Finance'. - -`engine` -: The database engine the instance runs, e.g. 'MySQL'. - -`engine_version` -: The version of the database engine that the instance runs, e.g. '5.5'. - -`allocated_storage` -: The storage capacity of the instance in GB, e.g. 10. - -`storage_type` -: One of 'local_ssd'/'ephemeral_ssd'/'cloud_ssd'/'cloud_essd'. - -`memory` -: The memory capacity of the instance in MB, e.g. 4096. - -`cpus` -: The number of CPUs configured for the instance, e.g. 2. - -`instance_class` -: The type of the instance, e.g. 'mysql.n2.medium.1'. - -`pay_type` -: The billing method of the instance: 'Postpaid'/'Prepaid'. - -`status` -: The status of the instance, e.g. 'Running'/'Rebooting' etc. - -`network_type` -: One of 'Classic or 'VPC'. - -`net_type` -: Either 'Internet' (connected over the Internet) or 'Intranet' (connected over an internal network). - -`vpc_id` -: The ID of the VPC to which the instance belongs. - -`in_default_vpc` -: True if the instance is in the default VPC, else false. - -`zone_id` -: The ID of the zone to which the instance belongs, e.g. 'cn-hangzhou-a'. - -`security_ips` -: The list of IP addresses allowed to access all databases of an instance, e.g. '10.23.12.24/16, 192.168.0.0/24'. - -`security_ip_mode` -: The network isolation mode of the instance: 'normal'/'safety'. - -## Examples - -**Test the engine used with an ApsaraDB RDS instance.** - -```ruby -describe alicloud_apsaradb_rds_instance(db_instance_id: 'alicloudrds123') do - its ('engine') { should eq 'mysql' } - its ('engine_version') { should eq '5.6.37' } -end -``` - -**Test the storage allocated to an RDS instance.** - -```ruby -describe alicloud_apsaradb_rds_instance(db_instance_id: 'alicloudrds123') do - its ('storage_type') { should eq 'gp2' } - its ('allocated_storage') { should eq 10 } -end -``` - -**Test the network accessibility of the RDS instance.** - -```ruby -describe alicloud_asparadb_rds_instance(db_instance_id: 'alicloudrds123') do - its ('in_default_vpc') { should be false } - its ('net_type') { should eq 'Intranet' } - its ('security_ips') { should_not eq '' } - its ('security_ips') { should_not include '0.0.0.0/0' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_apsaradb_rds_instance(db_instance_id: 'AnExistingRDS') do - it { should exist } -end -``` - -```ruby -describe alicloud_apsaradb_rds_instance(db_instance_id: 'ANonExistentRDS') do - it { should_not exist } -end -``` - -### Alicloud Permissions - -Your Principal will need the `rds:DescribeDBInstanceAttribute` and `vpc:DescribeVpcs` actions with Effect set to Allow. - -You can find documentation at [Use RAM to manage ApsaraDB for RDS permissions](https://www.alibabacloud.com/help/doc-detail/58932.htm#section-rhd-4ll-5gb). diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_apsaradb_rds_instances.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_apsaradb_rds_instances.md deleted file mode 100644 index 6ce28a0ea2..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_apsaradb_rds_instances.md +++ /dev/null @@ -1,153 +0,0 @@ -+++ -title = "alicloud_apsaradb_rds_instances Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_apsaradb_rds_instances" -identifier = "inspec/resources/alicloud/alicloud_apsaradb_rds_instances Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_apsaradb_rds_instances` InSpec audit resource to test properties of a collection of ApsaraDB RDS instances. - -ApsaraDB RDS supports the MySQL, SQL Server, PostgreSQL, PPAS (highly compatible with Oracle) and MariaDB database engines. - -## Syntax - -Ensure you have exactly 3 instances. - -```ruby -describe alicloud_apsaradb_rds_instances do - its('db_instance_ids.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`db_instance_ids` -: The unique IDs of the ApsaraDB RDS instances returned. - -`descriptions` -: The display names of the returned instances. - -`resource_groups` -: The IDs of the resource groups to which read-only instances belong. - -`net_types` -: The network types of the returned instances: one of 'Internet' or 'Intranet'. - -`instance_types` -: The roles of the returned instances: 'Primary'/'Readonly'/'Guard'/'Temp'. - -`multiple_zone_deployments` -: Boolean values indicating whether the instances are deployed in multiple zones (MutriORsignle API call). - -`network_types` -: The network types of the returned instances: one of 'Classic' or 'VPC'. - -`read_only_instance_ids` -: Lists of read-only instances attached to instances returned that are primary instances. - -`engines` -: The database engines the instances run, e.g. 'MySQL'. - -`engine_versions` -: The versions of the database engine that the instances run. - -`statuses` -: The status of the instances, e.g. 'Running'/'Rebooting' etc. - -`zone_ids` -: The IDs of the zones to which the instances belong. - -`instance_classes` -: The instance classes of the returned instances, e.g. 'mysql.n2.medium.1'. - -`create_times` -: The times when the returned instances were created. - -`vswitch_ids` -: The IDs of the vSwitches associated with the VPCs to which the returned instances belong. - -`pay_types` -: The billing methods of the returned instances: 'Postpaid'/'Prepaid'. - -`lock_modes` -: The lock status of the returned instances: 'Unlock'/'ManualLock'/'LockByExpiration'/'LockByRestoration'/'LockByDiskQuota'/'Released'. - -`storage_types` -: The types of disk storage of the returned instances: 'local_ssd'/'ephemeral_ssd'/'cloud_ssd'/'cloud_essd'. - -`vpc_ids` -: The IDs of the VPCs to which the instances belong. - -`connection_modes` -: The connection modes of the returned instances: 'Standard'/'Safe'. - -`vpc_cloud_instance_ids` -: The IDs of the read-only instances returned, that reside in VPCs. - -`region_ids` -: The region IDs of the returned instances. - -`expire_times` -: The expiration times of the returned instances. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a specific instance exists.** - -```ruby -describe alicloud_apsaradb_rds_instances do - its('db_instance_ids') { should include 'rm-a1b2c3d4e5f6' } -end -``` - -**Use the InSpec resource to request the IDs of all ApsaraDB RDS instances, then test in-depth using `alicloud_apsaradb_rds_instance` to ensure all instances have the expected network security settings.** - -```ruby -alicloud_apsaradb_rds_instances.db_instance_ids.each do |db_instance_id| - describe alicloud_apsaradb_rds_instance(db_instance_id) do - its('in_default_vpc') { should be false } - its('security_ips') { should_not cmp '' } - its('security_ips') { should_not include '0.0.0.0/0' } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe alicloud_apsaradb_rds_instances do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_apsaradb_rds_instances do - it { should_not exist } -end -``` - -### Alicloud Permissions - -{{% inspec-alicloud/alicloud_principal_action action="rds:DescribeDBInstances" %}} - -You can find documentation at [Use RAM to manage ApsaraDB for RDS permissions](https://www.alibabacloud.com/help/doc-detail/58932.htm#section-rhd-4ll-5gb). diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_disk.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_disk.md deleted file mode 100644 index 3c9a45d419..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_disk.md +++ /dev/null @@ -1,144 +0,0 @@ -+++ -title = "alicloud_disk Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_disk" -identifier = "inspec/resources/alicloud/alicloud_disk Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_disk` InSpec audit resource to test properties of a single Alicloud Elastic Block Storage (EBS) cloud disk. - -## Syntax - -Ensure a cloud disk exists - -```ruby -describe alicloud_disk('d-d7ohfbhzs8cli0iacz7j') do - it { should exist } -end -``` - -You may also use hash syntax to pass the disk name - -```ruby -describe alicloud_disk(disk_name: 'd-vol') do - it { should exist } -end -``` - -## Parameters - -This resource accepts a single parameter, either the cloud disk ID or name. Only one of these must be provided. - -`disk_id` _(required if `disk_name` not provided)_ - -: The disk ID which uniquely identifies the disk. - This can be passed as either a string, a `disk_id: 'value'` key-value entry in a hash, or an `id: 'value'` key-value entry in a hash. - (`id` is an alias for `disk_id`). - -`disk_name` _(required if `disk_id` not provided)_ - -: The disk name which uniquely identifies the disk. - This must be passed as a `disk_name: 'value'` key-value entry in a hash, or a `name: 'value'` key-value entry in a hash. - (`name` is an alias for `disk_name`). - -See also the [Alicloud documentation on cloud disks](https://www.alibabacloud.com/help/doc-detail/25383.htm). - -## Properties - -`id` -: The ID of the cloud disk. - -`name` -: The name of the cloud disk. - -`description` -: The description of the cloud disk. - -`size` -: The size of the cloud disk, in GiBs. - -`category` -: The category of the cloud disk. Valid values: cloud, cloud_efficiency, cloud_ssd, cloud_essd, local_ssd_pro, local_hdd_pro, ephemeral, ephemeral_ssd. - -`encrypted` -: Boolean that indicates whether the cloud disk was encrypted. - -`kms_key_id` -: The ID of the KMS key used by the cloud disk. - -`enable_auto_snapshot` -: Boolean that indicates whether the automatic snapshot policy feature was enabled for the cloud disk. - -`delete_auto_snapshot` -: Boolean that indicates whether automatic snapshots of the cloud disk are deleted when the disk is released. - -`delete_with_instance` -: Boolean that indicates whether the cloud disk is released when its associated instance is released. - -## Examples - -**Test that a cloud disk does not exist.** - -```ruby -describe alicloud_disk(disk_name: 'data_vol') do - it { should_not exist } -end -``` - -**Test that a cloud disk is encrypted.** - -```ruby -describe alicloud_disk(disk_name: 'secure_data_vol') do - it { should be_encrypted } -end -``` - -**Test that a cloud disk has the correct size.** - -```ruby -describe alicloud_disk(name: 'data_vol') do - its('size') { should cmp 32 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_disk(name: 'data_vol') do - it { should exist } -end -``` - -```ruby -describe alicloud_disk(name: 'data_vol') do - it { should_not exist } -end -``` - -#### be_encrypted - -The `be_encrypted` matcher tests if the described cloud disk is encrypted. - -```ruby -it { should be_encrypted } -``` - -### Alicloud Permissions - -{{% inspec-alicloud/alicloud_principal_action action="ecs:DescribeDisks" %}} - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_disks.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_disks.md deleted file mode 100644 index 6dba1c4e4d..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_disks.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "alicloud_disks Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_disks" -identifier = "inspec/resources/alicloud/alicloud_disks Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_disks` InSpec audit resource to test properties of a collection of Alicloud EBS cloud disks. - -Cloud disks are persistent block storage volumes for use with Alicloud ECS instances in the Alibaba Cloud. - -## Syntax - - Ensure you have exactly 3 cloud disks - -```ruby -describe alicloud_disks do - its('ids.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The IDs of the cloud disks. - -`names` -: The names of each cloud disk. - -`descriptions` -: The description of each cloud disk. - -`sizes` -: The size of each cloud disk, in GiBs. - -`categories` -: The category of each cloud disk. Valid values: cloud, cloud_efficiency, cloud_ssd, cloud_essd, local_ssd_pro, local_hdd_pro, ephemeral, ephemeral_ssd. - -`encrypted_disks` -: Boolean that indicates whether each cloud disk was encrypted. - -`kms_key_ids` -: The ID of the KMS key used by each cloud disk. - -`enable_auto_snapshot` -: Boolean that indicates whether the automatic snapshot policy feature was enabled for each cloud disk. - -`delete_auto_snapshot` -: Boolean that indicates whether automatic snapshots of the cloud disk are deleted when each disk is released. - -`delete_with_instance` -: Boolean that indicates whether each cloud disk is released when its associated instance is released. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a specific cloud disk exists.** - -```ruby -describe alicloud_disks do - its('ids') { should include 'd-a1b2c3d4e5f6g7h8' } -end -``` - -**Use the InSpec resource to request the IDs of all cloud disks, then test in-depth using `alicloud_disk` to ensure all volumes are encrypted, have a sensible size, and have snapshots enabled.** - -```ruby -alicloud_disks.ids.each do |disk_id| - describe alicloud_disk(disk_id: disk_id) do - it { should be_encrypted } - its('size') { should be > 10 } - its('enable_auto_snapshot') { should be true } - end -end -``` - -**Another way to check that enable auto snapshot is turned on for all disks.** - -```ruby -describe alicloud_disks.where(enable_auto_snapshot: false) do - it { should_not exist } - its('ids') { should cmp [] } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_ebs_volumes do - it { should exist } -end -``` - -```ruby -describe alicloud_ebs_volumes do - it { should_not exist } -end -``` - -### Alicloud Permissions - -{{% inspec-alicloud/alicloud_principal_action action="ecs:DescribeDisks" %}} - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ecs_instance.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ecs_instance.md deleted file mode 100644 index b16c0d097b..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ecs_instance.md +++ /dev/null @@ -1,183 +0,0 @@ -+++ -title = "alicloud_ecs_instance Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ecs_instance" -identifier = "inspec/resources/alicloud/alicloud_ecs_instance Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ecs_instance` InSpec audit resource to test properties of a single Alicloud ECS instance. - -## Syntax - -An `alicloud_ecs_instance` resource block declares the tests for a single Alicloud ECS instance by instance id. - -```ruby -describe alicloud_ecs_instance('i-01a2349e94458a507') do - it { should exist } -end -``` - -## Parameters - -`instance_id` _(required)_ - -: The ID of the ECS instance. This can be passed either as a string or as an `instance_id: 'value'` key-value entry in a hash. - -: ```ruby - describe alicloud_ecs_instance(instance_id: 'i-01a2349e94458a507') do - it { should exist } - end - ``` - -See also the [documentation on Alicloud ECS instances](https://www.alibabacloud.com/help/doc-detail/25374.htm?spm=a2c63.l28256.b99.60.36277453JrAX8s). - -## Properties - -`instance_id` -: The unique instance ID of the ECS instance. - -`instance_name` -: The name of the instance. - -`host_name` -: The host name of the instance. - -`description` -: The description of the instance. - -`memory` -: The memory size of the instance, in MiB. - -`cpu` -: The number of vCPUs. - -`instance_network_type` -: The network type of the instance: 'Classic' or 'VPC'. - -`public_ip_address` -: The public IP address of the instance. - -`eip_address` -: The Elastic IP address associated with the instance. - -`inner_ip_address` -: The internal IP address of the classic network-type instance. - -`expired_time` -: The expiration time of the instance, e.g. '2020-12-10T04:04Z'. - -`image_id` -: The ID of the image that the instance is running. - -`instance_type` -: The instance type of the instance, e.g. 'ecs.g5.large'. - -`vlan_id` -: The virtual local area network (VLAN) of the instance. - -`vpc_attributes` -: The VPC attributes of the instance. - -`status` -: The current state of the ECS Instance, for example 'running'. - -`io_optimized` -: Boolean that specifies whether the instance is I/O optimized. - -`zone_id` -: The zone ID of the instance. - -`cluster_id` -: The ID of the cluster to which the instance belongs. - -`stopped_mode` -: Indicates whether the instance continues to be billed after it is stopped: 'KeepCharging'/'StopCharging'/'Not-applicable'. - -`dedicated_host_attribute` -: Details about dedicated hosts: an array consiting of the DedicatedHostClusterId, DedicatedHostId, and DedicatedHostName parameters. - -`security_group_ids` -: The security group ids associated with the instance. - -`operation_locks` -: The reasons why the instance was locked. - -`instance_charge_type` -: The billing method of the instance: 'Prepaid' or 'Postpaid'. - -`internet_charge_type` -: The billing method of the EIP: 'PayByBandwidth' or 'PayByTraffic'. - -`internet_max_bandwidth_\out` -: The maximum outbound public bandwidth, in Mbit/s. - -`internet_max_bandwidth_in` -: The maximum outbound inbound bandwidth, in Mbit/s. - -`serial_number` -: The serial number of the instance. - -`creation_time` -: The time when the instance was created, e.g. '2020-12-10T04:04Z'. - -`region_id` -: The region ID of the instance. - -`credit_specification` -: The performance mode of the burstable instance: 'Standard' or 'Unlimited'. - -`deletion_protection` -: Boolean value which indicates whether you can delete the instance. - -`ram_roles` -: The RAM roles attached to the instance. - -## Examples - -**Test that an ECS instance is running, it is using the correct image ID, and its deletion protection is turned on.** - -```ruby -describe alicloud_ecs_instance('i-090c29e4f4c165b74') do - it { should be_running } - its('image_id') { should eq 'ubuntu_18_04_64_20G_alibase_20190624.vhd' } - its('deletion_protection') { should be true } -end -``` - -**Test that an ECS instance has exactly one RAM role attached.** - -```ruby -describe alicloud_ecs_instance('i-090c29e4f4c165b74') do - its('ram_roles.count') { should eq 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -### Alicloud Permissions - -Your Principal will need the `ecs:DescribeInstances`, `ecs:DescribeInstanceAttribute` and `ecs:DescribeInstanceRamRole` actions with Effect set to Allow. - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ecs_instances.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ecs_instances.md deleted file mode 100644 index 37c41f92dc..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ecs_instances.md +++ /dev/null @@ -1,219 +0,0 @@ -+++ -title = "alicloud_ecs_instances Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ecs_instances" -identifier = "inspec/resources/alicloud/alicloud_ecs_instances Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ecs_instances` InSpec audit resource to test properties of a collection of Alicloud ECS instances. - -## Syntax - -An `alicloud_ecs_instances` resource block declares the tests a collection of Alicloud ECS instances. - -```ruby -describe alicloud_ecs_instances - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`instance_ids` -: The unique instance IDs of the returned ECS instances. - -`instance_names` -: The names of the instances. - -`host_names` -: The host names of the instances. - -`descriptions` -: The descriptions of the instances. - -`memory` -: The memory sizes of the instances, in MiB. - -`cpus` -: The numbers of vCPUs the instances have. - -`cpu_options` -: The CPU options of the instances. - -`gpu_specs` -: The categories of GPU for the instance types. - -`image_ids` -: The IDs of the images that the instances are running. - -`instance_types` -: The instance types of the instances, e.g. 'ecs.g5.large'. - -`instance_type_families` -: The instance families of the instances. - -`io_optimized` -: Booleans that specify whether the instances are I/O optimized. - -`os_names` -: The names of the operating systems for the instances. - -`os_types` -: The types of operating systems for the instances: 'windows' or 'linux'. - -`instance_network_types` -: The network types of the instances: 'Classic' or 'VPC'. - -`public_ip_addresses` -: The public IP addresses of the instances. - -`inner_ip_addresses` -: The internal IP addresses of the instances. - -`eip_addresses` -: The Elastic IP addresses associated with the instances. - -`network_interfaces` -: The ENIs bound to the instances. - -`vlan_ids` -: The virtual local area network (VLAN) of the instance. - -`vpc_attributes` -: The VPC attributes of the instance. - -`internet_max_bandwidth_out` -: The maximum outbound public bandwidth, in Mbit/s. - -`internet_max_bandwidth_in` -: The maximum outbound inbound bandwidth, in Mbit/s. - -`instance_charge_types` -: The billing method of the instance: 'Prepaid' or 'Postpaid'. - -`internet_charge_types` -: The billing method of the EIP: 'PayByBandwidth' or 'PayByTraffic'. - -`spot_price_limits` -: Maximum hourly prices for the instances, accurate to 3 decimal places. - -`spot_strategies` -: The bidding policies for the preemptible instances: 'NoSpot'/'SpotWithPriceLimit'/'SpotAsPriceGo'. - -`sale_cycles` -: The billing cycles of the instances, e.g. 'month'. - -`creation_times` -: The time when the instance was created, e.g. '2020-12-10T04:04Z'. - -`start_times` -: The times when the instances were started. - -`expired_times` -: The expiration times of the instances. - -`auto_release_times` -: The automatic release times of pay-as-you-go instances. - -`statuses` -: The current state of the instances, for example 'running'. - -`stopped_modes` -: Indicates whether the instances continue to be billed after they are stopped: 'KeepCharging'/'StopCharging'/'Not-applicable'. - -`metadata_options` -: The metadata options of the instances. - -`zone_ids` -: The zone ID of the instances. - -`cluster_ids` -: The ID of the cluster to which the instance belongs. - -`security_group_ids` -: The security group ids associated with the instance. - -`deployment_set_ids` -: The IDs of the deployment sets of the instances. - -`serial_numbers` -: The serial number of the instances. - -`dedicated_instance_attributes` -: The attributes of the instances on dedicated hosts. - -`devices_available` -: Boolean value indicating whether data disks can be attached to the instances. - -`deletion_protection` -: Boolean value which indicates whether instances can be deleted. - -`ram_roles` -: The RAM roles attached to the instances. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure that you have less than 100 ECS instances.** - -```ruby -describe alicloud_ecs_instances do - its('instance_ids.count') { should be < 100 } -end -``` - -**Ensure that no instances have deletion protection turned off.** - -```ruby -describe alicloud_ecs_instances.where(deletion_protection: false) do - it { should not exist } -end -``` - -**Ensure that instances have exactly one RAM role attached.** - -```ruby -describe(alicloud_ecs_instances.where { ram_role.count != 1 }) do - it { should not exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_ecs_instances do - it { should exist } -end -``` - -```ruby -describe alicloud_ecs_instances do - it { should_not exist } -end -``` - -### Alicloud Permissions - -Your Principal will need the `ecs:DescribeInstances` and `ecs:DescribeInstanceRamRole` actions with Effect set to Allow. - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ims_user.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ims_user.md deleted file mode 100644 index 41b5bd3371..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ims_user.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "alicloud_ims_user Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_disk" -identifier = "inspec/resources/alicloud/alicloud_ims_user Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ims_user` InSpec audit resource to test properties of a single AliCloud IAM User information. - -## Syntax - -**Ensure an user exists** - -```ruby -describe alicloud_ims_user("USER_PRINCIPAL_NAME") do - it { should exist } -end -``` - -**You may also use hash syntax to pass the user principal name** - -```ruby -describe alicloud_ims_user(user_principal_name: "USER_PRINCIPAL_NAME") do - it { should exist } -end -``` - -## Parameters - -This resource accepts a single parameter, `user_principal_name`. - -`user_principal_name` _(required) - -: The user name of the IMS user. - -See also the [Alicloud documentation on cloud disks](https://www.alibabacloud.com/help/doc-detail/25383.htm). - -## Properties - -`status` -: The status of the IAM user. - -`update_date` -: The update date of the IAM user. - -`password_reset_required` -: The password reset required of the IAM user. It accepts boolean value. - -`user_principal_name` -: The user name of the IAM user. - -`mfa_bind_required` -: The mfa bind required of the IAM user. It accepts boolean value. - -## Examples - -**Test that an user does not exist.** - -```ruby -describe alicloud_ims_user("USER_PRINCIPAL_NAME") do - it { should_not exist } -end -``` - -**Test that an user is MFA bind.** - -```ruby -describe alicloud_ims_user("USER_PRINCIPAL_NAME") do - its('mfa_bind_required') { should eq true } -end -``` - -**Test that an user has an `ACTIVE` status.** - -```ruby -describe alicloud_ims_user("USER_PRINCIPAL_NAME") do - its('status') { should eq 'Active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test the entity should not exist. - -```ruby -describe alicloud_ims_user("USER_PRINCIPAL_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_ims_user("USER_PRINCIPAL_NAME") do - it { should_not exist } -end -``` - -### Alicloud Permissions - -{{% inspec-alicloud/alicloud_principal_action action="ims:GetLoginProfile" %}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_policies.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_policies.md deleted file mode 100644 index c7910ad042..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_policies.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "alicloud_ram_policies Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ram_policies" -identifier = "inspec/resources/alicloud/alicloud_ram_policies Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ram_policies` InSpec audit resource to test properties of a collection of Alicloud RAM Policies. - -## Syntax - -An `alicloud_ram_policies` resource returns a collection of RAM Policies and allows testing of that collection. - -```ruby -describe alicloud_ram_policies do - its('policy_names') { should include('test-policy-1') } -end -``` - -## Parameters - -`type` _(optional)_ - -: This resource allows filtering by PolicyType. - To list only Alicloud managed policies, set `type` to `System`. To list only the customer managed policies in your Alicloud account, set `type` to `Custom`. If type is not supplied, both types of policies are returned. - -`only_attached` _(optional)_ - -: This resource allows filtering by attached entities. - When `only_attached` is `true`, the returned list contains only the policies that are attached to a RAM user, group, or role. When `only_attached` is `false`, or when the parameter is not included, all policies of the specified type(s) (`System` and/or `Custom`) are returned, whether they are attached to any RAM users, groups, or roles, or not. - -`region` _(optional)_ - -: The Alicloud Region ID - see the [Alicloud documentation on Regions and Zones](https://www.alibabacloud.com/help/doc-detail/40654.htm). - If provided, it must be passed as `region: 'value'`. - If not provided, the `ALICLOUD_REGION` environment variable will be used. - -See also the [Alicloud documentation on RAM Policy](https://partners-intl.aliyun.com/help/doc-detail/93732.htm). - -## Properties - -`policy_names` -: The policy names. - -`default_versions` -: The 'default_version' value of each policy. - -`attachment_counts` -: The count of attached entities for each policy. - -`attached_groups` -: The list of group names of the groups attached to each policy. - -`attached_roles` -: The list of role names of the roles attached to each policy. - -`attached_users` -: The list of usernames of the users attached to each policy. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a policy exists.** - -```ruby -describe alicloud_ram_policies do - its('policy_names') { should include('test-policy-1') } -end -``` - -**Allow at most 100 RAM Policies on the account.** - -```ruby -describe alicloud_ram_policies do - its('entries.count') { should be <= 100} -end -``` - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_ram_policies.where( : ) do - it { should exist } -end -``` - -```ruby -describe alicloud_ram_policies.where( : ) do - it { should_not exist } -end -``` - -### Alicloud Permissions - -Your Principal will need the `ram:ListPolicies` and `ram:ListEntitiesForPolicy` actions with Effect set to Allow. - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_policy.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_policy.md deleted file mode 100644 index 54e63c7b6d..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_policy.md +++ /dev/null @@ -1,301 +0,0 @@ -+++ -title = "alicloud_ram_policy Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ram_policy" -identifier = "inspec/resources/alicloud/alicloud_ram_policy Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ram_policy` InSpec audit resource to test properties of a single managed Alicloud RAM Policy. - -## Syntax - -An `alicloud_ram_policy` resource block identifies a policy by policy name. - - # Find a policy by name -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess') do - it { should exist } -end -``` - -## Parameters - -This resource requires the `policy_name` to be provided. - -`policy_name` _(required)_ - -: The Policy Name which uniquely identifies the Policy. - It can be passed as a string if it is the only parameter, or using hash syntax, `policy_name: 'value'`. - -`type` _(optional)_ - -: The type of policy: 'System' or 'Custom'. - If provided, it must be passed as `type: 'value'` . - If not provided, both types of policies will be searched. - -`region` _(optional)_ - -: The Alicloud Region ID - see the [Alicloud documentation on Regions and Zones](https://www.alibabacloud.com/help/doc-detail/40654.htm). - If provided, it must be passed as `region: 'value'`. - If not provided, the `ALICLOUD_REGION` environment variable will be used. - -See also the [Alicloud documentation on RAM Policy](https://partners-intl.aliyun.com/help/doc-detail/93732.htm). - -## Properties - -`policy_name` -: The name of the specified policy. - -`attachment_count` -: The count of attached entities for the specified policy. - -`attached_groups` -: The list of group names of the groups attached to the policy. - -`attached_group_count` -: The count of attached groups for the specified policy. - -`attached_roles` -: The list of ARNs of the roles attached to the policy. - -`attached_role_count` -: The count of attached roles for the specified policy. - -`attached_users` -: The list of usernames of the users attached to the policy. - -`attached_user_count` -: The count of attached users for the specified policy. - -`default_version` -: The default version value of the specified policy. - -`policy_document` -: Returns the default version of the policy document after decoding as a Ruby hash. This hash contains the policy statements and is useful for performing checks that cannot be expressed using higher-level matchers like `have_statement`. - -`statement_count` -: Returns the number of statements present in the `policy`. - -## Examples - -**Test that a policy does exist.** - -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess', type: 'System') do - it { should exist } -end -``` - -**Test that a policy is attached to at least one entity.** - -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess') do - it { should be_attached } -end -``` - -**Examine the policy statements.** - -```ruby -describe alicloud_ram_policy(policy_name: 'my-policy', type: 'Custom') do -**Verify that there is at least one statement allowing access to OSS.** - - it { should have_statement(Action: 'oss:PutObject', Effect: 'allow') } -``` - -```ruby -**have_statement does not expand wildcards. If you want to verify.** -**they are absent, an explicit check is required.** - -it { should_not have_statement(Action: 'oss:*') } -``` - -```ruby -**You can also check NotAction.** - -it { should_not have_statement(NotAction: 'ram:*') } -``` - -```ruby -**Check number of statements in policy.** - -its('statement_count') { should be > 1 } - end -``` - -**Examine attached users, groups and roles.** - -```ruby -describe alicloud_ram_policy(policy_name: 'my-policy') do - it { should be_attached_to_user('user-1') } - its{'attached_users') { should include 'user-1' } -``` - -```ruby -it { should be_attached_to_group('group-1') } -its{'attached_groups') { should include 'group-1' } -``` - -```ruby -it { should be_attached_to_role('acs:ram::12345:role/role-1') } -its{'attached_roles') { should include 'acs:ram::12345:role/role-1' } -``` - -```ruby -its('attached_user_count') { should eq 5 } -its('attached_group_count') { should eq 1 } -its('attached_role_count') { should be > 0 } -its('attachment_count') { should be eq 7 } - end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -#### be_attached - -The test will pass if the identified policy is attached to at least one RAM user, group, or role. - -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess') do - it { should be_attached } -end -``` - -#### be_attached_to_group(GROUPNAME) - -The test will pass if the identified policy is attached to the specified group. - -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess') do - it { should be_attached_to_group(GROUPNAME) } -end -``` - -#### be_attached_to_user(USERNAME) - -The test will pass if the identified policy is attached to the specified user. - -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess') do - it { should be_attached_to_user(USERNAME) } -end -``` - -#### be_attached_to_role(ROLEARN) - -The test will pass if the identified policy is attached to the specified role ARN. - -```ruby -describe alicloud_ram_policy(policy_name: 'AliyunSupportFullAccess') do - it { should be_attached_to_role(ROLEARN) } -end -``` - -#### have_statement - -Examines the list of statements contained in the policy and passes if at least one of the statements matches. This matcher does _not_ interpret the policy in a request authorization context, as Alicloud does when a request processed. Rather, `have_statement` examines the literal contents of the RAM policy, and reports on what is present (or absent, when used with `should_not`). - -`have_statement` accepts the following criteria to search for matching statements. If any statement matches all the criteria, the test is successful. All keys in criteria may be used as Titlecase or lowercase, string or symbol. Values must be in the expected case. - -* `Action` - Expresses the requested operation. Acceptable literal values are any Alicloud operation name, including the '*' wildcard character. `Action` may also use a list of Alicloud operation names. -* `Effect` - Expresses if the operation is permitted. Acceptable values are 'Deny' and 'Allow'. -* `Sid` - A user-provided string identifier for the statement. -* `Resource` - Expresses the operation's target. Acceptable values are ARNs, including the '*' wildcard. `Resource` may also use a list of ARN values. - -Please note the following about the behavior of `have_statement`: -* `Action`, `Sid`, and `Resource` allow using a regular expression as the search critera instead of a string literal. -* It does not support wildcard expansion; to check for a wildcard value, check for it explicitly. For example, if the policy includes a statement with `"Action": "oss:*"` and the test checks for `Action: "oss:PutObject"`, the test _will not match_. You must write an additional test checking for the wildcard case. -* It supports searching list values. For example, if a statement contains a list of 3 resources, and a `have_statement` test specifes _one_ of those resources, it will match. -* `Action` and `Resource` allow using a list of string literals or regular expressions in a test, in which case _all_ must match on the _same_ statement for the test to match. Order is ignored. -* It does not support the Principal or Condition policy elements. - -Examples: - - # Verify there is no full-admin statement -```ruby -describe alicloud_ram_policy(policy_name: 'kryptonite') do - it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')} -end -``` - - # Symbols and lowercase also allowed as criteria -```ruby -describe alicloud_ram_policy(policy_name: 'kryptonite') do - # All 4 the same - it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')} - it { should_not have_statement('effect' => 'Allow', 'resource' => '*', 'action' => '*')} - it { should_not have_statement(Effect: 'Allow', Resource: '*', Action: '*')} - it { should_not have_statement(effect: 'Allow', resource: '*', action: '*')} -end -``` - - # Verify bob is allowed to manage things on OSS buckets that start with bobs-stuff -```ruby -describe alicloud_ram_policy(policy_name: 'bob-is-a-packrat') do - it { should have_statement(Effect: 'Allow', - # Using the Alicloud wildcard - this must match exactly - Resource: 'acs:oss:::bobs-stuff*', - # Specify a list of actions - all must match, no others, order isn't important - Action: ['oss:PutObject', 'oss:GetObject', 'oss:DeleteObject'])} -``` - -```ruby -# Bob would make new buckets constantly if we let him. -it { should_not have_statement(Effect: 'Allow', Action: 'oss:CreateBucket')} -it { should_not have_statement(Effect: 'Allow', Action: 'oss:*')} -it { should_not have_statement(Effect: 'Allow', Action: '*')} -``` - -```ruby -# An alternative to checking for wildcards is to specify the -# statements you expect, then restrict statement count -its('statement_count') { should cmp 1 } - end -``` - - # Use regular expressions to examine the policy -```ruby -describe alicloud_ram_policy(policy_name: 'regex-demo') do - # Check to see if anything mentions RDS at all. - # This catches `rds:CreateDBinstance` and `rds:*`, but would not catch '*'. - it { should_not have_statement(Action: /^rds:.+$/)} -``` - -```ruby -# This policy should refer to both sally and kim's OSS buckets. -# This will only match if there is a statement that refers to both resources. -it { should have_statement(Resource: [/acs:oss.+:sally/, /acs:oss.+:kim/]) } -# The following also matches on a statement mentioning only one of them -it { should have_statement(Resource: /acs:oss.+:(sally|kim)/) } - end -``` - -### Alicloud Permissions - -Your Principal will need the `ram:GetPolicy` and `ram:ListEntitiesForPolicy` actions with Effect set to Allow. - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_user.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_user.md deleted file mode 100644 index 7a4ef95358..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_user.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "alicloud_ram_user Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ram_user" -identifier = "inspec/resources/alicloud/alicloud_ram_user Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ram_user` InSpec audit resource to test properties of a single Alicloud RAM user. - -## Syntax - -An `alicloud_ram_user` resource block declares the tests for a single Alicloud RAM user by user name. - -```ruby -describe alicloud_ram_user(user_name: 'psmith') do - it { should exist } -end -``` - -## Parameters - -`user_name` _(required)_ - -: This resource accepts a single parameter, the RAM user's user name which uniquely identifies the user. - This can be passed either as a string or as a `user_name: 'value'` key-value entry in a hash. - -See also the [Alicloud documentation on RAM users](https://www.alibabacloud.com/help/doc-detail/122148.htm?spm=a2c63.p38356.b99.20.12456fb6z4r7Hz). - -## Properties - -`user_name` -: The RAM user's username. - -`user_id` -: The RAM user's unique ID. - -`display_name` -: The RAM user's display name. - -`comments` -: Comments about the user. - -`email` -: The RAM user's email address. - -`mobile_phone` -: The RAM user's mobile phone number. - -`create_date` -: The time when the RAM user was created. - -`update_date` -: The time when the information about the RAM user was last updated. - -`last_login_date` -: The time when the RAM user last logged on to the console using their password. - -`access_keys` -: An array of hashes each containing metadata about the user's access keys (active and inactive). - -`active_access_keys` -: An array of hashes each containing metadata about the user's active access keys. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Test that a RAM user does not exist.** - -```ruby -describe alicloud_ram_user(user_name: 'invalid-user') do - it { should_not exist } -end -``` - -**Ensure a RAM user has no active access keys.** - -```ruby -describe alicloud_ram_user('psmith') do - it { should exist } - it { should not have_active_access_key } - its('active_access_keys.count') { should eq 0 } -end -``` - -**Ensure a RAM user has 0 or 1 active access keys.** - -```ruby -describe alicloud_ram_user('psmith') do - its('active_access_keys.count') { should be <= 1 } -end -``` - -**Ensure that a RAM user does not have both console access and active access key(s).** - -```ruby -describe alicloud_ram_user('psmith') do - it { should_not have_console_and_key_access } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -#### has_console_access - -This will check whether the requested user has a login profile for console access. - -```ruby -it { should have_console_access } -``` - -#### has_active_access_key - -This will check whether the requested user has at least one active access key and secret key. - -```ruby -it { should have_active_access_key } -``` - -#### has_console_and_key_access - -This will check whether the requested user has a login profile for console access, as well as at least one active access key/secret key pair. - -### Alicloud Permissions - -Your Principal will need the following permissions action with Effect set to Allow: `ram:Getuser`, `ram:GetLoginProfile`, `ram:ListAccessKeys`. - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_user_mfa.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_user_mfa.md deleted file mode 100644 index 5131e0c12f..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_user_mfa.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "alicloud_ram_user_mfa Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ram_user_mfa" -identifier = "inspec/resources/alicloud/alicloud_ram_user_mfa Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ram_user_mfa` InSpec audit resource to test properties of a single Alicloud RAM user's MFA settings. - -## Syntax - -An `alicloud_ram_user_mfa` resource block declares the tests for a single Alicloud RAM user's MFA settings by user name. - -```ruby -describe alicloud_ram_user_mfa(user_name: 'rpatel') do - it { should exist } -end -``` - -## Parameters - -`user_name` _(required)_ - -: This resource accepts a single parameter, the RAM user's username which uniquely identifies the user. - This can be passed either as a string or as a `user_name: 'value'` key-value entry in a hash. - -See also the [Alicloud documentation on RAM users](https://www.alibabacloud.com/help/doc-detail/122148.htm?spm=a2c63.p38356.b99.20.12456fb6z4r7Hz). - -## Properties - -`user_name` -: The RAM user's username. - -`serial_number` -: The serial number of the RAM User's MFA device. - -`type` -: The MFA type (VMFA: virtual NFA device, or U2F: Universal 2nd Factor security key). - -## Examples - -The following example shows how to use this InSpec audit resource. - -**Test that a user has MFA configured.** - -```ruby -describe alicloud_ram_user_mfa(user_name: 'jakobp') do - it { should exist } - its('serial_number') { should eq 'acs:ram::1234567890123456:mfa/jakobp' } - its('type') { should eq 'VMFA' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -it { should exist } -``` - -Use `should_not` to test the entity should not exist. - -```ruby -it { should_not exist } -``` - -### Alicloud Permissions - -{{% inspec-alicloud/alicloud_principal_action action="ram:GetUserMFAInfo" %}} - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_users.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_users.md deleted file mode 100644 index a734f4719e..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/alicloud_ram_users.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "alicloud_ram_users Resource" -platform = "alicloud" -draft = false -gh_repo = "inspec-alicloud" - -[menu.inspec] -title = "alicloud_ram_users" -identifier = "inspec/resources/alicloud/alicloud_ram_users Resource" -parent = "inspec/resources/alicloud" -+++ - -Use the `alicloud_ram_users` InSpec audit resource to test properties of some or all Alicloud RAM users. - - -## Syntax - -An `alicloud_ram_users` resource block returns all RAM users and allows the testing of that group of RAM users. - -```ruby -describe alicloud_ram_users do - its('user_names') { should include 'payroll-admin' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`user_names` -: The user names of the returned RAM users. - -`user_ids` -: The unique IDs of the returned RAM users. - -`display_names` -: Display names of the returned RAM users. - -`comments` -: Comments about the returned RAM users. - -`create_dates` -: The times when the returned RAM users were created. - -`update_dates` -: The times when the information about the returned RAM users was last updated. - -`access_keys` -: An array of hashes each containing metadata about a user's access keys (active and inactive). - -`active_access_keys` -: An array of hashes each containing metadata about a user's active access keys. - -`has_access_key` -: Boolean indicating whether each user has any access keys or not. - -`has_active_access_key` -: Boolean indicating whether each user has any active access keys or not. - -`has_console_access` -: Boolean indicating whether each user has console access. - -`has_console_and_key_access` -: Boolean indicating whether each user has both console access as well as one or more active access keys. - -`has_mfa_enabled` -: Boolean indicating whether each user has MFA enabled or not. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure there are no RAM users who do not have MFA enabled.** - -```ruby -describe alicloud_ram_users.where(has_mfa_enabled: false) do - it { should_not exist } -**less readable test, but it gives better output.** - -end -``` - -**Ensure there are no RAM users who have console access and do not have MFA enabled.** - -```ruby -alicloud_ram_users.where(has_console_access: true).user_names.each do |u| - describe alicloud_ram_user_mfa(u) do - it { should exist } - end -end -``` - -**Ensure there are no RAM users with console access and one or more active access keys.** - -```ruby -describe alicloud_ram_users.where(has_console_and_key_access: true) do - its('user_names') { should be_empty } -end -``` - -```ruby -or -``` - -```ruby -alicloud_ram_users.where { active_access_keys.count > 0 }.user_names.each do |u| - describe alicloud_ram_user(u) do - its('has_console_access') { should be false } - end -end -``` - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe alicloud_ram_users.where( : ) do - it { should exist } -end -``` - -```ruby -describe alicloud_ram_users.where( : ) do - it { should_not exist } -end -``` - -### Alicloud Permissions - -Your Principal will need the following permissions action with Effect set to Allow: `ram:Listusers`, `ram:GetLoginProfile`, `ram:ListAccessKeys`, `ram:GetUserMFAInfo` - -{{< readfile file="content/inspec/resources/reusable/md/alibaba_access_management_doc.md" >}} -{{< readfile file="content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md" >}} diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/index.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/index.md deleted file mode 100644 index 41de90ae49..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/index.md +++ /dev/null @@ -1,5 +0,0 @@ -+++ -headless = true -## headless = true makes this directory a headless bundle. -## See https://gohugo.io/content-management/page-bundles/#headless-bundle -+++ diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_access_management_doc.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_access_management_doc.md deleted file mode 100644 index eb904e0d9b..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_access_management_doc.md +++ /dev/null @@ -1,2 +0,0 @@ - -See the [Alibaba Cloud Resource Access Management documentation](https://www.alibabacloud.com/help/doc-detail/57445.htm?spm=a2c63.p38356.b99.12.51ef1b28W18VZd). diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md deleted file mode 100644 index e7f5702d58..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_authentication_ecs_api_doc.md +++ /dev/null @@ -1,2 +0,0 @@ - -See the [documentation on authentication rules for ECS APIs](https://partners-intl.aliyun.com/help/doc-detail/25497.htm?spm=a2c63.p38356.b99.657.7b9f3481VdEA4g). diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md deleted file mode 100644 index 2ceda0b6d7..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/content/inspec/resources/reusable/md/alibaba_authentication_ram_api_doc.md +++ /dev/null @@ -1,2 +0,0 @@ - -See the [documentation on authentication to RAM APIs](https://partners-intl.aliyun.com/help/doc-detail/102666.htm). diff --git a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/layouts/shortcodes/inspec-alicloud/alicloud_principal_action.md b/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/layouts/shortcodes/inspec-alicloud/alicloud_principal_action.md deleted file mode 100644 index 75a443a349..0000000000 --- a/_vendor/github.com/inspec/inspec-alicloud/docs-chef-io/layouts/shortcodes/inspec-alicloud/alicloud_principal_action.md +++ /dev/null @@ -1,2 +0,0 @@ - -Your Principal will need the `{{ .Get "action" }}` action with `Effect` set to `Allow`. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/assets/release-notes/inspec-aws/release-dates.json b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/assets/release-notes/inspec-aws/release-dates.json deleted file mode 100644 index f476510cec..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/assets/release-notes/inspec-aws/release-dates.json +++ /dev/null @@ -1,7 +0,0 @@ -[ - "2021-10-01", - "2021-10-13", - "2021-11-08", - "2021-11-30", - "2022-01-07" -] diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/config.toml b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/config.toml deleted file mode 100644 index 23ba27adee..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[params.inspec-aws] -gh_path = "https://github.com/inspec/inspec-aws/tree/main/docs-chef-io/content/" diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_alb.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_alb.md deleted file mode 100644 index 765ddc8746..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_alb.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "aws_alb Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_alb" -identifier = "inspec/resources/aws/aws_alb Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_alb` InSpec audit resource to test properties of a single AWS Application Load Balancer (ALB). - -For additional information, including details on parameters and properties, see the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_alb` exists - -```ruby -describe aws_alb('arn:aws:elasticloadbalancing') do - it { should exist } -end -``` - -```ruby -describe aws_alb(load_balancer_arn: 'arn:aws:elasticloadbalancing') do - it { should exist } -end -``` - -## Parameters - -`load_balancer_arn` _(required)_ - -: This resource accepts a single parameter, the ALB Arn which uniquely identifies the ALB. - This can be passed either as a string or as a `load_balancer_arn: 'value'` key-value entry in a hash. - -## Properties - -`load_balancer_name` -: The name of the load balancer. - -`load_balancer_addresses` -: A collectionm of the load balancer addresses. - -`canonical_hosted_zone_id` -: The ID of the Amazon Route 53 hosted zone for the load balancer. - -`dns_name` -: The DNS name of the load balancer. - -`availability_zones` -: The Availability Zones for the load balancer. - -`security_groups` -: The security groups for the load balancer. Valid only for load balancers in a VPC. - -`scheme` -: The type of load balancer. Valid only for load balancers in a VPC. - -`state` -: The state of the load balancer. - -`subnets` -: A collection of the subnet ids. - -`type` -: The type of the load balancer. - -`access_log_enabled` -: Whether the access log for the load balancer is enabled. - -`vpc_id` -: The ID of the VPC for the load balancer. - -`zone_names` -: A collection of the names of the availability zones. - -`listeners` -: A collection of the listeners for the load balancer. - -`ssl_policies` -: A list of the SSL Policies configured for the listeners of the load balancer. - -`external_ports` -: A list of the ports configured for the listeners of the load balancer. - -`protocols` -: A list of the protocols configured for the listeners of the load balancer. - -## Examples - -**Test that an ALB has its availability zones configured correctly.** - -```ruby -describe aws_alb('arn::alb') do - its('zone_names.count') { should be > 1 } - its('zone_names') { should include 'us-east-2a' } - its('zone_names') { should include 'us-east-2b' } -end -``` - -**Test whether the access log is enabled for the Application Load Balancer.** - -```ruby -describe aws_alb('load_balancer_arn::alb') do - it { should exist } - its ('access_log_enabled') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_alb('AnExistingALB') do - it { should exist } -end -``` - -```ruby -describe aws_alb('ANonExistentALB') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancing:Client:DescribeLoadBalancers" %}} - -You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_albs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_albs.md deleted file mode 100644 index 9596d9b8de..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_albs.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_albs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_albs" -identifier = "inspec/resources/aws/aws_albs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_albs` InSpec audit resource to test the configuration of a collection of Application Load Balancers. - -For additional information, including details on parameters and properties, see the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_albs` exists - -```ruby -describe aws_albs do - its('load_balancer_arns') { should include 'arn:aws:elasticloadbalancing' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`load_balancer_names` -: The names of the load balancers. - -`load_balancer_addresses` -: A collection of the load balancers addresses. - -`canonical_hosted_zone_ids` -: The IDs of the Amazon Route 53 hosted zone for the load balancers. - -`dns_names` -: The DNS names of the load balancers. - -`availability_zones` -: The Availability Zones for the load balancers. - -`security_groups` -: The security groups for the load balancers. Valid only for load balancers in a VPC. - -`schemes` -: The types of load balancers. Valid only for load balancers in a VPC. - -`states` -: The states of the load balancers. - -`subnets` -: A collection of the subnet ids. - -`types` -: The types of the load balancers. - -`vpc_ids` -: The IDs of the VPCs for the load balancers. - -`zone_names` -: A collection of the names of the availability zones. - -## Examples - -**Test that an ALB has its availability zones configured correctly.** - -```ruby -describe aws_alb('arn::alb') do - its('zone_names.count') { should be > 1 } - its('zone_names') { should include 'us-east-2a' } - its('zone_names') { should include 'us-east-2b' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_albs do - it { should exist } - its('availability_zones') { should_not include 'us-east-1a'} -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancing:Client:DescribeLoadBalancers" %}} - -You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ami.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ami.md deleted file mode 100644 index 95b5edc459..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ami.md +++ /dev/null @@ -1,174 +0,0 @@ -+++ -title = "aws_ami Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ami" -identifier = "inspec/resources/aws/aws_ami Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ami` InSpec audit resource to test properties of a single AWS AMI. - -For additional information, including details on parameters and properties, see the [AWS documentation on EC2 Amazon Machine Images](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ami` resource block declares the tests for a single AWS AMI by image id. - -```ruby -describe aws_ami(image_id: 'aki-2349e94458a507') do - it { should exist } -end -``` - -## Parameters - -`image_id` _(required)_ - -: This resource accepts a single parameter, the AMI Image ID. - This can be passed either as a string or as a `image_id: 'value'` key-value entry in a hash. - -## Properties - -`architecture` -: The architecture of the image. - -`creation_date` -: The date and time the image was created. - -`image_id` -: The ID of the AMI. - -`image_location` -: The location of the AMI. - -`image_type` -: The type of image. - -`public` -: Indicates whether the image has public launch permissions. - -`kernel_id` -: The kernel associated with the image, if any. Only applicable for machine images. - -`owner_id` -: The AWS account ID of the image owner. - -`platform` -: This value is set to windows for Windows AMIs; otherwise, it is blank. - -`platform_details` -: The platform details associated with the billing code of the AMI. - -`usage_operation` -: The operation of the Amazon EC2 instance and the billing code that is associated with the AMI. - -`product_codes` -: Any product codes associated with the AMI. - -`ramdisk_id` -: The RAM disk associated with the image, if any. Only applicable for machine images. - -`state` -: The state of the AMI. - -`block_device_mappings` -: Any block device mapping entries. - -`description` -: The description of the AMI that was provided during image creation. - -`ena_support` -: Specifies whether enhanced networking with ENA is enabled. - -`hypervisor` -: The hypervisor type of the image. - -`image_owner_alias` -: The AWS account alias or the AWS account ID of the AMI owner. - -`name` -: The name of the AMI that was provided during image creation. - -`root_device_name` -: The device name of the root device volume. - -`root_device_type` -: The type of root device used by the AMI. - -`sriov_net_support` -: Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. - -`state_reason` -: Provides the reason for the state change. - -`tags` -: Provides any tags assigned to the image. - -`virtualization_type` -: The type of virtualization of the AMI. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Image.html) - -## Examples - -**Check if an AMI is public.** - -```ruby -describe aws_ami(image_id: 'aki-25348fd4323') do - it { should be_public } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_public - -The `be_public` matcher tests if the AMI has public launch permissons. - -```ruby -describe aws_ami(image_id: 'aki-1234') do - it { should be_public } -end -``` - -```ruby -describe aws_ami(image_id: 'aki-6789') do - it { should_not be_public } -end -``` - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ami(image_id: 'aki-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ami(image_id: 'aki-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeImages" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amis.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amis.md deleted file mode 100644 index fcb4af4def..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amis.md +++ /dev/null @@ -1,219 +0,0 @@ -+++ -title = "aws_amis Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_amis" -identifier = "inspec/resources/aws/aws_amis Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_amis` InSpec audit resource to test properties of some or all AWS AMIs. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 AMIs available to you. - -```ruby -describe aws_amis(all_amis: 'true') do - its('image_ids.count') { should cmp 3 } -end -``` - - Check if you have a public AMI for the Linux/UNIX platform available to you. - -```ruby -describe aws_amis(is_public: 'true', platform_details: 'Linux/UNIX') do - it { should exist } -end -``` - -## Parameters - -This resource must be provided with the parameter 'all_amis' (returns ALL AMIs available to you) OR a combination of the following. - -`all_amis` _(optional)_ - -: _OR_ - -`architecture` _(optional)_ - -`creation_date` _(optional)_ -`image_id` _(optional)_ -`image_type` _(optional)_ -`is_public` _(optional)_ -`kernel_id` _(optional)_ -`owner_id` _(optional)_ -`owners` _(optional)_ - -: - Scopes the results to images with the specified owners. You can specify a combination of AWS account IDs, `self`, `amazon`, and `aws-marketplace`. - ```ruby - If you omit this parameter, the results include all images for which you have launch permissions, regardless of ownership. - ``` -`owner_alias` _(optional)_ -`platform` _(optional)_ - -`product_code` _(optional)_ -`platform_details` _(optional)_ -`usage_operation` _(optional)_ -`ramdisk_id` _(optional)_ -`state` _(optional)_ - -`state_reason_code` _(optional)_ -`state_reason_message` _(optional)_ -`description` _(optional)_ - -`ena_support` _(optional)_ -`hypervisor` _(optional)_ - -`name` _(optional)_ - -`root_device_name` _(optional)_ -`root_device_type` _(optional)_ -`sriov_net_support` _(optional)_ -`virtualization_type` _(optional)_ - -: This can be passed either as a string or as a `all_amis: 'value'` key-value entry in a hash. - -## Properties - -`architectures` -: The architecture of the image. - -`creation_dates` -: The date and time the image was created. - -`image_ids` -: The ID of the AMI. - -`image_locations` -: The location of the AMI. - -`image_types` -: The type of image. - -`public` -: Indicates whether the image has public launch permissions. - -`kernel_ids` -: The kernel associated with the image, if any. Only applicable for machine images. - -`owner_ids` -: The AWS account ID of the image owner. - -`platforms` -: This value is set to windows for Windows AMIs; otherwise, it is blank. - -`platform_details` -: The platform details associated with the billing code of the AMI. - -`usage_operations` -: The operation of the Amazon EC2 instance and the billing code that is associated with the AMI. - -`product_codes` -: Any product codes associated with the AMI. - -`ramdisk_ids` -: The RAM disk associated with the image, if any. Only applicable for machine images. - -`states` -: The state of the AMI. - -`block_device_mappings` -: Any block device mapping entries. - -`descriptions` -: The description of the AMI that was provided during image creation. - -`ena_support` -: Specifies whether enhanced networking with ENA is enabled. - -`hypervisors` -: The hypervisor type of the image. - -`image_owner_alias` -: The AWS account alias or the AWS account ID of the AMI owner. - -`names` -: The name of the AMI that was provided during image creation. - -`root_device_names` -: The device name of the root device volume. - -`root_device_types` -: The type of root device used by the AMI. - -`sriov_net_supports` -: Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. - -`state_reasons` -: Provides the reason for the state change. - -`tags` -: Provides any tags assigned to the image. - -`virtualization_types` -: The type of virtualization of the AMI. - -## Examples - -**Ensure ID of an AMI exists.** - -```ruby -describe aws_amis(all_amis: 'true') do - its('image_ids') { should include 'image-id-43542' } -end -``` - -**Interrogate AMIs Belong to the Current User Only.** - -```ruby -describe aws_amis(owners: 'self') do - its('owner_ids.uniq.size') { should be 1 } - its('owner_ids.uniq.first') { should eq 12345678 } -end -``` - -**Interrogate AMIs Belong to the Current User and the Amazon.** - -```ruby -describe aws_amis(owners: ['self', 'amazon']) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_amis(all_amis: 'true').where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_amis(all_amis: 'true').where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeImages" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_app.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_app.md deleted file mode 100644 index f5d1c1a682..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_app.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_amplify_app resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_amplify_app" -identifier = "inspec/resources/aws/aws_amplify_app resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_amplify_app` InSpec audit resource to test the properties of a single specific AWS Amplify app. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Amplify App](https://docs.aws.amazon.com/amplify/latest/APIReference/API_App.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS Amplify App exists. - -```ruby -describe aws_amplify_app(app_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ - -: The unique ID of the Amplify app. - -## Properties - -`app_arn` -: The Amazon Resource Name (ARN) of the Amplify app. - -`app_id` -: The unique ID of the Amplify app. - -`app_arn` -: The app's Amazon Resource app_id (ARN). - -`name` -: The name for the Amplify app. - -`description` -: The description for the Amplify app. - -`repository` -: The repository for the Amplify app. - -`platform` -: The platform for the Amplify app. - -`create_time` -: Creates a date and time for the Amplify app. - -`update_time` -: Updates the date and time for the Amplify app. - -`environment_variables` -: The environment variables for the Amplify app. - -`pending_engine_versions` -: The app engine version to upgrade to. - -`default_domain` -: The default domain for the Amplify app. - -`enable_branch_auto_build` -: Automatically disconnect a branch in the Amplify Console when you delete a branch from your Git repository. - -`enable_basic_auth` -: Enables basic authorization for the Amplify app's branches. - -## Examples - -**Ensure a app ID is available.** - -```ruby -describe aws_amplify_app(app_id: 'APP_ID') do - its('app_id') { should eq 'APP_ID' } -end -``` - -**Ensure a app name is available.** - -```ruby -describe aws_amplify_app(app_id: 'APP_ID') do - its('app_name') { should eq 'APP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_amplify_app(app_id: 'APP_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_amplify_app(app_id: 'APP_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the Amplify App is available. - -```ruby -describe aws_amplify_app(app_id: 'APP_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Amplify:Client:GetAppResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_apps.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_apps.md deleted file mode 100644 index 9f7ec4b48a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_apps.md +++ /dev/null @@ -1,162 +0,0 @@ -+++ -title = "aws_amplify_apps resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_amplify_apps" -identifier = "inspec/resources/aws/aws_amplify_apps resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_amplify_apps` InSpec audit resource to test the properties of Multiple AWS Amplify apps. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Amplify App](https://docs.aws.amazon.com/amplify/latest/APIReference/API_App.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS Amplify app exists. - -```ruby -describe aws_amplify_apps do - it { should exist } -end -``` - - -## Parameters - -This resource does not require any parameters. - -## Properties - -`app_arns` -: The Amazon Resource Name (ARN) of the Amplify app. - -: **Field**: `app_arn` - -`app_ids` -: The unique ID of the Amplify app. - -: **Field**: `app_id` - -`app_arns` -: The app's Amazon Resource app_id (ARN). - -: **Field**: `app_arn` - -`names` -: The name for the Amplify app. - -: **Field**: `name` - -`description` -: The description for the Amplify app. - -: **Field**: `description` - -`repositories` -: The repository for the Amplify app. - -: **Field**: `repository` - -`platforms` -: The platform for the Amplify app. - -: **Field**: `platform` - -`create_time` -: Creates a date and time for the Amplify app. - -: **Field**: `create_time` - -`update_time` -: Updates the date and time for the Amplify app. - -: **Field**: `update_time` - -`environment_variables` -: The environment variables for the Amplify app. - -: **Field**: `environment_variables` - -`pending_engine_versions` -: The app engine version to upgrade to. - -: **Field**: `pending_engine_version` - -`default_domains` -: The default domain for the Amplify app. - -: **Field**: `default_domain` - -`enable_branch_auto_build` -: Automatically disconnect a branch in the Amplify Console when you delete a branch from your Git repository. - -: **Field**: `enable_branch_auto_build` - -`enable_basic_auth` -: Enables basic authorization for the Amplify app's branches. - -: **Field**: `enable_basic_auth` - -## Examples - -**Ensure a app ID is available.** - -```ruby -describe aws_amplify_apps do - its('app_ids') { should include 'app_id' } -end -``` - -**Ensure a app name is available.** - -```ruby -describe aws_amplify_apps do - its('app_names') { should include 'app_name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `List` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_amplify_apps do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_amplify_apps do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the Amplify App is available. - -```ruby -describe aws_amplify_apps do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Amplify:Client:ListAppsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_branch.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_branch.md deleted file mode 100644 index b1ddbadcfd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_branch.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_amplify_branch resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_amplify_branch" -identifier = "inspec/resources/aws/aws_amplify_branch resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_amplify_branch` InSpec audit resource to test the properties of a single specific AWS Amplify Branch. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Amplify Branch](https://docs.aws.amazon.com/amplify/latest/APIReference/API_App.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS Amplify Branch exists. - -```ruby -describe aws_amplify_branch(app_id: 'APP_ID', branch_name: 'BRANCH_NAME') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ - -: The unique ID for an Amplify app. - -`branch_name` _(required)_ - -: The name for the branch that is part of an Amplify app. - -## Properties - -`branch_arn` -: The Amazon Resource Name (ARN) for a branch that is part of an Amplify app. - -`branch_name` -: The name for the branch that is part of an Amplify app. - -`description` -: The description for the branch that is part of an Amplify app. - -`tags` -: The tag for the branch of an Amplify app. - -`stage` -: The current stage for the branch that is part of an Amplify app. - -`display_name` -: The display_name for the Amplify Branch. - -`platform` -: The platform for the Amplify Branch. - -`create_time` -: Creates a date and time for the Amplify Branch. - -`update_time` -: Updates the date and time for the Amplify Branch. - -`environment_variables` -: The environment variables for the Amplify Branch. - -`enable_pull_request_preview` -: The app engine version to upgrade to. - -`custom_domain` -: The custom domain for the Amplify Branch. - -`pull_request_environment_name` -: Automatically disconnect a branch in the Amplify Console when you delete a branch from your Git repository. - -`enable_basic_auth` -: Enables basic authorization for the Amplify Branch's branches. - -## Examples - -**Ensure a branch arn is available.** - -```ruby -describe aws_amplify_branch(app_id: 'APP_ID', branch_name: 'BRANCH_NAME') do - its('branch_arn') { should eq 'BRANCH_ARN' } -end -``` - -**Ensure a branch name is available..** - -```ruby -describe aws_amplify_branch(app_id: 'APP_ID', branch_name: 'BRANCH_NAME') do - its('branch_name') { should eq 'BRANCH_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_amplify_branch(app_id: 'APP_ID', branch_name: 'BRANCH_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_amplify_branch(app_id: 'APP_ID', branch_name: 'BRANCH_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the Amplify Branch is available. - -```ruby -describe aws_amplify_branch(app_id: 'APP_ID', branch_name: 'BRANCH_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Amplify:Client:GetBranchResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_branches.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_branches.md deleted file mode 100644 index 468bc96e15..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_amplify_branches.md +++ /dev/null @@ -1,163 +0,0 @@ -+++ -title = "aws_amplify_branches resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_amplify_branches" -identifier = "inspec/resources/aws/aws_amplify_branches resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_amplify_branches` InSpec audit resource to test the properties of multiple AWS Amplify branches. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Amplify branch](https://docs.aws.amazon.com/amplify/latest/APIReference/API_App.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS Amplify branch exists. - -```ruby -describe aws_amplify_branches(app_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ - -: The unique ID for an Amplify app. - -## Properties - -`branch_arns` -: The Amazon Resource Name (ARN) for a branch that is part of an Amplify app. - -: **Field**: `branch_arn` - -`branch_names` -: The name for the branch that is part of an Amplify app. - -: **Field**: `branch_name` - -`descriptions` -: The description for the branch that is part of an Amplify app. - -: **Field**: `description` - -`tags` -: The tag for the branch of an Amplify app. - -: **Field**: `tags` - -`stage` -: The current stage for the branch that is part of an Amplify app. - -: **Field**: `stage` - -`display_names` -: The display_name for the Amplify branch. - -: **Field**: `display_name` - -`platforms` -: The platform for the Amplify branch. - -: **Field**: `platform` - -`create_time` -: Creates a date and time for the Amplify branch. - -: **Field**: `create_time` - -`update_time` -: Updates the date and time for the Amplify branch. - -: **Field**: `update_time` - -`environment_variables` -: The environment variables for the Amplify branch. - -: **Field**: `environment_variables` - -`enable_pull_request_preview` -: The app engine version to upgrade to. - -: **Field**: `enable_pull_request_preview` - -`custom_domains` -: The custom domain for the Amplify branch. - -: **Field**: `custom_domain` - -`pull_request_environment_names` -: Automatically disconnect a branch in the Amplify Console when you delete a branch from your Git repository. - -: **Field**: `pull_request_environment_name` - -`enable_basic_auth` -: Enables basic authorization for the Amplify branch's branches. - -: **Field**: `enable_basic_auth` - -## Examples - -**Ensure a branch ID is available.** - -```ruby -describe aws_amplify_branches(app_id: 'APP_ID') do - its('branch_arns') { should include 'BranchARN' } -end -``` - -**Ensure a branch name is available.** - -```ruby -describe aws_amplify_branches(app_id: 'APP_ID') do - its('branch_names') { should include 'BranchName' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_amplify_branches(app_id: 'APP_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_amplify_branches(app_id: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the Amplify branch is available. - -```ruby -describe aws_amplify_branches(app_id: 'APP_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Amplify:Client:ListBranchesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_deployment.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_deployment.md deleted file mode 100644 index 955cffa007..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_deployment.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_api_gateway_deployment Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_deployment" -identifier = "inspec/resources/aws/aws_api_gateway_deployment Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_deployment` InSpec audit resource to test properties of a single AWS ApiGateway Deployment. - -The AWS::ApiGateway::Deployment resource deploys an API Gateway RestApi resource to a stage so that clients can call the API over the internet. The stage acts as an environment. - -For additional information, including details on parameters and properties, see the [AWS ApiGateway Deployment documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-deployment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the deployment exists. - -```ruby -describe aws_api_gateway_deployment(rest_api_id: 'REST_API_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated RestApi. - -`deployment_id` _(required)_ - -: The identifier of the deployment resource to get information about. - -## Properties - -`id` -: The identifier for the deployment resource. - -`description` -: The description for the deployment resource. - -`created_date` -: The date and time that the deployment resource was created. - -`api_summary` -: A summary of the RestAPI at the date and time that the deployment resource was created. - -`api_summary (authorization_type)` -: The method's authorization type. Valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, `CUSTOM` for using a custom authorizer, or `COGNITO_USER_POOLS` for using a Cognito user pool. - -`api_summary (api_key_required)` -: Specifies whether the method requires a valid ApiKey . - -## Examples - -**Ensure that the deployment ID exists.** - -```ruby -describe aws_api_gateway_deployment(rest_api_id: 'REST_API_ID', deployment_id: 'DEPLOYMENT_ID') do - its('id') { should eq 'DEPLOYMENT_IDENTIFIER' } -end -``` - -**Check whether the API key is required for a particular deployment.** - -```ruby -describe aws_api_gateway_deployment(rest_api_id: 'REST_API_ID', deployment_id: 'DEPLOYMENT_ID') do - its('api_summary.api_key_required') { should eq false } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_deployment(rest_api_id: 'REST_API_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_deployment(rest_api_id: 'REST_API_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_api_gateway_deployment(rest_api_id: 'REST_API_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Deployment" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_deployments.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_deployments.md deleted file mode 100644 index f71ef9b353..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_deployments.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "aws_api_gateway_deployments Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_deployments" -identifier = "inspec/resources/aws/aws_api_gateway_deployments Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_deployments` InSpec audit resource to test properties of multiple AWS ApiGateway Deployments. - -The AWS::ApiGateway::Deployment resource deploys an API Gateway RestAPI resource to a stage so that clients can call the API over the internet. The stage acts as an environment. - -For additional information, including details on parameters and properties, see the [AWS ApiGateway Deployment documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-deployment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the deployment exists. - -```ruby -describe aws_api_gateway_deployments(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -## Properties - -`ids` -: The identifier for the deployment resource. - -`descriptions` -: The description for the deployment resource. - -`created_dates` -: The date and time that the deployment resource was created. - -`api_summaries` -: A summary of the RestApi at the date and time that the deployment resource was created. - -## Examples - -**Ensure that the deployment ID exists.** - -```ruby -describe aws_api_gateway_deployments(rest_api_id: 'REST_API_ID') do - its('ids') { should include 'DEPLOYMENT_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_deployments(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_deployments(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the deployment is available. - -```ruby -describe aws_api_gateway_deployments(rest_api_id: 'REST_API_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client::Deployments" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_part.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_part.md deleted file mode 100644 index 3f0c8ec3ad..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_part.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_api_gateway_documentation_part Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_documentation_part" -identifier = "inspec/resources/aws/aws_api_gateway_documentation_part Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_documentation_part` InSpec audit resource to test properties of a single documentation part for an AWS API Gateway. - -The `AWS::ApiGateway::DocumentationPart` resource creates a documentation part for an API. - -For additional information, including details on parameters and properties, see the [AWS ApiGateway Documentation Part](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-documentationpart.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the documentation part exists. - -```ruby -describe aws_api_gateway_documentation_part(rest_api_id: 'REST_API_ID', documentation_part_id: 'DOCUMENTATION_PART_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated REST API. - -`documentation_part_id` _(required)_ - -: The identifier of the documentation part resource to get information about. - -## Properties - -`id` -: The identifier for the documentation part resource. - -`location.type` -: The type of API entity to which the documentation content applies. - -`location.path` -: The URL path of the target. - -`location.method` -: The HTTP verb of a method. - -`location.status_code` -: The HTTP status code of a response. - -`location.name` -: The name of the targeted API entity. - -`properties` -: A content map of API-specific key-value pairs describing the targeted API entity. - -## Examples - -**Ensure that the documentation part ID exists.** - -```ruby -describe aws_api_gateway_documentation_part(rest_api_id: 'REST_API_ID', documentation_part_id: 'DOCUMENTATION_PART_ID') do - its('id') { should eq 'DOCUMENTATION_PART_ID' } -end -``` - -**Check whether the API path exists for a documentation part.** - -```ruby -describe aws_api_gateway_documentation_part(rest_api_id: 'REST_API_ID', documentation_part_id: 'DOCUMENTATION_PART_ID') do - its('location.path') { should eq 'REQUEST_BODY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_documentation_part(rest_api_id: 'REST_API_ID', documentation_part_id: 'DOCUMENTATION_PART_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_documentation_part(rest_api_id: 'REST_API_ID', documentation_part_id: 'DOCUMENTATION_PART_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_api_gateway_documentation_part(rest_api_id: 'REST_API_ID', documentation_part_id: 'DOCUMENTATION_PART_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:DocumentationPart" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_parts.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_parts.md deleted file mode 100644 index 0681a03d57..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_parts.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_api_gateway_documentation_parts Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_documentation_parts" -identifier = "inspec/resources/aws/aws_api_gateway_documentation_parts Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_documentation_parts` InSpec audit resource to test properties of multiple documentation parts for an AWS API Gateway. - -The `AWS::ApiGateway::DocumentationParts` resource creates a documentation part for an API. - -For additional information, including details on parameters and properties, see the [AWS ApiGateway Documentation Part documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-documentationpart.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the documentation part exists. - -```ruby -describe aws_api_gateway_documentation_parts(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated REST API. - -## Properties - -`ids` -: The identifier for the documentation part resource. - -`types` -: The type of API entity to which the documentation content applies. - -`paths` -: The URL path of the target. - -`methods` -: The HTTP verb of a method. - -`status_codes` -: The HTTP status code of a response. - -`names` -: The name of the targeted API entity. - -`properties` -: A content map of API-specific key-value pairs describing the targeted API entity. - -## Examples - -**Ensure that the documentation part ID exists.** - -```ruby -describe aws_api_gateway_documentation_parts(rest_api_id: 'REST_API_ID') do - its('ids') { should include 'DOCUMENTATION_PART_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_documentation_parts(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_documentation_parts(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the documentation part is available. - -```ruby -describe aws_api_gateway_documentation_parts(rest_api_id: 'REST_API_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client::DocumentationParts" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_version.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_version.md deleted file mode 100644 index 8970c5458d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_version.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_api_gateway_documentation_version Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_documentation_version" -identifier = "inspec/resources/aws/aws_api_gateway_documentation_version Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_documentation_version` InSpec audit resource to test properties of a single AWS API Gateway documentation version. - -The `AWS::ApiGateway::DocumentationVersion` resource creates a documentation version for an API. - -For additional information, including details on parameters and properties, see the [AWS ApiGateway documentation version documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-documentationversion.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the documentation version exists. - -```ruby -describe aws_api_gateway_documentation_version(rest_api_id: 'REST_API_ID', documentation_version: 'DOCUMENTATION_VERSION') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated RestApi. - -`documentation_version` _(required)_ - -: The identifier of the documentation version resource to get information about. - -## Properties - -`created_date` -: The date when the API documentation snapshot is created. - -`version` -: The version identifier of the API documentation snapshot. - -`description` -: The description of the API documentation snapshot. - -## Examples - -**Ensure that the documentation version ID exists.** - -```ruby -describe aws_api_gateway_documentation_version(rest_api_id: 'REST_API_ID', documentation_version: 'DOCUMENTATION_VERSION') do - its('version') { should eq 'VERSION' } -end -``` - -**Check whether the API path exist for a documentation version.** - -```ruby -describe aws_api_gateway_documentation_version(rest_api_id: 'REST_API_ID', documentation_version: 'DOCUMENTATION_VERSION') do - its('description') { should eq 'DESCRIPTION' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_documentation_version(rest_api_id: 'REST_API_ID', documentation_version: 'DOCUMENTATION_VERSION') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_documentation_version(rest_api_id: 'REST_API_ID', documentation_version: 'DOCUMENTATION_VERSION') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_api_gateway_documentation_version(rest_api_id: 'REST_API_ID', documentation_version: 'DOCUMENTATION_VERSION') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:DocumentationVersion" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_versions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_versions.md deleted file mode 100644 index bf84e27cc6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_documentation_versions.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_api_gateway_documentation_versions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_documentation_versions" -identifier = "inspec/resources/aws/aws_api_gateway_documentation_versions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_documentation_versions` InSpec audit resource to test properties of multiple AWS API Gateway documentation versions. - -The `AWS::ApiGateway::DocumentationParts` resource creates a documentation versions for an API. - -For additional information, including details on parameters and properties, see the [AWS ApiGateway Documentation Version documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-documentationversion.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the documentation version exists. - -```ruby -describe aws_api_gateway_documentation_versions(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -## Properties - -`created_dates` -: The date when the API documentation snapshot is created. - -: **Field**: `created_date` - -`versions` -: The version identifier of the API documentation snapshot. - -: **Field**: `version` - -`descriptions` -: The description of the API documentation snapshot. - -: **Field**: `description` - -## Examples - -**Ensure that the documentation versions ID exists.** - -```ruby -describe aws_api_gateway_documentation_versions(rest_api_id: 'REST_API_ID') do - its('versions') { should include 'VERSION' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_documentation_versions(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_documentation_versions(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the documentation versions is available. - -```ruby -describe aws_api_gateway_documentation_versions(rest_api_id: 'REST_API_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client::DocumentationVersions" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_domain_name.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_domain_name.md deleted file mode 100644 index bdb184e743..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_domain_name.md +++ /dev/null @@ -1,190 +0,0 @@ -+++ -title = "aws_api_gateway_domain_name resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_domain_name" -identifier = "inspec/resources/aws/aws_api_gateway_domain_name resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_domain_name` InSpec audit resource to test the properties of a single specific AWS API Gateway domain name. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the domain name exists. - -```ruby -describe aws_api_gateway_domain_name(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ -: The custom domain name as an API hostname. For example, my-api.example.com. - -## Properties - -`domain_name` -: The custom domain name as an API hostname. For example, my-api.example.com. - -: **Field**: `domain_name` - -`certificate_name` -: The certificate name used by the edge-optimized endpoint for this domain name. - -: **Field**: `certificate_name` - -`certificate_arn` -: The reference to an AWS-managed certificate for use by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. - -: **Field**: `certificate_arn` - -`certificate_upload_date` -: The timestamp when the certificate used by the edge-optimized endpoint for this domain name is uploaded. - -: **Field**: `certificate_upload_date` - -`regional_domain_name` -: The domain name associated with the regional endpoint for this custom domain name. You can set up this association by adding a DNS record that points the custom domain name to this regional domain name. The regional domain name is returned by API Gateway when creating a regional endpoint. - -: **Field**: `regional_domain_name` - -`regional_hosted_zone_id` -: The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. For more information, see [Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.html). - -: **Field**: `regional_hosted_zone_id` - -`regional_certificate_name` -: The certificate name used for validating the regional domain name. - -: **Field**: `regional_certificate_name` - -`regional_certificate_arn` -: The reference to an AWS-managed certificate that is used to validate the regional domain name. AWS Certificate Manager is the only supported source. - -: **Field**: `regional_certificate_arn` - -`distribution_domain_name` -: The Amazon CloudFront distribution domain name associated with this custom domain name for an edge-optimized endpoint. You can set up this association when adding a DNS record pointing the custom domain name to this distribution name. For more information about CloudFront distributions, see the [Amazon CloudFront documentation](https://docs.aws.amazon.com/cloudfront/index.html). - -: **Field**: `distribution_domain_name` - -`distribution_hosted_zone_id` -: The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The valid value is `Z2FDTNDATAQYW2` for all the regions. - -: **Field**: `distribution_hosted_zone_id` - -`endpoint_configuration_types` -: A list of the endpoint types of the domain name. The valid values are `EDGE` for edge-optimized API setup, most suitable for mobile applications; `REGIONAL` for regional API endpoint setup, most suitable for calling from AWS Region; and `PRIVATE` for private APIs. - -: **Field**: `endpoint_configuration.types` - -`endpoint_configuration_vpc_endpoint_ids` -: A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for the `PRIVATE` endpoint type. - -: **Field**: `endpoint_configuration.vpc_endpoint_ids` - -`domain_name_status` -: The status of the domain name migration. The valid values are `AVAILABLE` and `UPDATING`. If the status is `UPDATING`, the domain cannot be modified further until the existing operation is complete. If it is `AVAILABLE`, the domain can be updated. - -: **Field**: `domain_name_status` - -`domain_name_status_message` -: An optional text message containing detailed information about the status of the domain name migration. - -: **Field**: `domain_name_status_message` - -`security_policy` -: The Transport Layer Security (TLS) version and cipher suite for this domain name. The valid values are `TLS_1_0` and `TLS_1_2`. - -: **Field**: `security_policy` - -`tags` -: The collection of tags. - -: **Field**: `tags` - -`mutual_tls_authentication.truststore_uri` -: An Amazon S3 URL that specifies the truststore for mutual TLS authentication. For example, `s3://bucket-name/key-name`. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3 and update your custom domain name to use the new version. To update the truststore, you must have permission to access the S3 object. - -: **Field**: `mutual_tls_authentication.truststore_uri` - -`mutual_tls_authentication.truststore_version` -: The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket. - -: **Field**: `mutual_tls_authentication.truststore_version` - -`mutual_tls_authentication_truststore_warnings` -: A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3 and update your domain name to use the new version. - -: **Field**: `mutual_tls_authentication.truststore_warnings` - -`ownership_verification_certificate_arn` -: The ARN of the public certificate issued by ACM to validate ownership of your custom domain. - -: **Field**: `ownership_verification_certificate_arn` - -## Examples - -### Test to ensure the domain name is available - -```ruby -describe aws_api_gateway_domain_name(domain_name: 'DOMAIN_NAME') do - its('domain_name') { should eq 'DOMAIN_NAME' } -end -``` - -### Test to ensure a regional hosted zone ID is available - -```ruby -describe aws_api_gateway_domain_name(domain_name: 'DOMAIN_NAME') do - its('regional_hosted_zone_id') { should eq 'REGIONAL_HOSTED_ZONE_ID' } -end -``` - -### Test to ensure the domain name status is `AVAILABLE` - -```ruby -describe aws_api_gateway_domain_name(domain_name: 'DOMAIN_NAME') do - its('domain_name_status') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_domain_name(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_domain_name(domain_name: 'DOMAIN_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:DomainName" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_domain_names.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_domain_names.md deleted file mode 100644 index ed4c73a810..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_domain_names.md +++ /dev/null @@ -1,174 +0,0 @@ -+++ -title = "aws_api_gateway_domain_names resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_domain_names" -identifier = "inspec/resources/aws/aws_api_gateway_domain_names resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_domain_names` InSpec audit resource to test the properties of multiple AWS API Gateway domain names. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the domain name exists. - -```ruby -describe aws_api_gateway_domain_names do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`domain_names` -: The custom domain name as an API hostname. For example, my-api.example.com. - -: **Field**: `domain_name` - -`certificate_names` -: The certificate name used by the edge-optimized endpoint for this domain name. - -: **Field**: `certificate_name` - -`certificate_arns` -: The reference to an AWS-managed certificate that is used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. - -: **Field**: `certificate_arn` - -`certificate_upload_dates` -: The timestamp when the certificate used by the edge-optimized endpoint for this domain name is uploaded. - -: **Field**: `certificate_upload_date` - -`regional_domain_names` -: The domain name associated with the regional endpoint for this custom domain name. You can set up this association by adding a DNS record that points the custom domain name to this regional domain name. The regional domain name is returned by API Gateway when creating a regional endpoint. - -: **Field**: `regional_domain_name` - -`regional_hosted_zone_ids` -: The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. For more information, see [Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.html). - -: **Field**: `regional_hosted_zone_id` - -`regional_certificate_names` -: The certificate name used for validating the regional domain name. - -: **Field**: `regional_certificate_name` - -`regional_certificate_arns` -: The reference to an AWS-managed certificate used to validate the regional domain name. AWS Certificate Manager is the only supported source. - -: **Field**: `regional_certificate_arn` - -`distribution_domain_names` -: The Amazon CloudFront distribution domain name associated with this custom domain name for an edge-optimized endpoint. You can set up this association when adding a DNS record pointing the custom domain name to this distribution name. For more information about CloudFront distributions, see the [Amazon CloudFront documentation](https://docs.aws.amazon.com/cloudfront/index.html). - -: **Field**: `distribution_domain_name` - -`distribution_hosted_zone_ids` -: The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. - -: **Field**: `distribution_hosted_zone_id` - -`endpoint_configurations` -: The endpoint configuration of the domain name showing the endpoint types of the domain name. - -: **Field**: `endpoint_configuration` - -`domain_name_statuses` -: The status of the domain name migration. The valid values are `AVAILABLE` and `UPDATING`. If the status is `UPDATING`, the domain cannot be modified further until the existing operation is complete. If it is `AVAILABLE`, the domain can be updated. - -: **Field**: `domain_name_status` - -`domain_name_status_messages` -: An optional text message containing detailed information about the status of the domain name migration. - -: **Field**: `domain_name_status_message` - -`security_policies` -: The Transport Layer Security (TLS) version and cipher suite for this domain name. The valid values are `TLS_1_0` and `TLS_1_2`. - -: **Field**: `security_policy` - -`tags` -: The collection of tags. - -: **Field**: `tags` - -`mutual_tls_authentications` -: The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API. - -: **Field**: `mutual_tls_authentication` - -`ownership_verification_certificate_arns` -: The ARN of the public certificate issued by ACM to validate ownership of your custom domain. - -: **Field**: `ownership_verification_certificate_arn` - -## Examples - -### Test to ensure the domain name is available - -```ruby -describe aws_api_gateway_domain_names do - its('domain_names') { should include 'DOMAIN_NAME' } -end -``` - -### Test to ensure a regional hosted zone ID is available - -```ruby -describe aws_api_gateway_domain_names do - its('regional_hosted_zone_ids') { should include 'REGIONAL_HOSTED_ZONE_ID' } -end -``` - -### Test to ensure that the domain name status includes `AVAILABLE` - -```ruby -describe aws_api_gateway_domain_names do - its('domain_name_statuses') { should include 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_domain_names do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_domain_names do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:DomainNames" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_method.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_method.md deleted file mode 100644 index 0ac880735d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_method.md +++ /dev/null @@ -1,196 +0,0 @@ -+++ -title = "aws_api_gateway_method Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_method" -identifier = "inspec/resources/aws/aws_api_gateway_method Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_method` InSpec audit resource to test properties of a single API Gateway method. - -The AWS::ApiGateway::Method resource creates API Gateway methods that define the parameters and body that clients must send in their requests. - -For additional information, including details on parameters and properties, see the [AWS APIGateway Method documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an API Gateway method exists. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of the RestApi resource in which API Gateway creates the method. - -`resource_id` _(required)_ - -: The ID of an API Gateway resource. For root resource methods, specify the RestApi root resource ID, such as `{ "Fn::GetAtt": ["MyRestApi", "RootResourceId"] }`. - -`http_method` _(required)_ - -: The HTTP method that clients use to call this method. - -## Properties - -`http_method` -: The HTTP method that clients use to call this method. - -`authorization_type` -: The method's authorization type. Valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, `CUSTOM` for using a custom authorizer, or `COGNITO_USER_POOLS` for using a Cognito user pool. - -`authorizer_id` -: The identifier of an Authorizer to use on this method. The authorizationType must be `CUSTOM`. - -`api_key_required` -: A boolean flag specifying whether a valid ApiKey is required to invoke this method. - -`request_validator_id` -: The identifier of a `RequestValidator` for request validation. - -`operation_name` -: A human-friendly operation identifier for the method. - -`request_parameters` -: A key-value map defining required or optional method request parameters that can be accepted by API Gateway.
A key is a method request parameter name matching the pattern of `method.request.{location}.{name}`, where the `location` is querystring, path, or header, and `name` is a valid and unique parameter name.
The value associated with the key is a Boolean flag indicating whether the parameter is required (`true`) or optional (`false`).
The method request parameter names defined here are available in `Integration` to be mapped to integration request parameters or templates. - -`request_models` -: A key-value map specifying data schemas, represented by `Model` resources, (as the mapped value) of the request payloads of given content types (as the mapping key). - -`method_responses (status_code)` -: The method response's status code. - -`method_responses (response_parameters)` -: A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. - -`method_responses (response_models)` -: Specifies the `Model` resources used for the response's content-type. Response models are represented as a key/value map, with a content-type as the key and a Model name as the value. - -`method_integration (type)` -: Specifies an API method integration type. - -`method_integration (http_method)` -: Specifies the integration's HTTP method type. - -`method_integration (uri)` -: Specifies Uniform Resource Identifier (URI) of the integration endpoint. - -`method_integration (connection_type)` -: The type of the network connection to the integration endpoint. The valid value is `INTERNET` for connections through the public routable internet or `VPC_LINK` for private connections between API Gateway and a network load balancer in a VPC. The default value is `INTERNET`. - -`method_integration (connection_id)` -: The ID of the VpcLink used for the integration when `connectionType=VPC_LINK`, otherwise undefined. - -`method_integration (credentials)` -: Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::*:user/*`. To use resource-based permissions on supported AWS services, specify `null`. - -`method_integration (request_parameters)` -: A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of `method.request.{location}.{name}`, where the `location` is querystring, path, or header, and `name` must be a valid and unique method request parameter name. - -`method_integration (request_templates)` -: Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. - -`method_integration (passthrough_behavior)` -: Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. - -`method_integration (content_handling)` -: Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. - -`method_integration (timeout_in_millis)` -: Custom timeout between 50 and 29,000 milliseconds as an integer. The default value is 29,000 milliseconds or 29 seconds. - -`method_integration (cache_namespace)` -: Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the `cacheNamespace`. You can specify the same `cacheNamespace` across resources to return the same cached data for requests to different resources. - -`method_integration (cache_key_parameters)` -: A list of request parameters whose values API Gateway caches. To be valid, values for `cacheKeyParameters` must also be specified `requestParameters`. - -`method_integration (integration_responses (status_code))` -: Specifies the status code that is used to map the integration response to a `MethodResponse`. - -`method_integration (integration_responses (selection_pattern))` -: Specifies the regular expression pattern used to choose an integration response based on the response from the back end. - -`method_integration (integration_responses (response_parameters))` -: A key-value map specifying response parameters that are passed to the method response from the back end.
The key is a method response header parameter name, and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of `method.response.header.{name}`, where `name` is a valid and unique header name. The mapped non-static value must match the pattern of `integration.response.header.{name}` or `integration.response.body.{JSON-expression}`, where `name` is a valid and unique response header name and `JSON-expression` is a valid JSON expression without the `$` prefix. - -`method_integration (integration_responses (response_templates))` -: Specifies the templates used to transform the integration response body. Response templates are represented as a key/value map, with a content-type as the key and a template as the value. - -`method_integration (integration_responses (content_handling))` -: Specifies how to handle response payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. - -`method_integration (tls_config (insecure_skip_verification))` -: Specifies whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a supported certificate authority. - -`authorization_scopes` -: A list of authorization scopes configured on the method. - -## Examples - -**Ensure a HTTP method is a GET request.** - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'GET') do - its('http_method') { should eq 'GET' } -end -``` - -**Ensure that the connection type is 'INTERNET'.** - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - its('method_integration.connection_type') { should eq 'INTERNET' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client::client:Method" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_methods.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_methods.md deleted file mode 100644 index 46033dc905..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_methods.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "aws_api_gateway_methods Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_methods" -identifier = "inspec/resources/aws/aws_api_gateway_methods Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_methods` InSpec audit resource to test properties of multiple API Gateway methods. - -The AWS::ApiGateway::Method resource creates API Gateway methods that define the parameters and body that clients must send in their requests. - -For additional information, including details on parameters and properties, see the [AWS APIGateway Method documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a API Gateway method exists. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of the RestApi resource in which API Gateway creates the method. - -`resource_id` _(required)_ - -: The ID of an API Gateway resource. For root resource methods, specify the RestApi root resource ID, such as `{ "Fn::GetAtt": ["MyRestApi", "RootResourceId"] }`. - -`http_method` _(required)_ - -: The HTTP method that clients use to call this method. - -## Properties - -`http_methods` -: The HTTP method that clients use to call this method. - -`authorization_types` -: The method's authorization type. Valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, `CUSTOM` for using a custom authorizer, or `COGNITO_USER_POOLS` for using a Cognito user pool. - -`authorizer_ids` -: The identifier of an Authorizer to use on this method. The authorizationType must be `CUSTOM`. - -`api_key_required` -: A boolean flag specifying whether a valid ApiKey is required to invoke this method. - -`request_validator_ids` -: The identifier of a `RequestValidator` for request validation. - -`operation_names` -: A human-friendly operation identifier for the method. - -`request_parameters` -: A key-value map defining required or optional method request parameters that can be accepted by API Gateway.
A key is a method request parameter name matching the pattern of `method.request.{location}.{name}`, where the `location` is querystring, path, or header, and `name` is a valid and unique parameter name.
The value associated with the key is a Boolean flag indicating whether the parameter is required (`true`) or optional (`false`).
The method request parameter names defined here are available in `Integration` to be mapped to integration request parameters or templates. - -`request_models` -: A key-value map specifying data schemas, represented by `Model` resources, (as the mapped value) of the request payloads of given content types (as the mapping key). - -`method_responses` -: Gets a method response associated with a given HTTP status code. - -`method_integrations` -: Gets the method's integration responsible for passing the client-submitted request to the back end and performing necessary transformations to make the request compliant with the back end. - -`authorization_scopes` -: A list of authorization scopes configured on the method. - -## Examples - -**Ensure an HTTP method is a GET request.** - -```ruby -describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - its('http_method') { should include 'GET' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the method name is available. - -```ruby -describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Methods" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_model.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_model.md deleted file mode 100644 index fc099a7526..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_model.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_api_gateway_model Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_model" -identifier = "inspec/resources/aws/aws_api_gateway_model Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_model` Chef InSpec audit resource to test properties of a single AWS API Gateway model. - -The `AWS::ApiGateway::Model` resource defines the structure of a request or response payload for an API method. - -For additional information, including details on parameters and properties, see the [AWS documentation on `AWS::APIGateway::Model` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-model.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the model exists. - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of a REST API associated with this model. - -`model_name` _(required)_ - -: A name for the model. - -## Properties - -`id` -: The identifier for the model resource. - -`name` -: The name of the model. Must be an alphanumeric string. - -`description` -: The description of the model. - -`schema` -: The schema for the model. For `application/json` models, this should be [JSON schema draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) model. - -`content_type` -: The content-type for the model. - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('id') { should eq 'MODEL_ID' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('name') { should eq 'MODEL_NAME' } -end -``` - -**Ensure a description is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('description') { should eq 'MODEL_DESCRIPTION' } -end -``` - -**Ensure a content type is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('content_type') { should eq 'CONTENT_TYPE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ApiGateway:Client:Model" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_models.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_models.md deleted file mode 100644 index 4a2d021aaa..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_models.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "aws_api_gateway_models Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_models" -identifier = "inspec/resources/aws/aws_api_gateway_models Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_models` Chef InSpec audit resource to test properties of the plural resource of AWS API Gateway model. - -The `AWS::ApiGateway::Model` resource defines the structure of a request or response payload for an API method. - -For additional information, including details on parameters and properties, see the [AWS documentation on `AWS::APIGateway::Model` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-model.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the model exists. - -```ruby -describe aws_api_gateway_models(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of a REST API associated with this model. - -## Properties - -`ids` -: The identifier for the model resource. - -: **Field**: `id` - -`names` -: The name of the model. Must be an alphanumeric string. - -: **Field**: `name` - -`descriptions` -: The description of the model. - -: **Field**: `description` - -`schemas` -: The schema for the model. For `application/json` models, this should be [JSON schema draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) model. - -: **Field**: `schema` - -`content_types` -: The content-type for the model. - -: **Field**: `content_type` - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('ids') { should include 'MODEL_ID' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('names') { should include 'MODEL_NAME' } -end -``` - -**Ensure a description is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('descriptions') { should include 'MODEL_DESCRIPTION' } -end -``` - -**Ensure a content type is available.** - -```ruby -describe aws_api_gateway_model(rest_api_id: 'REST_API_ID', model_name: 'MODEL_NAME') do - its('content_types') { should include 'CONTENT_TYPE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_models(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_models(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ApiGateway:Client:Models" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_request_validator.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_request_validator.md deleted file mode 100644 index 81c575c2db..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_request_validator.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_api_gateway_request_validator Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_request_validator" -identifier = "inspec/resources/aws/aws_api_gateway_request_validator Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_request_validator` InSpec audit resource to test the properties of a single API Gateway request validator. - -The AWS::ApiGateway::RequestValidator resource sets up basic validation rules for incoming integration requests to your API. - -For additional information, including details on parameters and properties, see the [AWS APIGateway RequestValidator documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-requestvalidator.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an API Gateway request validator exists. - -```ruby -describe aws_api_gateway_request_validator(rest_api_id: 'API_ID', request_validator_id: 'API_REQUEST_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated RestApi entity. - -`request_validator_id` _(required)_ - -: The identifier of the RequestValidator to be retrieved. - -## Properties - -`id` -: The identifier of this RequestValidator. - -`name` -: The name of this RequestValidator. - -`validate_request_body` -: A Boolean flag to indicate whether to validate a request body according to the configured model schema for the method (`true`) or not (`false`). - -`validate_request_parameters` -: A Boolean flag to indicate whether to validate request parameters (`true`) or not (`false`). - -## Examples - -### Test to ensure a request validator ID is present - -```ruby -describe aws_api_gateway_request_validator(rest_api_id: 'API_ID', request_validator_id: 'API_REQUEST_ID') do - its('id') { should eq 'REQUEST_ID' } -end -``` - -### Test to ensure that the request body is 'true' - -```ruby -describe aws_api_gateway_request_validator(rest_api_id: 'API_ID', request_validator_id: 'API_REQUEST_ID') do - its('validate_request_body') { should eq true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_request_validator(rest_api_id: 'API_ID', request_validator_id: 'API_REQUEST_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_request_validator(rest_api_id: 'API_ID', request_validator_id: 'API_REQUEST_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:RequestValidator" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_request_validators.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_request_validators.md deleted file mode 100644 index 9d2d191ac9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_request_validators.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "aws_api_gateway_request_validators Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_request_validators" -identifier = "inspec/resources/aws/aws_api_gateway_request_validators Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_request_validators` Chef InSpec audit resource to the test properties of multiple AWS API Gateway request validators. - -The AWS::ApiGateway::RequestValidator resource sets up basic validation rules for incoming requests to your API. - -For additional information, including details on parameters and properties, see the [AWS APIGateway RequestValidator documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-requestvalidator.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an API Gateway request validator exists. - -```ruby -describe aws_api_gateway_request_validators(rest_api_id: 'API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated RestApi. - -## Properties - -`id` -: The identifier of this RequestValidator. - -: **Field**: `id` - -`name` -: The name of this RequestValidator. - -: **Field**: `name` - -`validate_request_body` -: A Boolean flag to indicate whether to validate a request body according to the configured model schema. - -: **Field**: `validate_request_body` - -`validate_request_parameters` -: A Boolean flag to indicate whether to validate request parameters (`true`) or not (`false`). - -: **Field**: `validate_request_parameters` - -## Examples - -### Test to ensure a request validator ID is present - -```ruby -describe aws_api_gateway_request_validators(rest_api_id: 'API_ID') do - its('ids') { should include 'REQUEST_ID' } -end -``` - -### Test to ensure the request body is 'true' - -```ruby -describe aws_api_gateway_request_validators(rest_api_id: 'API_ID') do - its('validate_request_bodies') { should include true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_api_gateway_method(rest_api_id: 'API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:RequestValidators" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_resource.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_resource.md deleted file mode 100644 index c8530f4d14..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_resource.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_api_gateway_resource resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_resource" -identifier = "inspec/resources/aws/aws_api_gateway_resource resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_resource` InSpec audit resource to test the properties of a single specific AWS API Gateway Resource. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-resource.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the resource exists. - -```ruby -describe aws_api_gateway_resource(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated RestApi. - -`resource_id` _(required)_ - -: The identifier for the Resource resource. - -## Properties - -`id` -: The resource's identifier. - -: **Field**: `id` - -`parent_id` -: The parent resource's identifier. - -: **Field**: `parent_id` - -`path_part` -: The last path segment for this resource. - -: **Field**: `path_part` - -`path` -: The full path for this resource. - -: **Field**: `path` - -`resource_methods` -: Gets an API resource's method of a given HTTP verb. - -: **Field**: `resource_methods` - -## Examples - -### Test to ensure a resource ID is available - -```ruby -describe aws_api_gateway_resource(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID') do - its('id') { should eq 'RESOURCE_ID' } -end -``` - -### Test to ensure a resource path is available - -```ruby -describe aws_api_gateway_resource(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID') do - its('path') { should eq '/' } -end -``` - -### Test to ensure a resource parent ID is available - -```ruby -describe aws_api_gateway_resource(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID') do - its('parent_id') { should eq 'PARENT_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_resource(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_resource(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Resource" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_resources.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_resources.md deleted file mode 100644 index 52d6e3e200..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_resources.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_api_gateway_resources Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_resources" -identifier = "inspec/resources/aws/aws_api_gateway_resources Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_resources` Chef InSpec audit resource to test the properties of multiple AWS API Gateway Resources. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-resource.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the resource exists. - -```ruby -describe aws_api_gateway_resources(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated RestApi. - -## Properties - -`ids` -: The resource's identifier. - -: **Field**: `id` - -`parent_ids` -: The parent resource's identifier. - -: **Field**: `parent_id` - -`path_parts` -: The last path segment for this resource. - -: **Field**: `path_part` - -`paths` -: The full path for this resource. - -: **Field**: `path` - -`resource_methods` -: Gets an API resource's method of a given HTTP verb. - -: **Field**: `resource_methods` - -## Examples - -### Test to ensure the resource is present - -```ruby -describe aws_api_gateway_resources(rest_api_id: 'REST_API_ID') do - its('ids') { should include 'RESOURCE_ID' } -end -``` - -### Test to ensure the parent ID is present - -```ruby -describe aws_api_gateway_resources(rest_api_id: 'REST_API_ID') do - its('parent_ids') { should include 'PARENT_ID' } -end -``` - -### Test to ensure the path includes `/` - -```ruby -describe aws_api_gateway_resources(rest_api_id: 'REST_API_ID') do - its('paths') { should include "/" } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_resources(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_resources(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Resources" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_response.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_response.md deleted file mode 100644 index e1a2f14390..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_response.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "aws_api_gateway_response Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_response" -identifier = "inspec/resources/aws/aws_api_gateway_response Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_response` Chef InSpec audit resource to test properties of a single AWS API Gateway gateway response. - -The `AWS::ApiGateway::GatewayResponse` resource creates a gateway response for your API. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::APIGateway::GatewayResponse` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-gatewayresponse.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the response exists. - -```ruby -describe aws_api_gateway_response(rest_api_id: 'REST_API_ID', response_type: 'RESPONSE_TYPE') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated REST API. - -`response_type` _(required)_ - -: The response type of the associated gateway response. - -## Properties - -`response_type` -: The response type of the associated GatewayResponse. - -`status_code` -: The HTTP status code for this GatewayResponse. - -`response_parameters` -: Response parameters (paths, query strings and headers) of the GatewayResponse as a string-to-string map of key-value pairs. - -`response_templates` -: Response templates of the GatewayResponse as a string-to-string map of key-value pairs. - -`default_response` -: A Boolean flag to indicate whether this GatewayResponse is the default gateway response (true ) or not (false ). - -## Examples - -**Ensure a response type is 'DEFAULT_4XX'.** - -```ruby -describe aws_api_gateway_response(rest_api_id: 'REST_API_ID', response_type: 'DEFAULT_4XX') do - its('response_type') { should eq 'DEFAULT_4XX' } -end -``` - -**Ensure a status code is `200`.** - -```ruby -describe aws_api_gateway_response(rest_api_id: 'REST_API_ID', response_type: 'RESPONSE_TYPE') do - its('status_code') { should eq '200' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_response(rest_api_id: 'REST_API_ID', response_type: 'RESPONSE_TYPE') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_response(rest_api_id: 'REST_API_ID', response_type: 'RESPONSE_TYPE') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:GatewayResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_responses.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_responses.md deleted file mode 100644 index f3ee3de248..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_responses.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "aws_api_gateway_responses Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_responses" -identifier = "inspec/resources/aws/aws_api_gateway_responses Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_responses` Chef InSpec audit resource to test properties of multiple AWS API Gateway gateway responses. - -The `AWS::ApiGateway::GatewayResponse` resource creates a gateway response for your API. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::APIGateway::GatewayResponse` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-gatewayresponse.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a response exists. - -```ruby -describe aws_api_gateway_responses(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated REST API. - -## Properties - -`response_type` -: The response type of the associated GatewayResponse. - -: **Field**: `response_type` - -`status_code` -: The HTTP status code for this GatewayResponse. - -: **Field**: `status_code` - -`response_parameters` -: Response parameters (paths, query strings and headers) of the GatewayResponse as a string-to-string map of key-value pairs. - -: **Field**: `response_parameters` - -`response_templates` -: Response templates of the GatewayResponse as a string-to-string map of key-value pairs. - -: **Field**: `response_templates` - -`default_response` -: A Boolean flag to indicate whether this GatewayResponse is the default gateway response (true ) or not (false ). - -: **Field**: `default_response` - -## Examples - -**Ensure a response type is `DEFAULT_4XX`.** - -```ruby -describe aws_api_gateway_responses(rest_api_id: 'REST_API_ID') do - its('response_types') { should include 'DEFAULT_4XX' } -end -``` - -**Ensure a status code is `200`.** - -```ruby -describe aws_api_gateway_responses(rest_api_id: 'REST_API_ID') do - its('status_codes') { should include '200' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_responses(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_responses(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:GatewayResponses" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_restapi.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_restapi.md deleted file mode 100644 index 28cc9930b3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_restapi.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_api_gateway_restapi Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_restapi" -identifier = "inspec/resources/aws/aws_api_gateway_restapi Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_restapi` InSpec audit resource to test properties of a single AWS API Gateway REST API. - -The AWS::ApiGateway::RestApi resource creates a REST API. - -For additional information, including details on parameters and properties, see the [AWS API Gateway REST API documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure the rest api exists. - -```ruby -describe aws_api_gateway_restapi(rest_api_id: "REST_API_ID") do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -## Properties - -`id` -: The API's identifier. This identifier is unique across all of your APIs in API Gateway. - -`name` -: The API's name. - -`description` -: The API's description. - -`created_date` -: The timestamp when the API was created. - -`version` -: A version identifier for the API. - -`warnings` -: The warning messages reported when `failonwarnings` is turned on during API import. - -`binary_media_types` -: The list of binary media types supported by the REST API. By default, the REST API supports only UTF-8-encoded text payloads. - -`minimum_compression_size` -: A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size. - -`api_key_source` -: The source of the API key for metering requests according to a usage plan. Valid values are `HEADER` and `AUTHORIZER`. - -`endpoint_configuration (types)` -: A list of endpoint types of an API or its custom domain name. For an edge-optimized API and its custom domain name, the endpoint type is `EDGE`. For a regional API and its custom domain name, the endpoint type is `REGIONAL`. For a private API, the endpoint type is `PRIVATE`. - -`endpoint_configuration (vpc_endpoint_ids)` -: A list of `VpcEndpointIds` of an API against which to create Route53 aliases. It is only supported for `PRIVATE` endpoint type. - -`policy` -: A stringified JSON policy document that applies to this REST API regardless of the caller and method configuration. - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -`disable_execute_api_endpoint` -: Specifies whether clients can invoke your API by using the default execute-api endpoint. - -## Examples - -**Ensure the REST API exists.** - -```ruby -describe aws_api_gateway_restapi(rest_api_id: "REST_API_ID") do - its('name') { should eq 'API_NAME' } -end -``` - -**Ensure that the source of the API key is `HEADER`.** - -```ruby -describe aws_api_gateway_restapi(rest_api_id: "REST_API_ID") do - its('api_key_source') { should eq 'HEADER' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_restapi(rest_api_id: "REST_API_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_restapi(rest_api_id: "REST_API_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_api_gateway_restapi(rest_api_id: "REST_API_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:RestApi" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_restapis.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_restapis.md deleted file mode 100644 index 47042cf53f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_restapis.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "aws_api_gateway_restapis Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_restapis" -identifier = "inspec/resources/aws/aws_api_gateway_restapis Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_restapis` InSpec audit resource to test properties of multiple AWS API Gateway REST APIs. - -The AWS::ApiGateway::RestApi resource creates a REST API. - -For additional information, including details on parameters and properties, see the [AWS API Gateway REST API documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure the rest api exists. - -```ruby -describe aws_api_gateway_restapis do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The API's identifier. This identifier is unique across all of your APIs in API Gateway. - -`names` -: The API's name. - -`descriptions` -: The API's description. - -`created_dates` -: The timestamp when the API was created. - -`versions` -: A version identifier for the API. - -`warnings` -: The warning messages reported when `failonwarnings` is turned on during API import. - -`binary_media_types` -: The list of binary media types supported by the REST API. By default, the REST API supports only UTF-8-encoded text payloads. - -`minimum_compression_sizes` -: A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size. - -`api_key_sources` -: The source of the API key for metering requests according to a usage plan. Valid values are `HEADER` and `AUTHORIZER`. - -`endpoint_configurations` -: The endpoint configuration of this REST API showing the endpoint types of the API. - -`policies` -: A stringified JSON policy document that applies to this REST API regardless of the caller and method configuration. - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -`disable_execute_api_endpoints` -: Specifies whether clients can invoke your API by using the default execute-api endpoint. - -## Examples - -**Ensure a specific REST API exists.** - -```ruby -describe aws_api_gateway_restapis do - its('names') { should include 'API_NAME' } -end -``` - -**Ensure that `HEADER` is a source for a REST API key.** - -```ruby -describe aws_api_gateway_restapis do - its('api_key_source') { should include 'HEADER' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_restapis do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:RestApis" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_stage.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_stage.md deleted file mode 100644 index ceaefbfdaa..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_stage.md +++ /dev/null @@ -1,192 +0,0 @@ -+++ -title = "aws_api_gateway_stage Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_stage" -identifier = "inspec/resources/aws/aws_api_gateway_stage Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_stage` InSpec audit resource to test properties of a single AWS API Gateway stage. - -The `AWS::ApiGateway::Stage` resource deploys an API Gateway REST API resource to a stage so that clients can call the API over the internet. The stage acts as an environment. - -For additional information, including details on parameters and properties, see the [AWS API Gateway stage documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the stage exists. - -```ruby -describe aws_api_gateway_stage(rest_api_id: 'REST_API_ID', stage_name: 'STAGE_NAME') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of the REST API resource that you're deploying with this stage. - -`stage_name` _(required)_ - -: The API Gateway stage name. - -## Properties - -`deployment_id` -: The identifier for the deployment attached to stage resource. - -`description` -: The description for the stage resource. - -`created_date` -: The date and time that the stage resource was created. - -`stage_name` -: The name for the stage resource. - -`client_certificate_id` -: The client certificate identifier for the stage resource. - -`cache_cluster_enabled` -: Specifies whether a cache cluster is enabled for the stage. - -`cache_cluster_size` -: The size of the cache cluster for the stage, if enabled. - -`cache_cluster_status` -: The status of the cache cluster for the stage, if enabled. - -`method_settings` -: A map that defines the method settings for a stage resource. - -`method_settings (metrics_enabled)` -: Specifies whether Amazon CloudWatch metrics are enabled for this method. - -`method_settings (logging_level)` -: Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. - -`method_settings (data_trace_enabled)` -: Specifies whether data trace logging is enabled for this method, which affects the log entries pushed to Amazon CloudWatch Logs. - -`method_settings (throttling_burst_limit)` -: Specifies the throttling burst limit. - -`method_settings (throttling_rate_limit)` -: Specifies the throttling rate limit. - -`method_settings (caching_enabled)` -: Specifies whether responses should be cached and returned for requests. - -`method_settings (cache_ttl_in_seconds)` -: Specifies the time to live (TTL), in seconds, for cached responses. - -`method_settings (cache_data_encrypted)` -: Specifies whether the cached responses are encrypted. - -`method_settings (require_authorization_for_cache_control)` -: Specifies whether authorization is required for a cache invalidation request. - -`method_settings (unauthorized_cache_control_header_strategy)` -: Specifies how to handle unauthorized requests for cache invalidation. - -`variables` -: A map that defines the stage variables for a stage resource. - -`documentation_version` -: The version of the associated API documentation. - -`access_log_settings.format` -: A single line format of the access logs of data. - -`access_log_settings.destination_arn` -: The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. - -`canary_settings.percent_traffic` -: The percent (0-100) of traffic diverted to a canary deployment. - -`canary_settings.deployment_id` -: The identifier for the canary settings deployment. - -`canary_settings.stage_variable_overrides` -: Stage variables overridden for a canary release deployment, including new stage variables introduced in the canary. - -`canary_settings.use_stage_cache` -: A boolean flag to indicate whether the canary deployment uses the stage cache or not. - -`tracing_enabled` -: Specifies whether active tracing with X-ray is enabled for the Stage. - -`web_acl_arn` -: The ARN of the WebAcl associated with the Stage. - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -`last_updated_date` -: The timestamp when the stage last updated. - -## Examples - -**Ensure that the stage name exists.** - -```ruby -describe aws_api_gateway_stage(rest_api_id: 'REST_API_ID', stage_name: 'STAGE_NAME') do - its('stage_name') { should eq 'STAGE_NAME' } -end -``` - -**Ensure that the client certificate ID exists.** - -```ruby -describe aws_api_gateway_stage(rest_api_id: 'REST_API_ID', stage_name: 'STAGE_NAME') do - its('client_certificate_id') { should eq 'CLIENT_CERTIFICATE_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_stage(rest_api_id: 'REST_API_ID', stage_name: 'STAGE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_stage(rest_api_id: 'REST_API_ID', stage_name: 'STAGE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_api_gateway_stage(rest_api_id: 'REST_API_ID', stage_name: 'STAGE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Stage" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_stages.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_stages.md deleted file mode 100644 index 0d539ec552..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_stages.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "aws_api_gateway_stages Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_stages" -identifier = "inspec/resources/aws/aws_api_gateway_stages Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_stages` InSpec audit resource to test properties of multiple AWS API Gateway stages. - -The 'AWS::ApiGateway::Stage' resource deploys an API Gateway REST API resource to a stage so that clients can call the API over the internet. The stage acts as an environment. - -For additional information, including details on parameters and properties, see the [AWS API Gateway stage Stage documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the stage exists. - -```ruby -describe aws_api_gateway_stages(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of the REST API resource that you're deploying with this stage. - -## Properties - -`deployment_ids` -: The identifier for the deployment attached to stage resource. - -`descriptions` -: The description for the stage resource. - -`created_dates` -: The date and time that the stage resource was created. - -`stage_names` -: The name for the stage resource. - -## Examples - -**Ensure that the stage name exists.** - -```ruby -describe aws_api_gateway_stages(rest_api_id: 'REST_API_ID') do - its('stage_names') { should include 'STAGE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_stages(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_api_gateway_stages(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the stage is available. - -```ruby -describe aws_api_gateway_stages(rest_api_id: 'REST_API_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client::Stages" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan.md deleted file mode 100644 index fbe2ba7192..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan.md +++ /dev/null @@ -1,170 +0,0 @@ -+++ -title = "aws_api_gateway_usage_plan resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_usage_plan" -identifier = "inspec/resources/aws/aws_api_gateway_usage_plan resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_usage_plan` InSpec audit resource to test the properties of a single specific AWS API Gateway usage plan. A usage plan sets a target for the throttling and quota limits on individual client API keys. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a usage plan exists. - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - it { should exist } -end -``` - -## Parameters - -`usage_plan_id` _(required)_ -: The identifier of a usage plan resource. - -## Properties - -`id` -: The identifier of a usage plan resource. - -: **Field**: `id` - -`name` -: The name of a usage plan. - -: **Field**: `name` - -`description` -: The description of a usage plan. - -: **Field**: `description` - -`api_stages` -: The associated API stages of a usage plan. - -: **Field**: `api_stages` - -`api_stages_api_ids` -: API ID of the associated API stage in a usage plan. - -: **Field**: `api_stages[0].api_id` - -`api_stages_stages` -: API stage name of the associated API stage in a usage plan. - -: **Field**: `api_stages[0].stage` - -`api_stages_throttles` -: Map containing method level throttling information for API stage in a usage plan. - -: **Field**: `api_stages[0].throttle` - -`throttle` -: The overall request rate (average requests per second) and burst capacity. A map containing method level throttling information for the API stage in a usage plan. - -: **Field**: `throttle` - -`throttle.burst_limit` -: The API target request burst rate limit. This allows more requests for a period of time than the target rate limit. - -: **Field**: `throttle.burst_limit` - -`throttle.rate_limit` -: The API target request rate limit. - -: **Field**: `throttle.rate_limit` - -`quota` -: The maximum target number of permitted requests that the user can make within a given time interval. - -: **Field**: `quota` - -`quota.limit` -: The target maximum number of requests that can be made in a given time period. - -: **Field**: `quota.limit` - -`quota.offset` -: The number of requests subtracted from the given limit in the initial time period. - -: **Field**: `quota.offset` - -`quota.period` -: The time period in which the limit applies. Valid values are `DAY`, `WEEK`, or `MONTH`. - -: **Field**: `quota.period` - -`product_code` -: The AWS Markeplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace. - -: **Field**: `product_code` - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -: **Field**: `tags` - -## Examples - -### Test to ensure a usage plan ID is available - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - its('id') { should eq 'USAGE_PLAN_ID' } -end -``` - -### Test to ensure a usage plan name is available - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - its('name') { should eq 'USAGE_PLAN_NAME' } -end -``` - -### Test to verify the quota limit is set to `2` in the usage plan API gateway - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - its('quota.limit') { should eq 2 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:UsagePlan" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan_key.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan_key.md deleted file mode 100644 index 86ae4386c0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan_key.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "aws_api_gateway_usage_plan_key resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_usage_plan_key" -identifier = "inspec/resources/aws/aws_api_gateway_usage_plan_key resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_usage_plan_key` InSpec audit resource to test the properties of a specific AWS API Gateway usage plan key. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway UsagePlanKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a usage plan key exists. - -```ruby -describe aws_api_gateway_usage_plan_key(usage_plan_id: 'USAGE_PLAN_ID', key_id: 'USAGE_PLAN_KEY_ID') do - it { should exist } -end -``` - -## Parameters - -`usage_plan_id` _(required)_ - -: The usage plan resource ID represents the usage plan containing the to-be-retrieved usage plan's key resource and a plan customer. - -`key_id` _(required)_ - -: The key ID of the to-be-retrieved usage plan key resource representing a plan customer. - -## Properties - -`id` -: The usage plan key ID. - -`type` -: The usage plan key type. Currently, the valid key type is `API_KEY`. - -`value` -: The value of a usage plan key. - -`name` -: The usage plan key name. - -## Examples - -### Test to ensure a usage plan key ID is available - -```ruby -describe aws_api_gateway_usage_plan_key(usage_plan_id: 'USAGE_PLAN_ID', key_id: 'USAGE_PLAN_KEY_ID') do - its('id') { should eq 'USAGE_PLAN_KEY_ID' } -end -``` - -### Test to ensure a usage plan key name is available - -```ruby -describe aws_api_gateway_usage_plan_key(usage_plan_id: 'USAGE_PLAN_ID', key_id: 'USAGE_PLAN_KEY_ID') do - its('name') { should eq 'USAGE_PLAN_KEY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:UsagePlanKey" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan_keys.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan_keys.md deleted file mode 100644 index 7b6d588f4c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plan_keys.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "aws_api_gateway_usage_plan_keys resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_usage_plan_keys" -identifier = "inspec/resources/aws/aws_api_gateway_usage_plan_keys resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_usage_plan_keys` InSpec audit resource to test the properties of multiple AWS API Gateway usage plan keys. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway UsagePlanKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the usage plan key exists. - -```ruby -describe aws_api_gateway_usage_plan_keys(usage_plan_id: 'USAGE_PLAN_ID') do - it { should exist } -end -``` - -## Parameters - -`usage_plan_id` _(required)_ - -: The usage plan resource ID represents the usage plan containing the to-be-retrieved usage plan's key resource and a plan customer. - -## Properties - -`ids` -: The usage plan key ID. - -: **Field**: `id` - -`types` -: The usage plan key type. Currently, the valid key type is `API_KEY`. - -: **Field**: `type` - -`values` -: The usage plan key value. - -: **Field**: `value` - -`names` -: The usage plan key name. - -: **Field**: `name` - -## Examples - -### Test to ensure a usage plan key ID is available - -```ruby -describe aws_api_gateway_usage_plan_keys(usage_plan_id: 'USAGE_PLAN_ID') do - its('ids') { should include 'USAGE_PLAN_KEY_ID' } -end -``` - -### Test to ensure a usage plan key name is available - -```ruby -describe aws_api_gateway_usage_plan_keys(usage_plan_id: 'USAGE_PLAN_ID') do - its('names') { should include 'USAGE_PLAN_KEY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_usage_plan_keys(usage_plan_id: 'USAGE_PLAN_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_usage_plan_keys(usage_plan_id: 'USAGE_PLAN_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:UsagePlanKeys" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plans.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plans.md deleted file mode 100644 index 5d80af01ea..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_usage_plans.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_api_gateway_usage_plans resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_usage_plans" -identifier = "inspec/resources/aws/aws_api_gateway_usage_plans resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_usage_plans` InSpec audit resource to test the properties of multiple AWS API Gateway usage plans. A usage plan sets a target for the throttling and quota limits on individual client API keys. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the usage plan exists. - -```ruby -describe aws_api_gateway_usage_plans do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The identifier of a usage plan resource. - -: **Field**: `id` - -`names` -: The name of a usage plan. - -: **Field**: `name` - -`descriptions` -: The description of a usage plan. - -: **Field**: `description` - -`api_stages` -: The associated API stages of a usage plan. - -: **Field**: `api_stages` - -`throttles` -: A map containing method level throttling information for the API stage in a usage plan. - -: **Field**: `throttle` - -`quotas` -: The maximum target number of permitted requests that the user can make within a given time interval - -: **Field**: `quota` - -`product_codes` -: The AWS Marketplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace. - -: **Field**: `product_code` - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -: **Field**: `tags` - -## Examples - -### Test to ensure a usage plan ID is available - -```ruby -describe aws_api_gateway_usage_plans do - its('ids') { should include 'USAGE_PLAN_ID' } -end -``` - -### Test to ensure a usage plan name is available - -```ruby -describe aws_api_gateway_usage_plans do - its('names') { should include 'USAGE_PLAN_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_usage_plans do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_usage_plans do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:UsagePlans" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api.md deleted file mode 100644 index 52ad8e4b05..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "aws_api_gateway_v2_api resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_api" -identifier = "inspec/resources/aws/aws_api_gateway_v2_api resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_api` InSpec audit resource to test the properties of a single specific AWS API Gateway V2 API. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 API](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the API exists. - -```ruby -describe aws_api_gateway_v2_api(api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API ID. - -## Properties - -`api_endpoint` -: The URI of the API, of the form `{api-id}.execute-api.{region}.amazonaws.com`. The stage name is typically appended to this URI to form a complete path to a deployed API stage. - -`api_gateway_managed` -: Specifies whether an API is managed by API Gateway. You cannot update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it. - -`api_id` -: The API ID. - -`api_key_selection_expression` -: An API key selection expression. Supported only for WebSocket APIs. - -`cors_configuration` -: A CORS configuration. Supported only for HTTP APIs. - -`cors_configuration.allow_credentials` -: Specifies whether credentials are included in the CORS request. Supported only for HTTP APIs. - -`cors_configuration.allow_headers` -: Specifies whether credentials are included in the CORS request. Supported only for HTTP APIs. - -`cors_configuration.allow_methods` -: Represents a collection of allowed HTTP methods. Supported only for HTTP APIs. - -`cors_configuration.allow_origins` -: Represents a collection of allowed origins. Supported only for HTTP APIs. - -`cors_configuration.expose_headers` -: Represents a collection of exposed headers. Supported only for HTTP APIs. - -`cors_configuration.max_age` -: The number of seconds that the browser should cache preflight request results. Supported only for HTTP APIs. - -`created_date` -: The timestamp when the API is created. - -`description` -: The description of the API. - -`disable_schema_validation` -: Avoid validating models when creating a deployment. Supported only for WebSocket APIs. - -`disable_execute_api_endpoint` -: Specifies whether clients can invoke your API using the default execute-api endpoint. By default, clients can invoke your API with the default `https://{api_id}.execute-api.{region}.amazonaws.com` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. - -`import_info` -: The validation information during API import. Supported only for HTTP APIs. - -`name` -: The name of the API. - -`protocol_type` -: The API protocol. Valid values are WEBSOCKET or HTTP. - -`route_selection_expression` -: The route selection expression for the API. For HTTP APIs, the `routeSelectionExpression` must be `${request.method} ${request.path}`. If not provided, this defaults for HTTP APIs. This property is required for WebSocket APIs. - -`tags` -: A collection of tags associated with the API. - -`version` -: A version identifier for the API. - -`warnings` -: The warning messages are reported when `failonwarnings` is turned on during API import. The `failonwarnings` specifies to roll back the API creation when a warning is encountered. By default, API creation continues if a warning is encountered. - -## Examples - -### Test to ensure an API ID is available - -```ruby -describe aws_api_gateway_v2_api(api_id: 'REST_API_ID') do - its('api_id') { should eq 'REST_API_ID' } -end -``` - -### Test to ensure an API name is available - -```ruby -describe aws_api_gateway_v2_api(api_id: 'REST_API_ID') do - its('name') { should eq 'REST_API_NAME' } -end -``` - -### Test to ensure a protocol type is `HTTP` - -```ruby -describe aws_api_gateway_v2_api(api_id: 'REST_API_ID') do - its('protocol_type') { should eq 'HTTP' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_api(api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_api(api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetApiResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api_mapping.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api_mapping.md deleted file mode 100644 index 9e01c98240..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api_mapping.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_api_gateway_v2_api_mapping resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_api_mapping" -identifier = "inspec/resources/aws/aws_api_gateway_v2_api_mapping resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_api_mapping` InSpec audit resource to test the properties of a specific AWS API Gateway V2 API mapping. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 ApiMapping](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-apimapping.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an API mapping exists. - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -## Parameters - -`api_mapping_id` _(required)_ -: The API mapping identifier. - -`domain_name` _(required)_ -: The domain name. - -## Properties - -`api_id` -: The API identifier. - -`api_mapping_id` -: The API mapping identifier. - -`api_mapping_key` -: The API mapping key. - -`stage` -: The API stage. - -## Examples - -### Test to ensure an API ID is available - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - its('api_id') { should eq 'REST_API_ID' } -end -``` - -### Test to ensure an API mapping ID is available - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - its('api_mapping_id') { should eq 'API_MAPPING_ID' } -end -``` - -### Test to ensure an API mapping key is available - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - its('api_mapping_key') { should eq 'API_MAPPING_KEY' } -end -``` - -### Test to ensure an API mapping stage is available - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - its('stage') { should eq 'API_STAGE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_api_mapping(api_mapping_id: 'API_MAPPING_ID', domain_name: 'DOMAIN_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetApiMappingResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api_mappings.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api_mappings.md deleted file mode 100644 index c0d25f54a4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_api_mappings.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_api_gateway_v2_api_mappings Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_api_mappings" -identifier = "inspec/resources/aws/aws_api_gateway_v2_api_mappings Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_api_mappings` InSpec audit resource to test the properties of multiple AWS API Gateway V2 API mappings. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 ApiMapping](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-apimapping.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure the API mappings exist. - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ -: The domain name. - -## Properties - -`api_ids` -: The API identifier. - -: **Field**: `api_id` - -`api_mapping_ids` -: The API mapping identifier. - -: **Field**: `api_mapping_id` - -`api_mapping_keys` -: The API mapping key. - -: **Field**: `api_mapping_key` - -`stages` -: The API stage. - -: **Field**: `stage` - -## Examples - -### Test to ensure an API ID is available - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - its('api_ids') { should include 'REST_API_ID' } -end -``` - -### Test to ensure an API mapping ID is available - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - its('api_mapping_ids') { should include 'API_MAPPING_ID' } -end -``` - -### Test to ensure an API mapping key is available - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - its('api_mapping_keys') { should include 'API_MAPPING_KEY' } -end -``` - -### Test to ensure an API mapping stage is available - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - its('stages') { should include 'API_STAGE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_api_mappings(domain_name: 'DOMAIN_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetApiMappingsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_apis.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_apis.md deleted file mode 100644 index 1eca500e3c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_apis.md +++ /dev/null @@ -1,169 +0,0 @@ -+++ -title = "aws_api_gateway_v2_apis Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_apis" -identifier = "inspec/resources/aws/aws_api_gateway_v2_apis Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_apis` InSpec audit resource to test properties of multiple AWS API Gateway V2 APIs. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 API](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure the API exists. - -```ruby -describe aws_api_gateway_v2_apis do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`api_endpoints` -: The URI of the API, of the form `{api-id}.execute-api.{region}.amazonaws.com`. The stage name is typically appended to this URI to form a complete path to a deployed API stage. - -: **Field**: `api_endpoint` - -`api_gateway_managed` -: Specifies whether an API is managed by API Gateway. You cannot update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it. - -: **Field**: `api_gateway_managed` - -`api_ids` -: The API ID. - -: **Field**: `api_id` - -`api_key_selection_expressions` -: An API key selection expression. Supported only for WebSocket APIs. - -: **Field**: `api_key_selection_expression` - -`cors_configurations` -: A CORS configuration. Supported only for HTTP APIs. - -: **Field**: `cors_configuration` - -`created_dates` -: The timestamp when the API is created. - -: **Field**: `created_date` - -`descriptions` -: The description of the API. - -: **Field**: `description` - -`disable_schema_validations` -: Avoid validating models when creating a deployment. Supported only for WebSocket APIs. - -: **Field**: `disable_schema_validation` - -`disable_execute_api_endpoints` -: Specifies whether clients can invoke your API using the default execute-api endpoint. By default, clients can invoke your API with the default `https://{api_id}.execute-api.{region}.amazonaws.com` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. - -: **Field**: `disable_execute_api_endpoint` - -`import_infos` -: The validation information during API import. Supported only for HTTP APIs. - -: **Field**: `import_info` - -`names` -: The name of the API. - -: **Field**: `name` - -`protocol_types` -: The API protocol. Valid values are WEBSOCKET or HTTP. - -: **Field**: `protocol_type` - -`route_selection_expressions` -: The route selection expression for the API. For HTTP APIs, the `routeSelectionExpression` must be `${request.method} ${request.path}`. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs. - -: **Field**: `route_selection_expression` - -`tags` -: A collection of tags associated with the API. - -: **Field**: `tags` - -`versions` -: A version identifier for the API. - -: **Field**: `version` - -`warnings` -: The warning messages are reported when `failonwarnings` is turned on during API import. The `failonwarnings` specifies to roll back the API creation when a warning is encountered. By default, API creation continues if a warning is encountered. - -: **Field**: `warnings` - -## Examples - -### Test to ensure an API ID is available - -```ruby -describe aws_api_gateway_v2_apis do - its('api_ids') { should include 'REST_API_ID' } -end -``` - -### Test to ensure an API name is available - -```ruby -describe aws_api_gateway_v2_apis do - its('names') { should include 'REST_API_NAME' } -end -``` - -### Test to ensure a protocol type is `HTTP` - -```ruby -describe aws_api_gateway_v2_apis do - its('protocol_types') { should include 'HTTP' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_apis do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_apis do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetApisResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_authorizer.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_authorizer.md deleted file mode 100644 index ca73c14cd2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_authorizer.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_api_gateway_v2_authorizer resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_authorizer" -identifier = "inspec/resources/aws/aws_api_gateway_v2_authorizer resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_authorizer` InSpec audit resource to test the properties of a single specific AWS API Gateway V2 authorizer. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Authorizer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the authorizer exists. - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`authorizer_id` _(required)_ -: The authorizer identifier. - -## Properties - -`authorizer_credentials_arn` -: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. - -`authorizer_id` -: The authorizer identifier. - -`authorizer_result_ttl_in_seconds` -: The time to live (TTL) for cached authorizer results in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is **3600**, or **1 hour**. Supported only for HTTP API Lambda authorizers. - -`authorizer_type` -: The authorizer type. Specify `REQUEST` for a Lambda function using incoming request parameters. Specify `JWT` to use JSON Web Tokens (supported only for HTTP APIs). - -`authorizer_uri` -: The authorizer's Uniform Resource Identifier (URI). - -`identity_source` -: The identity source for which authorization is requested. - -`identity_validation_expression` -: The validation expression does not apply to the `REQUEST` authorizer. - -`jwt_configuration` -: Represents the configuration of a JWT authorizer. Required for the `JWT` authorizer type. Supported only for HTTP APIs. - -`jwt_configuration.audience` -: A list of the intended recipients of the `JWT`. A valid JWT must provide an `aud` that matches at least one entry in this list. Supported only for HTTP APIs. - -`jwt_configuration.issuer` -: The base domain of the identity provider that issues JSON Web Tokens. - -`name` -: The name of the authorizer. - -`authorizer_payload_format_version` -: Specifies the payload format sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are **1.0** and **2.0**. - -`enable_simple_responses` -: Specifies whether a Lambda authorizer returns a response in a simple format. - -## Examples - -### Test to ensure an authorizer ID is available - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('authorizer_id') { should eq 'AUTHORIZER_ID' } -end -``` - -### Verify the authorizer result - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('authorizer_result_ttl_in_seconds') { should eq 15 } -end -``` - -### Verify the authorizer type - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('authorizer_type') { should eq 'JWT' } -end -``` - -### Verify the authorizer's name - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('name') { should eq 'AUTHORIZER_NAME' } -end -``` - -### Verify the simple responses enabling status - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('enable_simple_responses') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_authorizer(api_id: 'API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetAuthorizerResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_authorizers.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_authorizers.md deleted file mode 100644 index 0aa6378a8e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_authorizers.md +++ /dev/null @@ -1,171 +0,0 @@ -+++ -title = "aws_api_gateway_v2_authorizers Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_authorizers" -identifier = "inspec/resources/aws/aws_api_gateway_v2_authorizers Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_authorizers` InSpec audit resource to test the properties of multiple AWS API Gateway V2 authorizers. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Authorizer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure the authorizers exist. - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -## Properties - -`authorizer_credentials_arns` -: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. - -: **Field**: `authorizer_credentials_arn` - -`authorizer_ids` -: The authorizer identifier. - -: **Field**: `authorizer_id` - -`authorizer_result_ttl_in_seconds` -: The time to live (TTL) for cached authorizer results in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is **3600**, or **1 hour**. Supported only for HTTP API Lambda authorizers. - -: **Field**: `authorizer_result_ttl_in_seconds` - -`authorizer_types` -: The authorizer type. Specify `REQUEST` for a Lambda function using incoming request parameters. Specify `JWT` to use JSON Web Tokens (supported only for HTTP APIs). - -: **Field**: `authorizer_type` - -`authorizer_uris` -: The authorizer's Uniform Resource Identifier (URI). - -: **Field**: `authorizer_uri` - -`identity_sources` -: The identity source for which authorization is requested. - -: **Field**: `identity_source` - -`identity_validation_expressions` -: The validation expression does not apply to the REQUEST authorizer. - -: **Field**: `identity_validation_expression` - -`jwt_configurations` -: Represents the configuration of a JWT authorizer. Required for the `JWT` authorizer type. Supported only for HTTP APIs. - -: **Field**: `jwt_configuration` - -`names` -: The name of the authorizer. - -: **Field**: `name` - -`authorizer_payload_format_versions` -: Specifies the payload format sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are **1.0** and **2.0**. - -: **Field**: `authorizer_payload_format_version` - -`enable_simple_responses` -: Specifies whether a Lambda authorizer returns a response in a simple format. - -: **Field**: `enable_simple_responses` - -## Examples - -### Check the number of authorizers in an API - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - its('count') { should eq 4 } -end -``` - -### Test to ensure an authorizer ID is available - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - its('authorizer_ids') { should include 'AUTHORIZER_ID' } -end -``` - -### Verify the authorizer result - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - its('authorizer_result_ttl_in_seconds') { should include 15 } -end -``` - -### Verify the authorizer type - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - its('authorizer_types') { should include 'JWT' } -end -``` - -### Verify the authorizer's name - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - its('names') { should include 'AUTHORIZER_NAME' } -end -``` - -### Verify the simple responses enabling status - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - its('enable_simple_responses') { should include true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_authorizers(api_id: 'API_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetAuthorizersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_deployment.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_deployment.md deleted file mode 100644 index 4dfda81b64..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_deployment.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_api_gateway_v2_deployment resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_deployment" -identifier = "inspec/resources/aws/aws_api_gateway_v2_deployment resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_deployment` InSpec audit resource to test the properties of a specific AWS API Gateway V2 deployment. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Deployment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-deployment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the deployment exists. - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`deployment_id` _(required)_ -: The identifier for the deployment. - -## Properties - -`auto_deployed` -: Specifies whether the deployment was automatically released. - -`created_date` -: The date and time when the deployment resource was created. - -`deployment_id` -: The identifier for the deployment. - -`deployment_status` -: The status of the deployment. The valid values are `PENDING`, `FAILED`, or `SUCCEEDED`. - -`deployment_status_message` -: May contain additional feedback on the status of an API deployment. - -`description` -: The description for the deployment. - -## Examples - -### Test to ensure a deployment ID is available - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - its('deployment_id') { should eq 'DEPLOYMENT_ID' } -end -``` - -### Test to verify the deployment status - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - its('deployment_status') { should eq 'DEPLOYED' } -end -``` - -### Test to ensure an authorizer type is `JWT` for a deployment - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - its('authorizer_type') { should eq 'JWT' } -end -``` - -### Test to ensure a description is available - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - its('description') { should eq 'DEPLOYMENT_DESCRIPTION' } -end -``` - -### Test to ensure an auto-deployment is enabled for a deployment - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - its('auto_deployed') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should exist } -end -``` - -### not exists - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_deployment(api_id: 'APP_ID', deployment_id: 'DEPLOYMENT_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetDeploymentResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_deployments.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_deployments.md deleted file mode 100644 index baff07ee90..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_deployments.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_api_gateway_v2_deployments Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_deployments" -identifier = "inspec/resources/aws/aws_api_gateway_v2_deployments Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_deployments` InSpec audit resource to test properties of multiple AWS API Gateway V2 deployments. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Deployment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-deployment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the deployment exists. - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ - -: The API identifier. - -## Properties - -`auto_deployeds` -: Specifies whether the deployment was automatically released. - -: **Field**: `auto_deployed` - -`created_dates` -: The date and time when the Deployment resource was created. - -: **Field**: `created_date` - -`deployment_ids` -: The identifier for the deployment. - -: **Field**: `deployment_id` - -`deployment_statuses` -: The status of the deployment: PENDING, FAILED, or SUCCEEDED. - -: **Field**: `deployment_status` - -`deployment_status_messages` -: May contain additional feedback on the status of an API deployment. - -: **Field**: `deployment_status_message` - -`descriptions` -: The description for the deployment. - -: **Field**: `description` - -## Examples - -### Test to ensure a deployment ID is available - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - its('deployment_ids') { should include 'DEPLOYMENT_ID' } -end -``` - -### Test to verify the deployment status - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - its('deployment_statuses') { should include 'DEPLOYED' } -end -``` - -### Test to ensure an authorizer type has `JWT` - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - its('authorizer_types') { should include 'JWT' } -end -``` - -### Test to ensure a description is available - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - its('descriptions') { should include 'DEPLOYMENT_DESCRIPTION' } -end -``` - -### Test to ensure an auto-deployment is enabled for a deployment - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - its('auto_deployeds') { should include true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - it { should exist } -end -``` - -### not exists - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_deployments(api_id: 'APP_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetDeploymentsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_domain_name.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_domain_name.md deleted file mode 100644 index 8995062576..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_domain_name.md +++ /dev/null @@ -1,164 +0,0 @@ -+++ -title = "aws_api_gateway_v2_domain_name resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_domain_name" -identifier = "inspec/resources/aws/aws_api_gateway_v2_domain_name resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_domain_name` InSpec audit resource to test the properties of a specific AWS API Gateway V2 domain name. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the domain name exists. - -```ruby -describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ -: The domain name. - -## Properties - -`api_mapping_selection_expression` -: The API mapping selection expression. - -: **Field**: `api_mapping_selection_expression` - -`domain_name` -: A domain name for the API. - -: **Field**: `domain_name` - -`api_gateway_domain_names` -: A domain name for the API. - -: **Field**: `domain_name_status_messages[0].api_gateway_domain_name` - -`certificate_arns` -: An AWS-managed certificate is used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. - -: **Field**: `domain_name_status_messages[0].certificate_arn` - -`certificate_names` -: The user-friendly name of the certificate used by the edge-optimized endpoint for this domain name. - -: **Field**: `domain_name_status_messages[0].certificate_name` - -`certificate_upload_dates` -: The timestamp when the certificate has been used by the edge-optimized endpoint for this domain name when uploaded. - -: **Field**: `domain_name_status_messages[0].certificate_upload_date` - -`domain_name_statuses` -: The status of the domain name migration. The valid values are `AVAILABLE`, `UPDATING`, `PENDING_CERTIFICATE_REIMPORT`, and `PENDING_OWNERSHIP_VERIFICATION`. - -: **Field**: `domain_name_status_messages[0].domain_name_status` - -`domain_name_status_messages` -: An optional text message containing detailed information about the domain name migration status. - -: **Field**: `domain_name_status_messages[0].domain_name_status_message` - -`endpoint_types` -: The endpoint type. - -: **Field**: `domain_name_status_messages[0].endpoint_type` - -`hosted_zone_ids` -: The Amazon Route 53 Hosted Zone ID of the endpoint. - -: **Field**: `domain_name_status_messages[0].hosted_zone_id` - -`security_policies` -: The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are `TLS_1_0` and `TLS_1_2`. - -: **Field**: `domain_name_status_messages[0].security_policy` - -`ownership_verification_certificate_arns` -: The ARN of the public certificate issued by ACM to validate ownership of the custom domain. - -: **Field**: `domain_name_status_messages[0].ownership_verification_certificate_arn` - -`truststore_uri` -: An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. - -: **Field**: `mutual_tls_authentication.truststore_uri` - -`truststore_version` -: The version of the S3 object that contains the truststore. - -: **Field**: `mutual_tls_authentication.truststore_version` - -`truststore_warnings` -: A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. - -: **Field**: `mutual_tls_authentication.truststore_warnings` - -`tags` -: The collection of tags associated with a domain name. - -: **Field**: `tags` - -## Examples - -### Test to ensure the domain name is available - -```ruby -describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do - its('domain_name') { should eq 'DOMAIN_NAME' } -end -``` - -### Test to verify the domain status - -```ruby -describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do - its('domain_name_configurations[0].domain_name_status') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetDomainNameResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_domain_names.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_domain_names.md deleted file mode 100644 index d3a262a794..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_domain_names.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_api_gateway_v2_domain_names Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_domain_names" -identifier = "inspec/resources/aws/aws_api_gateway_v2_domain_names Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_domain_names` InSpec audit resource to test properties of multiple AWS API Gateway V2 domain names. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the domain name exists. - -```ruby -describe aws_api_gateway_v2_domain_names do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`authorizer_credentials_arns` -: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. - -: **Field**: `authorizer_credentials_arn` - -`api_mapping_selection_expressions` -: The API mapping selection expression. - -: **Field**: `api_mapping_selection_expression` - -`domain_names` -: A domain name for the API. - -: **Field**: `domain_name` - -`domain_name_configurations` -: The configuration of the domain name. - -: **Field**: `domain_name_configurations` - -`mutual_tls_authentications` -: This is TLS authentication. - -: **Field**: `mutual_tls_authentication` - -`tags` -: The collection of tags associated with a domain name. - -: **Field**: `tags` - -## Examples - -### Test to ensure a domain name is available - -```ruby -describe aws_api_gateway_v2_domain_names do - its('domain_names') { should eq 'DOMAIN_NAME' } -end -``` - -### Test to verify if domain configurations are set - -```ruby -describe aws_api_gateway_v2_domain_names do - its('domain_name_configurations') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_domain_names do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_domain_names do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetDomainNamesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration.md deleted file mode 100644 index 0b312fd31b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration.md +++ /dev/null @@ -1,182 +0,0 @@ -+++ -title = "aws_api_gateway_v2_integration resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_integration" -identifier = "inspec/resources/aws/aws_api_gateway_v2_integration resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_integration` InSpec audit resource to test the properties of a specific AWS API Gateway V2 integration. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Integration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the integration exists. - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`integration_id` _(required)_ -: The integration ID. - -## Properties - -`api_gateway_managed` -: Specifies whether API Gateway manages integration. - -`connection_id` -: The VPC link ID for a private integration. Supported only for HTTP APIs. - -`connection_type` -: The network connection type to the integration endpoint. Specify `INTERNET` for connections through the public routable internet or `VPC_LINK` for private connections between API Gateway and resources in a VPC. The default value is `INTERNET`. - -`content_handling_strategy` -: Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`, with the following behaviors: - -- `CONVERT_TO_BINARY`: Converts a response payload from a Base64-encoded string to the corresponding binary blob. -- `CONVERT_TO_TEXT`: Converts a response payload from a binary blob to a Base64-encoded string. - -If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. - -`credentials_arn` -: Specifies the credentials required for the integration, if any. - -`description` -: The description of an integration. - -`integration_id` -: The identifier of an integration. - -`integration_method` -: Specifies the integration's HTTP method type. - -`integration_response_selection_expression` -: The integration response selection expression for the integration. Supported only for WebSocket APIs. - -`integration_subtype` -: Supported only for HTTP API `AWS_PROXY` integrations. Specifies the AWS service action to invoke. - -`integration_type` -: The integration type. One of the following: - -- `AWS`: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs. -- `AWS_PROXY`: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration. -- `HTTP`: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs. -- `HTTP_PROXY`: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as `HTTP proxy` integration. -- `MOCK`: for integrating the route or method request with API Gateway as a **loopback** endpoint without invoking any backend. Supported only for WebSocket APIs. - -`integration_uri` -: For a Lambda integration, specify the URI of a Lambda function. - -For an HTTP integration, specify a fully-qualified URL. - -For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses `DiscoverInstances` to identify resources. You can use query parameters to target specific resources. - -`passthrough_behavior` -: Specifies the pass-through behavior for incoming requests based on the `Content-Type` header in the request, and the available mapping templates specified as the `requestTemplates` property on the `Integration` resource. There are three valid values: `WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, and `NEVER`. Supported only for WebSocket APIs. - -- `WHEN_NO_MATCH` passes the request body for unmapped content types to the integration backend without transformation. -- `NEVER` rejects unmapped content types with an `HTTP 415 Unsupported Media Type` response. -- `WHEN_NO_TEMPLATES` allows pass-through when the integration has no content types mapped to templates. However, if at least one content type defined, unmapped content types will be rejected with the same `HTTP 415 Unsupported Media Type` response. - -`payload_format_version` -: Specifies the format of the payload sent to an integration. Required for HTTP APIs. For HTTP APIs, supported values for Lambda proxy integrations are `1.0` and `2.0`. For all other integrations, `1.0` is the only supported value. - -`request_parameters` -: For WebSocket APIs, a key-value map specifies request parameters passed from the method request to the backend. The key is an integration request parameter name. The associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of `method.request.{location}.{name}`, where `{location}` is **query string, path, or header**; and `{name}` must be a valid and unique method request parameter name. - -`response_parameters` -: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern `:
.` or `overwrite.statuscode`. The action can be `append`, `overwrite` or `remove`. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. - -`request_templates` -: Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs. - -`template_selection_expression` -: The template selection expression for the integration. Supported only for WebSocket APIs. - -`timeout_in_millis` -: Custom timeout between **50** and **29,000 milliseconds** for WebSocket APIs and between **50** and **30,000 milliseconds** for HTTP APIs. The default timeout is **29 seconds** for WebSocket APIs and **30 seconds** for HTTP APIs. - -`tls_config.server_name_to_verify` -: The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs. If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting. - -## Examples - -### Test to ensure an integration ID is available - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('integration_id') { should eq 'INTEGRATION_ID' } -end -``` - -### Verify the connection type - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('connection_type') { should eq 'INTERNET' } -end -``` - -### Verify the integration type - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('integration_type') { should eq 'AWS' } -end -``` - -### Verify the pass-through behavior - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('passthrough_behavior') { should eq 'NEVER' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_integration(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetIntegrationResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration_response.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration_response.md deleted file mode 100644 index ca0ce58a7a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration_response.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_api_gateway_v2_integration_response resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_integration_response" -identifier = "inspec/resources/aws/aws_api_gateway_v2_integration_response resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_integration_response` InSpec audit resource to test the properties of a specific AWS API Gateway V2 integration response. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 IntegrationResponse](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integrationresponse.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the integration response exists. - -```ruby -describe aws_api_gateway_v2_integration_response(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID', integration_response_id: 'INTEGRATION_RESPONSE_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`integration_id` _(required)_ -: The integration ID. - -`integration_response_id` _(required)_ -: The integration response ID. - -## Properties - -`content_handling_strategy` -: Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`, with the following behaviors: - -- **CONVERT_TO_BINARY**: Converts a response payload from a Base64-encoded string to the corresponding binary blob. -- **CONVERT_TO_TEXT**: Converts a response payload from a binary blob to a Base64-encoded string. - -If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. - -`integration_response_id` -: The integration response ID. - -`integration_response_key` -: The integration response key. - -`response_parameters` -: A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name. The mapped value is an integration response header value, a static value enclosed within a pair of single quotes or a JSON expression from the integration response body. The mapping key must match the pattern of `method.response.header.{name}`, where **name** is a valid and unique header name. The mapped non-static value must match the pattern of `integration.response.header.{name}` or `integration.response.body.{JSON-expression}`, where the name is a valid and unique response header name and JSON-expression is a valid JSON expression without the `$` prefix. - -`response_templates` -: The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key or value map, with a content type as the key and a template as the value. - -`template_selection_expression` -: The template selection expressions for the integration response. Supported only for WebSocket APIs. - -## Examples - -### Test to ensure that an integration response ID is available - -```ruby -describe aws_api_gateway_v2_integration_response(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID', integration_response_id: 'INTEGRATION_RESPONSE_ID') do - its('integration_response_id') { should eq 'INTEGRATION_RESPONSE_ID' } -end -``` - -### Test to verify the integration response key - -```ruby -describe aws_api_gateway_v2_integration_response(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID', integration_response_id: 'INTEGRATION_RESPONSE_ID') do - its('integration_response_key') { should eq 'INTEGRATION_RESPONSE_KEY' } -end -``` - -### Test to verify the content handling strategy - -```ruby -describe aws_api_gateway_v2_integration_response(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID', integration_response_id: 'INTEGRATION_RESPONSE_ID') do - its('content_handling_strategy') { should eq 'CONVERT_TO_BINARY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least a result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_integration_response(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID', integration_response_id: 'INTEGRATION_RESPONSE_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_integration_response(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID', integration_response_id: 'INTEGRATION_RESPONSE_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetIntegrationResponseResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration_responses.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration_responses.md deleted file mode 100644 index 9721b841e1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integration_responses.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_api_gateway_v2_integration_responses Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_integration_responses" -identifier = "inspec/resources/aws/aws_api_gateway_v2_integration_responses Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_integration_responses` InSpec audit resource to test properties of multiple AWS API Gateway V2 integration responses. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 IntegrationResponse](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integrationresponse.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the integration response exists. - -```ruby -describe aws_api_gateway_v2_integration_responses(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`route_id` _(required)_ -: The route identifier. - -## Properties - -`content_handling_strategies` -: Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`, with the following behaviors: - -- **CONVERT_TO_BINARY**: Converts a response payload from a Base64-encoded string to the corresponding binary blob. -- **CONVERT_TO_TEXT**: Converts a response payload from a binary blob to a Base64-encoded string. - -If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. - -: **Field**: `content_handling_strategy` - -`integration_response_ids` -: The integration response ID. - -: **Field**: `integration_response_id` - -`integration_response_keys` -: The integration response key. - -: **Field**: `integration_response_key` - -`response_parameters` -: A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name. The mapped value is an integration response header value, a static value enclosed within a pair of single quotes or a JSON expression from the integration response body. The mapping key must match the pattern of `method.response.header.{name}`, where **name** is a valid and unique header name. The mapped non-static value must match the pattern of `integration.response.header.{name}` or `integration.response.body.{JSON-expression}`, where the name is a valid and unique response header name and JSON-expression is a valid JSON expression without the `$` prefix. - -: **Field**: `response_parameters` - -`response_templates` -: The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key or value map, with a content type as the key and a template as the value. - -: **Field**: `response_templates` - -`template_selection_expressions` -: The template selection expressions for the integration response. Supported only for WebSocket APIs. - -: **Field**: `template_selection_expression` - -## Examples - -### Test to ensure an integration response ID is available - -```ruby -describe aws_api_gateway_v2_integration_responses(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('integration_response_ids') { should include 'INTEGRATION_RESPONSE_ID' } -end -``` - -### Test to verify the integration response key - -```ruby -describe aws_api_gateway_v2_integration_responses(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('integration_response_keys') { should include 'INTEGRATION_RESPONSE_KEY' } -end -``` - -### Test to verify the content handling strategy - -```ruby -describe aws_api_gateway_v2_integration_responses(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - its('content_handling_strategy') { should include 'CONVERT_TO_BINARY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least a result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_integration_responses(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_integration_responses(api_id: 'APP_ID', integration_id: 'INTEGRATION_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetIntegrationResponsesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integrations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integrations.md deleted file mode 100644 index a726178f2e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_integrations.md +++ /dev/null @@ -1,219 +0,0 @@ -+++ -title = "aws_api_gateway_v2_integrations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_integrations" -identifier = "inspec/resources/aws/aws_api_gateway_v2_integrations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_integrations` InSpec audit resource to test properties of multiple AWS API Gateway V2 integrations. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Integration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the integration exists. - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -## Properties - -`api_gateway_manageds` -: Specifies whether API Gateway manages integration. - -: **Field**: `api_gateway_managed` - -`connection_ids` -: The VPC link ID for a private integration. Supported only for HTTP APIs. - -: **Field**: `connection_id` - -`connection_types` -: The network connection type to the integration endpoint. Specify `INTERNET` for connections through the public routable internet or `VPC_LINK` for private connections between API Gateway and resources in a VPC. The default value is `INTERNET`. - -: **Field**: `connection_type` - -`content_handling_strategies` -: Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`, with the following behaviors: - -- `CONVERT_TO_BINARY`: Converts a response payload from a Base64-encoded string to the corresponding binary blob. -- `CONVERT_TO_TEXT`: Converts a response payload from a binary blob to a Base64-encoded string. - -If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. - -: **Field**: `content_handling_strategy` - -`credentials_arns` -: Specifies the credentials required for the integration, if any. - -: **Field**: `credentials_arn` - -`descriptions` -: Represents the description of an integration. - -: **Field**: `description` - -`integration_ids` -: Represents the identifier of an integration. - -: **Field**: `integration_id` - -`integration_methods` -: Specifies the integration's HTTP method type. - -: **Field**: `integration_method` - -`integration_response_selection_expressions` -: The integration response selection expression for the integration. Supported only for WebSocket APIs. - -: **Field**: `integration_response_selection_expression` - -`integration_subtypes` -: Supported only for `HTTP API AWS_PROXY integrations`. Specifies the AWS service action to invoke. - -: **Field**: `integration_subtype` - -`integration_types` -: The integration type. One of the following: - -- `AWS`: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs. -- `AWS_PROXY`: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration. -`HTTP`: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs. -`HTTP_PROXY`: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. -`MOCK`: for integrating the route or method request with API Gateway as a **loopback** endpoint without invoking any backend. Supported only for WebSocket APIs. - -: **Field**: `integration_type` - -`integration_uris` -: For a Lambda integration, specify the URI of a Lambda function. - -For an HTTP integration, specify a fully-qualified URL. - -For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses `DiscoverInstances` to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account. - -: **Field**: `integration_uri` - -`passthrough_behaviors` -: Specifies the pass-through behavior for incoming requests based on the `Content-Type` header in the request and the available mapping templates specified as the `requestTemplates` property on the `Integration` resource. There are three valid values: `WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, and `NEVER`. Supported only for WebSocket APIs. - -- `WHEN_NO_MATCH` passes the request body for unmapped content types to the integration backend without transformation. -- `NEVER` rejects unmapped content types with an `HTTP 415 Unsupported Media Type` response. -- `WHEN_NO_TEMPLATES` allows pass-through when the integration has no content types mapped to templates. However, if at least one content type defined, unmapped content types will be rejected with the same `HTTP 415 Unsupported Media Type` response. - -: **Field**: `passthrough_behavior` - -`payload_format_versions` -: Specifies the format of the payload sent to an integration. Required for HTTP APIs. - -: **Field**: `payload_format_version` - -`request_parameters` -: For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name. The associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of `method.request.{location}.{name}`, where `{location}` is **query string, path, or header**; and `{name}` must be a valid and unique method request parameter name. - -: **Field**: `request_parameters` - -`response_parameters` -: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern `:
.` or `overwrite.statuscode`. The action can be `append`, `overwrite` or `remove`. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. - -: **Field**: `response_parameters` - -`request_templates` -: Represents a map of Velocity templates applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs. - -: **Field**: `request_templates` - -`template_selection_expressions` -: The template selection expression for the integration. Supported only for WebSocket APIs. - -: **Field**: `template_selection_expression` - -`timeout_in_millis` -: Custom timeout between **50** and **29,000** milliseconds for WebSocket APIs and between **50** and **30,000** milliseconds for HTTP APIs. The default timeout is **29 seconds** for WebSocket APIs and **30 seconds** for HTTP APIs. - -: **Field**: `timeout_in_millis` - -`tls_configs` -: The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs. - -: **Field**: `tls_config` - -## Examples - -### Test to ensure an integration ID is available - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - its('integration_ids') { should include 'INTEGRATION_ID' } -end -``` - -### Test to verify the connection type - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - its('connection_types') { should include 'INTERNET' } -end -``` - -### Test to verify the integration type - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - its('integration_types') { should include 'AWS' } -end -``` - -### Test to Verify the pass-through behavior - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - its('passthrough_behaviors') { should include 'NEVER' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - it { should exist } -end -``` - -### not exists - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_integrations(api_id: 'APP_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetIntegrationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_model.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_model.md deleted file mode 100644 index 0015502e8d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_model.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_api_gateway_v2_model resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_model" -identifier = "inspec/resources/aws/aws_api_gateway_v2_model resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_model` InSpec audit resource to test the properties of a specific AWS API Gateway V2 model. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Model](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-model.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the model exists. - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`model_id` _(required)_ -: The model identifier. - -## Properties - -`content_type` -: The content-type for the model, for example, **application/json**. - -`description` -: The description of the model. - -`model_id` -: The model identifier. - -`name` -: The name of the model. Must be alphanumeric. - -`schema` -: The schema for the model. For application/json models, this should be JSON schema draft 4 model. - -## Examples - -### Test to ensure a model ID is available - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - its('model_id') { should eq 'MODEL_ID' } -end -``` - -### Test to verify the model name - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - its('name') { should eq 'MODEL_NAME' } -end -``` - -### Test to verify the model description - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - its('description') { should eq 'MODEL_DESCRIPTION' } -end -``` - -### Test to verify the model content type - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - its('content_type') { should eq 'application/json' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_model(api_id: 'APP_ID', model_id: 'MODEL_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetModelResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_models.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_models.md deleted file mode 100644 index b84b760303..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_models.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_api_gateway_v2_models Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_models" -identifier = "inspec/resources/aws/aws_api_gateway_v2_models Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_models` InSpec audit resource to test the properties of multiple AWS API Gateway V2 models. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Model](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-model.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the model exists. - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -## Properties - -`content_types` -: The content-type for the model, for example, **application/json**. - -: **Field**: `content_type` - -`descriptions` -: The description of the model. - -: **Field**: `description` - -`model_ids` -: The model identifier. - -: **Field**: `model_id` - -`names` -: The name of the model. Must be alphanumeric. - -: **Field**: `name` - -`schemas` -: The schema for the model. For application/json models, this should be JSON schema draft 4 model. - -: **Field**: `schema` - -## Examples - -### Test to ensure a model ID is available - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - its('model_ids') { should include 'MODEL_ID' } -end -``` - -### Test to verify the model name - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - its('names') { should include 'MODEL_NAME' } -end -``` - -### Test to verify the model description - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - its('descriptions') { should include 'MODEL_DESCRIPTION' } -end -``` - -### Test to verify the model content type is 'application/json' - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - its('content_types') { should include 'application/json' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_models(api_id: 'APP_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetModelsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_route.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_route.md deleted file mode 100644 index d4bbd9aa4f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_route.md +++ /dev/null @@ -1,158 +0,0 @@ -+++ -title = "aws_api_gateway_v2_route resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_route" -identifier = "inspec/resources/aws/aws_api_gateway_v2_route resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_route` InSpec audit resource to test the properties of a specific AWS API Gateway V2 Route. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Route](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-route.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the route exists. - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -`route_id` _(required)_ -: The route identifier. - -## Properties - -`api_gateway_managed` -: Specifies whether a route is managed by API Gateway. If you created an API using quick create, the `$default` route is managed by API Gateway. You cannot modify the `$default` route key. - -`api_key_required` -: Specifies whether an API key is required for this route. Supported only for WebSocket APIs. - -`authorization_scopes` -: A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes. - -`authorization_type` -: The authorization type for the route. For WebSocket APIs, valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer. For HTTP APIs, valid values are `NONE` for open access, `JWT` for using JSON Web Tokens, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer. - -`authorizer_id` -: The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer. - -`model_selection_expression` -: The model selection expression for the route. Supported only for WebSocket APIs. - -`operation_name` -: The operation name for the route. - -`request_models` -: The request models for the route. Supported only for WebSocket APIs. - -`request_parameters` -: The request parameters for the route. Supported only for WebSocket APIs. - -`route_id` -: The route ID. - -`route_key` -: The route key for the route. - -`route_response_selection_expression` -: The route response selection expression for the route. Supported only for WebSocket APIs. - -`target` -: The target for the route. - -## Examples - -### Test to ensure an authorizer ID is available - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - its('authorizer_id') { should eq 'AUTHORIZER_ID' } -end -``` - -### Test to verify the requirement of the API key - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - its('api_key_required') { should eq true } -end -``` - -### Test to verify the authorization type - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - its('authorization_type') { should eq 'JWT' } -end -``` - -### Test to verify the operation name - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - its('operation_name') { should eq 'OPERATION_NAME' } -end -``` - -### Test to ensure a route key is available - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - its('route_key') { should eq 'ROUTE_KEY' } -end -``` - -### Test to verify the target - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - its('target') { should eq 'ROUTE_TARGET' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_route(api_id: 'APP_ID', route_id: 'ROUTE_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetRouteResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_routes.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_routes.md deleted file mode 100644 index a7ad9b823e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_v2_routes.md +++ /dev/null @@ -1,165 +0,0 @@ -+++ -title = "aws_api_gateway_v2_routes Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_v2_routes" -identifier = "inspec/resources/aws/aws_api_gateway_v2_routes Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_v2_routes` InSpec audit resource to test the properties of multiple AWS API Gateway V2 Routes. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGatewayV2 Route](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-route.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the route exists. - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`api_id` _(required)_ -: The API identifier. - -## Properties - -`api_gateway_manageds` -: Specifies whether a route is managed by API Gateway. If you created an API using quick create, the `$default` route is managed by API Gateway. You cannot modify the `$default` route key. - -: **Field**: `api_gateway_managed` - -`api_key_requireds` -: Specifies whether an API key is required for this route. Supported only for WebSocket APIs. - -: **Field**: `api_key_required` - -`authorization_scopes` -: A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes. - -: **Field**: `authorization_scopes` - -`authorization_types` -: The authorization type for the route. For WebSocket APIs, valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer. For HTTP APIs, valid values are `NONE` for open access, `JWT` for using JSON Web Tokens, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer. - -: **Field**: `authorization_type` - -`authorizer_ids` -: The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer. - -: **Field**: `authorizer_id` - -`model_selection_expressions` -: The model selection expression for the route. Supported only for WebSocket APIs. - -: **Field**: `model_selection_expression` - -`operation_names` -: The operation name for the route. - -: **Field**: `operation_name` - -`request_models` -: The request models for the route. Supported only for WebSocket APIs. - -: **Field**: `request_models` - -`request_parameters` -: The request parameters for the route. Supported only for WebSocket APIs. - -: **Field**: `request_parameters` - -`route_ids` -: The route ID. - -: **Field**: `route_id` - -`route_keys` -: The route key for the route. - -: **Field**: `route_key` - -`route_response_selection_expressions` -: The route response selection expression for the route. Supported only for WebSocket APIs. - -: **Field**: `route_response_selection_expression` - -`targets` -: The target for the route. - -: **Field**: `target` - -## Examples - -### Test to ensure an authorizer ID is available - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - its('authorizer_ids') { should include 'AUTHORIZER_ID' } -end -``` - -### Test to verify the requirement of the API key - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - its('api_key_requireds') { should include true } -end -``` - -### Test to verify the authorization type - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - its('authorization_types') { should include 'JWT' } -end -``` - -### Test to verify the operation name - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - its('operation_names') { should include 'OPERATION_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGatewayv2:Client:GetRoutesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_vpc_link.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_vpc_link.md deleted file mode 100644 index eb55fde4b0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_vpc_link.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_api_gateway_vpc_link resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_vpc_link" -identifier = "inspec/resources/aws/aws_api_gateway_vpc_link resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_vpc_link` InSpec audit resource to test the properties of a single specific AWS API Gateway VPC link. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway VPCLink](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-vpclink.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a VPC link exists. - -```ruby -describe aws_api_gateway_vpc_link(vpc_link_id: 'VPC_LINK_ID') do - it { should exist } -end -``` - -## Parameters - -`vpc_link_id` _(required)_ - -: The identifier of the VPC link. - -## Properties - -`id` -: The identifier of the VPC link used to integrate to reference this VPC link. - -`name` -: The name used to label and identify the VPC link. - -`description` -: The description of the VPC link. - -`target_arns` -: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. - -`status` -: The status of the VPC link. The valid values are `AVAILABLE`, `PENDING`, `DELETING`, or `FAILED`. If the status is `PENDING`, the API deployment waits, and if the status is `DELETING`, the API deployment fails. - -`status_message` -: A description about the VPC link status. - -`tags` -: The collection of strings. Each tag element is associated with a given resource. - -## Examples - -### Test to ensure a VPC link ID is available - -```ruby -describe aws_api_gateway_vpc_link(vpc_link_id: 'VPC_LINK_ID') do - its('id') { should eq 'VPC_LINK_ID' } -end -``` - -### Test to ensure a VPC link name is available - -```ruby -describe aws_api_gateway_vpc_link(vpc_link_id: 'VPC_LINK_ID') do - its('name') { should eq 'VPC_LINK_NAME' } -end -``` - -### Test to verify the status as `AVAILABLE` - -```ruby -describe aws_api_gateway_vpc_link(vpc_link_id: 'VPC_LINK_ID') do - its('status') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_vpc_link(vpc_link_id: 'VPC_LINK_ID') do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_vpc_link(vpc_link_id: 'VPC_LINK_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:VpcLink" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_vpc_links.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_vpc_links.md deleted file mode 100644 index de3b4c6b7c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_api_gateway_vpc_links.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "aws_api_gateway_vpc_links resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_api_gateway_vpc_links" -identifier = "inspec/resources/aws/aws_api_gateway_vpc_links resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_api_gateway_vpc_links` InSpec audit resource to test multiple AWS API Gateway VPC link properties. - -For additional information, including parameters and properties, see the [AWS documentation on AWS APIGateway VPCLink](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-vpclink.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a VPC link exists. - -```ruby -describe aws_api_gateway_vpc_links do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The identifier of the VPC link used to integrate to reference this VPC link. - -: **Field**: `id` - -`names` -: The name used to label and identify the VPC link. - -: **Field**: `name` - -`descriptions` -: The description of the VPC link. - -: **Field**: `description` - -`target_arns` -: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. - -: **Field**: `target_arns` - -`statuses` -: The status of the VPC link. The valid values are `AVAILABLE`, `PENDING`, `DELETING`, or `FAILED`. If the status is `PENDING`, the API deployment waits, and if the status is `DELETING`, the API deployment fails. - -: **Field**: `status` - -`status_messages` -: A description about the VPC link status. - -: **Field**: `status_message` - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -: **Field**: `tags` - -## Examples - -### Test to ensure a VPC link ID is available - -```ruby -describe aws_api_gateway_vpc_links do - its('ids') { should include 'VPC_LINK_ID' } -end -``` - -### Test to ensure a VPC link name is available - -```ruby -describe aws_api_gateway_vpc_links do - its('names') { should include 'VPC_LINK_NAME' } -end -``` - -### Test to verify the status as `AVAILABLE` - -```ruby -describe aws_api_gateway_vpc_links do - its('statuses') { should include 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_api_gateway_vpc_links do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_api_gateway_vpc_links do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:VpcLinks" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_account.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_account.md deleted file mode 100644 index 0c6fe5be45..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_account.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_apigateway_account Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_account" -identifier = "inspec/resources/aws/aws_apigateway_account Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_account` InSpec audit resource to test properties of a single specific AWS API Gateway account. - -The `AWS::ApiGateway::Account` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS API Gateway accounts.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-account.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the account exists. - -```ruby -describe aws_apigateway_account do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`cloudwatch_role_arn` -: The ARN of an Amazon CloudWatch role for the current account. - -`throttle_settings.burst_limit` -: The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity. - -`throttle_settings.rate_limit` -: The API request steady-state rate limit. - -`features` -: A list of features supported for the account. When usage plans are enabled, the features list will include an entry of "UsagePlans". - -`api_key_version` -: The version of the API keys used for the account. - -## Examples - -**Ensure a Cloudwatch role ARN is available.** - -```ruby -describe aws_apigateway_account do - its('cloudwatch_role_arn') { should eq 'CloudWatchRoleARN' } -end -``` - -**Ensure that the burst limit is `1`.** - -```ruby -describe aws_apigateway_account do - its('throttle_settings.burst_limit') { should eq '1' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_account do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_account do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_apigateway_account do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Account" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_api_key.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_api_key.md deleted file mode 100644 index 538ae0014c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_api_key.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_apigateway_api_key Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_api_key" -identifier = "inspec/resources/aws/aws_apigateway_api_key Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_api_key` InSpec audit resource to test properties of a single specific AWS APIGateway ApiKey. - -The AWS::ApiGateway::ApiKey resource creates a unique key that you can distribute to clients who are executing API Gateway Method resources that require an API key. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS APIGateway ApiKey.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the api key exists. - -```ruby -describe aws_apigateway_api_key(api_key: 'API_KEY_ID') do - it { should exist } -end -``` - -## Parameters - -`api_key` _(required)_ - -: The identifier of the API key resource. - -## Properties - -`id` -: The identifier of the API Key. - -`value` -: The value of the API Key. - -`name` -: The name of the API Key. - -`customer_id` -: An AWS Marketplace customer identifier , when integrating with the AWS SaaS Marketplace. - -`description` -: The description of the API Key. - -`enabled` -: Specifies whether the API Key can be used by callers. - -`created_date` -: The timestamp when the API Key was created. - -`last_updated_date` -: The timestamp when the API Key was last updated. - -`stage_keys` -: A list of Stage resources that are associated with the API key resource. - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_apigateway_api_key(api_key: 'API_KEY_ID') do - its('id') { should eq 'ID' } -end -``` - -**Ensure that the name is available.** - -```ruby -describe aws_apigateway_api_key(api_key: 'API_KEY_ID') do - its('name') { should eq 'API_KEY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_api_key(api_key: 'API_KEY_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_api_key(api_key: 'API_KEY_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_apigateway_api_key(api_key: 'API_KEY_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:ApiKey" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_api_keys.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_api_keys.md deleted file mode 100644 index 38458e7899..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_api_keys.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_apigateway_api_keys Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_api_keys" -identifier = "inspec/resources/aws/aws_apigateway_api_keys Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_api_keys` InSpec audit resource to test properties of multiple AWS API Gateway API keys. - -The `AWS::ApiGateway::ApiKey` resource creates a unique key that you can distribute to clients who are executing API Gateway Method resources that require an API key. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS API Gateway API Key.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the API key exists. - -```ruby -describe aws_apigateway_api_keys do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The identifier of the API Key. - -: **Field**: `id` - -`values` -: The value of the API Key. - -: **Field**: `value` - -`names` -: The name of the API Key. - -: **Field**: `name` - -`customer_ids` -: An AWS Marketplace customer identifier , when integrating with the AWS SaaS Marketplace. - -: **Field**: `customer_id` - -`descriptions` -: The description of the API Key. - -: **Field**: `description` - -`enabled` -: Specifies whether the API Key can be used by callers. - -: **Field**: `enabled` - -`created_dates` -: The timestamp when the API Key was created. - -: **Field**: `created_date` - -`last_updated_dates` -: The timestamp when the API Key was last updated. - -: **Field**: `last_updated_date` - -`stage_keys` -: A list of Stage resources that are associated with the ApiKey resource. - -: **Field**: `stage_keys` - -`tags` -: The collection of tags. - -: **Field**: `tags` - -## Examples - -**Ensure a ID is available.** - -```ruby -describe aws_apigateway_api_keys do - its('ids') { should include 'API_ID' } -end -``` - -**Ensure that the name is available.** - -```ruby -describe aws_apigateway_api_keys do - its('names') { should include 'API_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_api_keys do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_api_keys do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:ApiKeys" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_authorizer.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_authorizer.md deleted file mode 100644 index cd0af61cf1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_authorizer.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_apigateway_authorizer Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_authorizer" -identifier = "inspec/resources/aws/aws_apigateway_authorizer Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_authorizer` InSpec audit resource to test properties of a single specific AWS API Gateway authorizer. - -The `AWS::ApiGateway::Authorizer` resource creates an authorization layer that API Gateway activates for methods that have authorization enabled. API Gateway activates the authorizer when a client calls those methods. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS APIGateway Authorizer.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the authorizer exists. - -```ruby -describe aws_apigateway_authorizer(rest_api_id: 'REST_API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The string identifier of the associated REST API. - -`authorizer_id` _(required)_ - -: The identifier of the authorizer resource. - -## Properties - -`id` -: The identifier for the authorizer resource. - -`name` -: The name of the authorizer. - -`type` -: The authorizer type. - -`provider_arns` -: A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. - -`auth_type` -: Optional customer-defined field, used in OpenAPI imports and exports without functional impact. - -`authorizer_uri` -: Specifies the authorizer's Uniform Resource Identifier (URI). - -`authorizer_credentials` -: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. - -`identity_source` -: The identity source for which authorization is requested. - -`identity_validation_expression` -: A validation expression for the incoming identity token. - -`authorizer_result_ttl_in_seconds` -: The TTL in seconds of cached authorizer results. - -## Examples - -**Test that an ID is available.** - -```ruby -describe aws_apigateway_authorizer(rest_api_id: 'REST_API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('id') { should eq 'AUTHORIZER_ID' } -end -``` - -**Test that a name is available.** - -```ruby -describe aws_apigateway_authorizer(rest_api_id: 'REST_API_ID', authorizer_id: 'AUTHORIZER_ID') do - its('name') { should eq 'AUTHORIZER_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_authorizer(rest_api_id: 'REST_API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_authorizer(rest_api_id: 'REST_API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_apigateway_authorizer(rest_api_id: 'REST_API_ID', authorizer_id: 'AUTHORIZER_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Authorizer" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_authorizers.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_authorizers.md deleted file mode 100644 index 6dc7dcfd65..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_authorizers.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_apigateway_authorizers Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_authorizers" -identifier = "inspec/resources/aws/aws_apigateway_authorizers Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_authorizers` InSpec audit resource to test properties of multiple AWS API Gateway authorizers. - -The `AWS::ApiGateway::Authorizer` resource creates an authorization layer that API Gateway activates for methods that have authorization enabled. API Gateway activates the authorizer when a client calls those methods. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS APIGateway Authorizer.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the authorizer exists. - -```ruby -describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -## Parameters - -`rest_api_id` _(required)_ - -: The ID of the REST API. - -## Properties - -`ids` -: The identifier for the authorizer resource. - -: **Field**: `id` - -`names` -: The name of the authorizer. - -: **Field**: `name` - -`types` -: The authorizer type. - -: **Field**: `type` - -`provider_arns` -: A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. - -: **Field**: `provider_arns` - -`auth_types` -: Optional customer-defined field, used in OpenAPI imports and exports without functional impact. - -: **Field**: `auth_type` - -`authorizer_uris` -: Specifies the authorizer's Uniform Resource Identifier (URI). - -: **Field**: `authorizer_uri` - -`authorizer_credentials` -: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. - -: **Field**: `authorizer_credentials` - -`identity_sources` -: The identity source for which authorization is requested. - -: **Field**: `identity_source` - -`identity_validation_expressions` -: A validation expression for the incoming identity token. - -: **Field**: `identity_validation_expression` - -`authorizer_result_ttl_in_seconds` -: The TTL in seconds of cached authorizer results. - -: **Field**: `authorizer_result_ttl_in_seconds` - -## Examples - -**Test that an ID is available.** - -```ruby -describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do - its('ids') { should include 'AUTHORIZER_ID' } -end -``` - -**Test that a name is available.** - -```ruby -describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do - its('names') { should include 'AUTHORIZER_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:Authorizers" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_base_path_mapping.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_base_path_mapping.md deleted file mode 100644 index b1a034d201..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_base_path_mapping.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_apigateway_base_path_mapping Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_base_path_mapping" -identifier = "inspec/resources/aws/aws_apigateway_base_path_mapping Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_base_path_mapping` Chef InSpec audit resource to test properties of a single specific AWS API Gateway base path mapping. - -The `AWS::ApiGateway::BasePathMapping` resource creates a base path that clients who call your API must use in the invocation URL. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS APIGateway BasePathMapping.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-basepathmapping.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Test that the base path mapping exists. - -```ruby -describe aws_apigateway_base_path_mapping(domain_name: 'DOMAIN_NAME', base_path: 'BASE_PATH') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ - -: The domain name of the base path mapping resource to be described. - -`base_path` _(required)_ - -: The base path name that callers of the API must provide as part of the URL after the domain name. - -## Properties - -`base_path` -: The base path name that callers of the API must provide as part of the URL after the domain name. - -`rest_api_id` -: The string identifier of the associated RestApi. - -`stage` -: The name of the associated stage. - -## Examples - -**Test that a base path is available.** - -```ruby -describe aws_apigateway_base_path_mapping(domain_name: 'DOMAIN_NAME', base_path: 'BASE_PATH') do - its('base_path') { should eq 'BASE_PATH')' } -end -``` - -**Test that a stage name is available.** - -```ruby -describe aws_apigateway_base_path_mapping(domain_name: 'DOMAIN_NAME', base_path: 'BASE_PATH') do - its('stage') { should eq 'StageName' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_base_path_mapping(domain_name: 'DOMAIN_NAME', base_path: 'BASE_PATH') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_base_path_mapping(domain_name: 'DOMAIN_NAME', base_path: 'BASE_PATH') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_apigateway_base_path_mapping(domain_name: 'DOMAIN_NAME', base_path: 'BASE_PATH') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:BasePathMapping" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_base_path_mappings.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_base_path_mappings.md deleted file mode 100644 index 0797970a1c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_base_path_mappings.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_apigateway_base_path_mappings Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_base_path_mappings" -identifier = "inspec/resources/aws/aws_apigateway_base_path_mappings Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_base_path_mappings` InSpec audit resource to test properties of multiple AWS API Gateway base path mappings. - -The `AWS::ApiGateway::BasePathMapping` resource creates a base path that clients who call your API must use in the invocation URL. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS APIGateway BasePathMapping.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-basepathmapping.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the base path mappings exists. - -```ruby -describe aws_apigateway_base_path_mappings(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ - -: The domain name of the BasePathMapping resource to be described. - -## Properties - -`base_paths` -: The base path name that callers of the API must provide as part of the URL after the domain name. - -: **Field**: `base_path` - -`rest_api_ids` -: The string identifier of the associated RestApi. - -: **Field**: `rest_api_id` - -`stages` -: The name of the associated stage. - -: **Field**: `stage` - -## Examples - -**Ensure a base path is available.** - -```ruby -describe aws_apigateway_base_path_mappings(domain_name: 'DOMAIN_NAME') do - its('base_paths') { should include 'BASE_PATH')' } -end -``` - -**Ensure that stage name is available.** - -```ruby -describe aws_apigateway_base_path_mappings(domain_name: 'DOMAIN_NAME') do - its('stages') { should include 'STAGE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_base_path_mappings(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_base_path_mappings(domain_name: 'DOMAIN_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:BasePathMappings" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_client_certificate.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_client_certificate.md deleted file mode 100644 index c5b359f989..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_client_certificate.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_apigateway_client_certificate Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_client_certificate" -identifier = "inspec/resources/aws/aws_apigateway_client_certificate Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_client_certificate` InSpec audit resource to test properties of a single specific AWS API Gateway client certificate. - -The `AWS::ApiGateway::ClientCertificate` resource creates a client certificate that API Gateway uses to configure client-side SSL authentication for sending requests to the integration endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS APIGateway ClientCertificate.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-clientcertificate.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client certificate exists. - -```ruby -describe aws_apigateway_client_certificate(client_certificate_id: 'CLIENT_CERTIFICATE_ID') do - it { should exist } -end -``` - -## Parameters - -`client_certificate_id` _(required)_ - -: The identifier of the client certificate. - -## Properties - -`client_certificate_id` -: The identifier of the client certificate. - -`description` -: The description of the client certificate. - -`pem_encoded_certificate` -: The PEM-encoded public key of the client certificate, which can be used to configure certificate authentication in the integration endpoint . - -`created_date` -: The timestamp when the client certificate was created. - -`expiration_date` -: The timestamp when the client certificate will expire. - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -## Examples - -**Ensure a client certificate id is available.** - -```ruby -describe aws_apigateway_client_certificate(client_certificate_id: 'CLIENT_CERTIFICATE_ID') do - its('client_certificate_id') { should eq 'CLIENT_CERTIFICATE_ID' } -end -``` - -**Ensure a pem encoded certificate is available.** - -```ruby -describe aws_apigateway_client_certificate(client_certificate_id: 'CLIENT_CERTIFICATE_ID') do - its('pem_encoded_certificate') { should eq 'PEM_ENCODED_CERTIFICATE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_client_certificate(client_certificate_id: 'CLIENT_CERTIFICATE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_client_certificate(client_certificate_id: 'CLIENT_CERTIFICATE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_apigateway_client_certificate(client_certificate_id: 'CLIENT_CERTIFICATE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:ClientCertificate" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_client_certificates.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_client_certificates.md deleted file mode 100644 index 1f577cac81..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_apigateway_client_certificates.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_apigateway_client_certificates Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_apigateway_client_certificates" -identifier = "inspec/resources/aws/aws_apigateway_client_certificates Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_apigateway_client_certificates` InSpec audit resource to test properties of multiple AWS API Gateway client certificates. - -The `AWS::ApiGateway::ClientCertificate` resource creates a client certificate that API Gateway uses to configure client-side SSL authentication for sending requests to the integration endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS API Gateway client certificate.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-clientcertificate.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client certificate exists. - -```ruby -describe aws_apigateway_client_certificates do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`client_certificate_ids` -: The identifier of the client certificate. - -: **Field**: `client_certificate_id` - -`descriptions` -: The description of the client certificate. - -: **Field**: `description` - -`pem_encoded_certificates` -: The PEM-encoded public key of the client certificate, which can be used to configure certificate authentication in the integration endpoint . - -: **Field**: `pem_encoded_certificate` - -`created_dates` -: The timestamp when the client certificate was created. - -: **Field**: `created_date` - -`expiration_dates` -: The timestamp when the client certificate will expire. - -: **Field**: `expiration_date` - -`tags` -: The collection of tags. Each tag element is associated with a given resource. - -: **Field**: `tags` - -## Examples - -**Ensure a client certificate ID is available.** - -```ruby -describe aws_apigateway_client_certificates do - its('client_certificate_ids') { should include 'CLIENT_CERTIFICATE_ID' } -end -``` - -**Ensure a PEM encoded certificate is available.** - -```ruby -describe aws_apigateway_client_certificates do - its('pem_encoded_certificates') { should include 'PEM_ENCODED_CERTIFICATE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_apigateway_client_certificates do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_apigateway_client_certificates do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="APIGateway:Client:ClientCertificates" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scalable_target.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scalable_target.md deleted file mode 100644 index d281ce6315..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scalable_target.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_application_autoscaling_scalable_target Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_application_autoscaling_scalable_target" -identifier = "inspec/resources/aws/aws_application_autoscaling_scalable_target Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_application_autoscaling_scalable_target` InSpec audit resource to test properties of a resource that Application Auto Scaling can scale. - -For additional information, including details on parameters and properties, see the [AWS ApplicationAutoScaling ScalableTarget documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalabletarget.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_application_autoscaling_scalable_target( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -## Parameters - -`service_namespace` _(required)_ - -: The namespace of the AWS service that provides the resource. - -## Properties - -`service_namespace` -: The namespace of the AWS service that provides the resource. - -`resource_id` -: The identifier of the resource associated with the scalable target. - -`scalable_dimension` -: The scalable dimension associated with the scalable target. - -`min_capacity` -: The minimum value to scale to in response to a scale-in activity. - -`max_capacity` -: The maximum value to scale to in response to a scale-out activity. - -`role_arn` -: The ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf. - -`creation_time` -: The Unix timestamp for when the scalable target was created. - -`suspended_state (dynamic_scaling_in_suspended)` -: Whether scale in by a target tracking scaling policy or a step scaling policy is suspended. Set the value to `true` if you don't want Application Auto Scaling to remove capacity when a scaling policy is triggered. The default is `false`. - -`suspended_state (dynamic_scaling_out_suspended)` -: Whether scale out by a target tracking scaling policy or a step scaling policy is suspended. Set the value to `true` if you don't want Application Auto Scaling to add capacity when a scaling policy is triggered. The default is `false`. - -`suspended_state (scheduled_scaling_suspended)` -: Whether scheduled scaling is suspended. Set the value to `true` if you don't want Application Auto Scaling to add or remove capacity by initiating scheduled actions. The default is `false`. - -## Examples - -**Ensure a service namespace is available.** - -```ruby -describe aws_application_autoscaling_scalable_target( service_namespace: 'SERVICE_NAMESPACE' ) do - its('service_namespace') { should eq 'ec2' } -end -``` - -**Verify the min scale capacity.** - -```ruby -describe aws_application_autoscaling_scalable_target( service_namespace: 'SERVICE_NAMESPACE' ) do - its('min_capacity') { should eq 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_application_autoscaling_scalable_target( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_application_autoscaling_scalable_target( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ApplicationAutoScaling:Client:DescribeScalableTargetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scalable_targets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scalable_targets.md deleted file mode 100644 index f49afe48d2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scalable_targets.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_application_autoscaling_scalable_targets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_application_autoscaling_scalable_targets" -identifier = "inspec/resources/aws/aws_application_autoscaling_scalable_targets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_application_autoscaling_scalable_targets` InSpec audit resource to test properties of multiple resourcese that Application Auto Scaling can scale. - -For additional information, including details on parameters and properties, see the [AWS ApplicationAutoScaling ScalableTarget documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalabletarget.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_application_autoscaling_scalable_targets( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -## Parameters - -`service_namespace` _(required)_ - -: The namespace of the AWS service that provides the resource. - -## Properties - -`service_namespaces` -: The namespace of the AWS service that provides the resource. - -`resource_ids` -: The identifier of the resource associated with the scalable target. - -`scalable_dimensions` -: The scalable dimension associated with the scalable target. - -`min_capacities` -: The minimum value to scale to in response to a scale-in activity. - -`max_capacities` -: The maximum value to scale to in response to a scale-out activity. - -`role_arns` -: The ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf. - -`creation_times` -: The Unix timestamp for when the scalable target was created. - -`suspended_states` -: The suspended state of the scalable target. - -## Examples - -**Ensure a service namespace is available.** - -```ruby -describe aws_application_autoscaling_scalable_targets( service_namespace: 'SERVICE_NAMESPACE' ) do - its('service_namespace') { should include 'ec2' } -end -``` - -**Verify the minimum scale capacity.** - -```ruby -describe aws_application_autoscaling_scalable_targets( service_namespace: 'SERVICE_NAMESPACE' ) do - its('min_capacity') { should include 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_application_autoscaling_scalable_targets( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_application_autoscaling_scalable_targets( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ApplicationAutoScaling:Client:DescribeScalableTargetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scaling_policies.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scaling_policies.md deleted file mode 100644 index 66b149dd4d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scaling_policies.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "aws_application_autoscaling_scaling_policies Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_application_autoscaling_scaling_policies" -identifier = "inspec/resources/aws/aws_application_autoscaling_scaling_policies Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_application_autoscaling_scaling_policies` InSpec audit resource to test properties of multiple AWS Application Auto Scaling scaling policies. - -For additional information, including details on parameters and properties, see the [AWS ApplicationAutoScaling ScalingPolicy documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalingpolicy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure a scaling policy exists. - -```ruby -describe aws_application_autoscaling_scaling_policies( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -## Parameters - -`service_namespace` _(required)_ - -: The namespace of the AWS service that provides the resource, or a custom-resource. - -## Properties - -`policy_arns` -: The Amazon Resource Name (ARN) of the scaling policy. - -`policy_names` -: The name of the scaling policy. - -`service_namespaces` -: The namespace of the AWS service that provides the resource, or a custom-resource. - -`resource_ids` -: The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. - -`scalable_dimensions` -: The scalable dimension. This string consists of the service namespace, resource type, and scaling property. - -`policy_types` -: The scaling policy type. - -`step_scaling_policy_configurations` -: A step scaling policy. - -`target_tracking_scaling_policy_configurations` -: A target tracking scaling policy. - -`alarms` -: The CloudWatch alarms associated with the scaling policy. - -`creation_times` -: The Unix timestamp for when the scaling policy was created. - -## Examples - -**Ensure a policy name is available.** - -```ruby -describe aws_application_autoscaling_scaling_policies( service_namespace: 'SERVICE_NAMESPACE' ) do - its('policy_names') { should include 'POLICY_NAME' } -end -``` - -**Ensure a policy type is available.** - -```ruby -describe aws_application_autoscaling_scaling_policies( service_namespace: 'SERVICE_NAMESPACE' ) do - its('policy_types') { should include "POLICY_TYPE" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_application_autoscaling_scaling_policies( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -### be_available - -Use `should` to check if the scalable policy is available. - -```ruby -describe aws_application_autoscaling_scaling_policies( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ApplicationAutoScaling:Client:DescribeScalingPoliciesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scaling_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scaling_policy.md deleted file mode 100644 index 40d7554cee..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_application_autoscaling_scaling_policy.md +++ /dev/null @@ -1,172 +0,0 @@ -+++ -title = "aws_application_autoscaling_scaling_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_application_autoscaling_scaling_policy" -identifier = "inspec/resources/aws/aws_application_autoscaling_scaling_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_application_autoscaling_scaling_policy` InSpec audit resource to test properties of a single AWS Application Auto Scaling scaling policy. - -For additional information, including details on parameters and properties, see the [AWS ApplicationAutoScaling ScalingPolicy documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalingpolicy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure a scaling policy exists. - -```ruby -describe aws_application_autoscaling_scaling_policy( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -## Parameters - -`service_namespace` _(required)_ - -: The namespace of the AWS service that provides the resource, or a custom-resource. - -## Properties - -`policy_arn` -: The Amazon Resource Name (ARN) of the scaling policy. - -`policy_name` -: The name of the scaling policy. - -`service_namespace` -: The namespace of the AWS service that provides the resource, or a custom-resource. - -`resource_id` -: The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. - -`scalable_dimension` -: The scalable dimension. This string consists of the service namespace, resource type, and scaling property. - -`policy_type` -: The Application Auto Scaling policy type. - -`step_scaling_policy_configuration (adjustment_type)` -: Specifies how the `ScalingAdjustment` value in a `StepAdjustment` is interpreted (for example, an absolute number or a percentage). The valid values are `ChangeInCapacity` , `ExactCapacity` , and `PercentChangeInCapacity`. - -`step_scaling_policy_configuration (step_adjustments)` -: A set of adjustments that enable you to scale based on the size of the alarm breach. - -`step_scaling_policy_configuration (step_adjustments (metric_interval_lower_bound))` -: The lower bound for the difference between the alarm threshold and the CloudWatch metric. - -`step_scaling_policy_configuration (step_adjustments (metric_interval_upper_bound))` -: The upper bound for the difference between the alarm threshold and the CloudWatch metric. - -`step_scaling_policy_configuration (step_adjustments (scaling_adjustment))` -: The amount by which to scale, based on the specified adjustment type. - -`step_scaling_policy_configuration (min_adjustment_magnitude)` -: The minimum value to scale by when the adjustment type is `PercentChangeInCapacity`. - -`step_scaling_policy_configuration (cooldown)` -: The amount of time, in seconds, to wait for a previous scaling activity to take effect. - -`step_scaling_policy_configuration (metric_aggregation_type)` -: The aggregation type for the CloudWatch metrics. Valid values are `Minimum`, `Maximum`, and `Average`. - -`target_tracking_scaling_policy_configuration (target_value)` -: The target value for the metric. - -`target_tracking_scaling_policy_configuration (predefined_metric_specification (predefined_metric_type))` -: The metric type. The `ALBRequestCountPerTarget` metric type applies only to Spot Fleet requests and ECS services. - -`target_tracking_scaling_policy_configuration (predefined_metric_specification (resource_label))` -: Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is `ALBRequestCountPerTarget` and there is a target group attached to the Spot Fleet request or ECS service. - -`target_tracking_scaling_policy_configuration (customized_metric_specification (metric_name))` -: The name of the metric. - -`target_tracking_scaling_policy_configuration (customized_metric_specification (namespace))` -: The namespace of the metric. - -`target_tracking_scaling_policy_configuration (customized_metric_specification (dimensions (name)))` -: The name of the dimension. - -`target_tracking_scaling_policy_configuration (customized_metric_specification (dimensions (value)))` -: The value of the dimension. - -`target_tracking_scaling_policy_configuration (customized_metric_specification (statistic))` -: The statistic of the metric. - -`target_tracking_scaling_policy_configuration (customized_metric_specification (unit))` -: The unit of the metric. - -`target_tracking_scaling_policy_configuration (scale_out_cooldown)` -: The amount of time, in seconds, to wait for a previous scale-out activity to take effect. - -`target_tracking_scaling_policy_configuration (scale_in_cooldown)` -: The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start. - -`target_tracking_scaling_policy_configuration (disable_scale_in)` -: Indicates whether scale in by the target tracking scaling policy is disabled. - -`alarms (alarm_name)` -: The name of the alarm. - -`alarms (alarm_arn)` -: The Amazon Resource Name (ARN) of the alarm. - -`creation_time` -: The Unix timestamp for when the scaling policy was created. - -## Examples - -**Ensure a policy name is available.** - -```ruby -describe aws_application_autoscaling_scaling_policy( service_namespace: 'SERVICE_NAMESPACE' ) do - its('policy_name') { should eq 'POLICY_NAME' } -end -``` - -**Ensure a policy type is available.** - -```ruby -describe aws_application_autoscaling_scaling_policy( service_namespace: 'SERVICE_NAMESPACE' ) do - its('policy_type') { should eq "POLICY_TYPE" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_application_autoscaling_scaling_policy( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should exist } -end -``` - -### be_available - -Use `should` to check if the scalable policy is available. - -```ruby -describe aws_application_autoscaling_scaling_policy( service_namespace: 'SERVICE_NAMESPACE' ) do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ApplicationAutoScaling:Client:DescribeScalingPoliciesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_athena_work_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_athena_work_group.md deleted file mode 100644 index be5b49f2b5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_athena_work_group.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_athena_work_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_athena_work_group" -identifier = "inspec/resources/aws/aws_athena_work_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_athena_work_group` InSpec audit resource to test properties of a single specific Amazon Athena workgroup. - -For additional information, including details on parameters and properties, see the [AWS Athena workgroup documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-workgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_athena_work_group(work_group: 'WORK_GROUP') do - it { should exist } -end -``` - -## Parameters - -`work_group` _(required)_ - -## Properties - -`name` -: The workgroup name. - -`state` -: The state of the workgroup. Valid values are: `ENABLED` or `DISABLED`. - -`description` -: The workgroup description. - -`creation_time` -: The workgroup creation time. Format: YYYY-MM-DD HH:MM:SS ZZZZ. - -`tags` -: An array of key-value pairs to apply to this resource. - -`configuration (result_configuration)` -: The location and encryption of query results of the workgroup. - -`configuration (enforce_work_group_configuration)` -: Whether workgroup settings override client-side settings. - -`configuration (publish_cloud_watch_metrics_enabled)` -: Whether Amazon CloudWatch metrics are enabled in the workgroup. - -`configuration (bytes_scanned_cutoff_per_query)` -: The limit in bytes that a query is allowed to scan in the workgroup. - -`configuration (requester_pays_enabled)` -: Whether the workgroup can reference Requester Pays buckets. - -`configuration (engine_version (selected_engine_version))` -: The user-selected engine version. - -`configuration (engine_version (effective_engine_version))` -: The engine version on which a query runs. - -## Examples - -**Ensure a workgroup name is available.** - -```ruby -describe aws_athena_work_group(work_group: 'WORK_GROUP') do - its('name') { should eq 'WORK_GROUP_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_athena_work_group(work_group: 'WORK_GROUP') do - its('state') { should eq 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_athena_work_group(work_group: 'WORK_GROUP') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_athena_work_group(work_group: 'WORK_GROUP') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_athena_work_group(work_group: 'WORK_GROUP') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Athena:Client:GetWorkGroupOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_athena_work_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_athena_work_groups.md deleted file mode 100644 index 98b37c3b5c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_athena_work_groups.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_athena_work_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_athena_work_groups" -identifier = "inspec/resources/aws/aws_athena_work_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_athena_work_groups` InSpec audit resource to test properties of multiple Amazon Athena workgroups. - -For additional information, including details on parameters and properties, see the [AWS Athena workgroup documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-workgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_athena_work_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The workgroup name. - -`states` -: The state of the workgroup. Valid values are: `ENABLED` or `DISABLED`. - -`descriptions` -: The workgroup description. - -`creation_times` -: The workgroup creation time. Format: YYYY-MM-DD HH:MM:SS ZZZZ. - -## Examples - -**Ensure a work_group name is available.** - -```ruby -describe aws_athena_work_groups do - its('names') { should include 'WORK_GROUP_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_athena_work_groups do - its('states') { should include 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_athena_work_groups do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_athena_work_groups do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_athena_work_groups do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Athena:Client:ListWorkGroupsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_auto_scaling_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_auto_scaling_group.md deleted file mode 100644 index efec09ee7d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_auto_scaling_group.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_auto_scaling_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_auto_scaling_group" -identifier = "inspec/resources/aws/aws_auto_scaling_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_auto_scaling_group` InSpec audit resource to test properties of a single AWS Auto Scaling group. - -For additional information, including details on parameters and properties, see the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an auto scaling group exists and has the correct scale sizes - -```ruby -describe aws_auto_scaling_group('MyAutoScalingGroup') do - it { should exist } - its('min_size') { should be 1} - its('max_size') { should be 4} -end -``` - -You may also use hash syntax to pass the auto scaling group name - -```ruby -describe aws_auto_scaling_group(name: 'MyAutoScalingGroup') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: This resource accepts a single parameter, the Auto Scaling Group Name which uniquely identifies the auto scaling group. - This can be passed either as a string or as a `name: 'value'` key-value entry in a hash. - -## Properties - -`min_size` -: An integer indicating the minimum number of instances in the auto scaling group. - -`maximum_size` -: An integer indicating the maximum number of instances in the auto scaling group. - -`desired_capacity` -: An integer indicating the desired number of instances in the auto scaling group. - -`launch_configuration_name` -: The name of the auto scaling launch configuration associated with the auto scaling group. - -`vpc_zone_identifier` -: An array of strings corresponding to the subnet IDs associated with the auto scaling group. - -`tags` -: An hash with each key-value pair corresponding to a tag associated with the entity. - -## Examples - -**Ensure that an auto scaling group has the correct desired capacity.** - -```ruby -describe aws_auto_scaling_group('MyAutoScalingGroup') do - it { should exist } - its('desired_capacity') { should be 2 } -end -``` - -**Ensure that an auto scaling group has the correct Launch Configuration name and VPC identifier.** - -```ruby -describe aws_auto_scaling_group('MyAutoScalingGroup') do - it { should exist } - its('launch_configuration_name') { should eq 'MyLaunchConfiguration'} - its('vpc_zone_identifier') { should include 'subnet-1234'} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_auto_scaling_group('AnExistingASG') do - it { should exist } -end -``` - -```ruby -describe aws_auto_scaling_group('ANonExistentASG') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="AutoScaling:Client:AutoScalingGroupsType" %}} -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html). - diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_auto_scaling_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_auto_scaling_groups.md deleted file mode 100644 index 9eb9b1fabf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_auto_scaling_groups.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "aws_auto_scaling_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_auto_scaling_groups" -identifier = "inspec/resources/aws/aws_auto_scaling_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_auto_scaling_groups` InSpec audit resource to test the properties of a collection of AWS Auto Scaling Groups. - -For additional information, including details on parameters and properties, see the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_auto_scaling_groups` resource block returns all Auto Scaling Groups and allows the testing of those ASGs. - -```ruby -describe aws_auto_scaling_groups do - its('names') { should include 'group-name' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`min_sizes` -: An integer indicating the minimum number of instances in the auto scaling group. - -`max_sizes` -: An integer indicating the maximum number of instances in the auto scaling group. - -`desired_capacities` -: An integer indicating the desired number of instances in the auto scaling group. - -`launch_configuration_names` -: The name of the auto scaling launch configuration associated with the auto scaling group. - -`vpc_zone_identifiers` -: An array of strings corresponding to the subnet IDs associated with the auto scaling group. - -`health_check_types` -: The service to use for the health checks. The valid values are EC2 and ELB. - -`tags` -: A hash of key-value pairs corresponding to the tags associated with the entity. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure there are no groups with incorrect vpc_zone_identifiers.** - -```ruby -describe aws_auto_scaling_groups do - it { should exist } - its('vpc_zone_identifiers') { should_not include 'UNDESIRED-ZONE'} -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_auto_scaling_groups.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_auto_scaling_groups.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="AutoScaling:Client:AutoScalingGroupsType" %}} -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_autoscaling_scaling_policies.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_autoscaling_scaling_policies.md deleted file mode 100644 index e9ef0f652f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_autoscaling_scaling_policies.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_autoscaling_scaling_policies Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_autoscaling_scaling_policies" -identifier = "inspec/resources/aws/aws_autoscaling_scaling_policies Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_autoscaling_scaling_policies` InSpec audit resource to test properties of multiple Amazon EC2 Auto Scaling scaling policies. - -For additional information, including details on parameters and properties, see the [AWS AutoScaling Scaling Policy documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-policy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an auto scaling group name exists. - -```ruby -describe aws_autoscaling_scaling_policies do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`auto_scaling_group_names` -: The name of an Auto Scaling group. - -`policy_names` -: The names of one or more policies. If you omit this parameter, all policies are described. - -`policy_arns` -: The ARN of the Auto Scaling group. - -`policy_types` -: One or more policy types. The valid values are `SimpleScaling`, `StepScaling`, and `TargetTrackingScaling`. - -`adjustment_types` -: The adjustment type of the Auto Scaling group. - -`min_adjustment_steps` -: The minimum adjustment step of the Auto Scaling group. - -`min_adjustment_magnitudes` -: The minimum adjustment magnitude of the Auto Scaling group. - -`scaling_adjustments` -: The scaling adjustment of the Auto Scaling group. - -`cooldowns` -: The cooldown period of the Auto Scaling group. - -`step_adjustments` -: The step adjustments of the Auto Scaling group. - -`metric_aggregation_types` -: The aggregation type for CloudWatch metrics of the Auto Scaling group. - -`estimated_instance_warmups` -: The estimated warmup time of the Auto Scaling group until a new instance can contribute to CloudWatch metrics. - -`target_tracking_configurations` -: The target tracking configuration of the Auto Scaling group. - -## Examples - -**Ensure an auto scaling group name is available.** - -```ruby -describe aws_autoscaling_scaling_policies do - its('auto_scaling_group_names') { should include 'AUTO_SCALING_GROUP_NAME' } -end -``` - -**Ensure that the policy types are available.** - -```ruby -describe aws_autoscaling_scaling_policies do - its('policy_types') { should include 'POLICY_TYPE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_autoscaling_scaling_policies do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_autoscaling_scaling_policies do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. -```ruby -describe aws_autoscaling_scaling_policies do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="AutoScaling:client:PoliciesType" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_autoscaling_scaling_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_autoscaling_scaling_policy.md deleted file mode 100644 index 460aacd4fb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_autoscaling_scaling_policy.md +++ /dev/null @@ -1,138 +0,0 @@ -+++ -title = "aws_autoscaling_scaling_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_autoscaling_scaling_policy" -identifier = "inspec/resources/aws/aws_autoscaling_scaling_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_autoscaling_scaling_policy` InSpec audit resource to test properties of a single Amazon EC2 Auto Scaling scaling policy. - -For additional information, including details on parameters and properties, see the [AWS AutoScaling Scaling Policy documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-policy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an auto scaling group name exists. - -```ruby -describe aws_autoscaling_scaling_policy(auto_scaling_group_name: 'AUTO_SCALING_GROUP_NAME') do - it { should exist } -end -``` - -## Parameters - -`auto_scaling_group_name` _(required)_ - -: The name or Amazon Resource Name (ARN) of the Auto Scaling group that has a scaling policy. - -## Properties - -`auto_scaling_group_name` -: The name of the Auto Scaling group. - -`policy_name` -: The names of one or more policies. If you omit this parameter, all policies are described. - -`policy_arn` -: The ARN of the Auto Scaling group. - -`policy_type` -: One or more policy types. The valid values are `SimpleScaling`, `StepScaling`, and `TargetTrackingScaling`. - -`adjustment_type` -: The adjustment type of the Auto Scaling group. - -`min_adjustment_step` -: The minimum adjustment step of the Auto Scaling group. - -`min_adjustment_magnitude` -: The minimum adjustment magnitude of the Auto Scaling group. - -`scaling_adjustment` -: The scaling adjustment of the Auto Scaling group. - -`cooldown` -: The cooldown period of the Auto Scaling group. - -`step_adjustments` -: The step adjustments of the Auto Scaling group. - -`metric_aggregation_type` -: The aggregation type for CloudWatch metrics of the Auto Scaling group. - -`estimated_instance_warmup` -: The estimated warmup time of the Auto Scaling group until a new instance can contribute to CloudWatch metrics. - -`target_tracking_configuration` -: The target tracking configuration of the Auto Scaling group. - -`enabled` -: Whether the scaling policy is enabled or disabled. - -`alarms` -: The alarms of the Auto Scaling group. - -## Examples - -**Ensure an auto scaling group name is available.** - -```ruby -describe aws_autoscaling_scaling_policy(auto_scaling_group_name: 'AUTO_SCALING_GROUP_NAME') do - its('auto_scaling_group_name') { should eq 'AUTO_SCALING_GROUP_NAME' } -end -``` - -**Ensure that the policy type is available.** - -```ruby -describe aws_autoscaling_scaling_policy(auto_scaling_group_name: 'AUTO_SCALING_GROUP_NAME') do - its('policy_type') { should eq 'TargetTrackingScaling' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_autoscaling_scaling_policy(auto_scaling_group_name: 'AUTO_SCALING_GROUP_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_autoscaling_scaling_policy(auto_scaling_group_name: 'AUTO_SCALING_GROUP_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the auto scaling group name is available. - -```ruby -describe aws_autoscaling_scaling_policy(auto_scaling_group_name: 'AUTO_SCALING_GROUP_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="AutoScaling:client:PoliciesType" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_compute_environment.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_compute_environment.md deleted file mode 100644 index 577df5604f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_compute_environment.md +++ /dev/null @@ -1,173 +0,0 @@ -+++ -title = "aws_batch_compute_environment Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_batch_compute_environment" -identifier = "inspec/resources/aws/aws_batch_compute_environment Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_batch_compute_environment` InSpec audit resource to test the properties of a single AWS Batch compute environment. - -For additional information, including details on parameters and properties, see the [AWS documentation on Batch compute environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-computeenvironment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a compute_environment name exists. -```ruby -describe aws_batch_compute_environment(compute_environment_name: 'COMPUTE_ENVIRONMENT_NAME') do - it { should exist } -end -``` - -## Parameters - -`compute_environment_name` _(required)_ - -: The name of the Batch compute environment. - -## Properties - -`compute_environment_name` -: The name of the compute environment. - -`compute_environment_arn` -: The ARN of the compute environment. - -`ecs_cluster_arn` -: The ECS cluster ARN of the compute environment. - -`tags` -: The tags of the compute environment. - -`type` -: The type of the compute environment. - -`state` -: The state of the compute environment. - -`status` -: The status of the compute environment. - -`status_reason` -: The status reason of the compute environment. - -`compute_resources (type)` -: The type of compute resource for the compute environment. - -`compute_resources (allocation_strategy)` -: The allocation strategy for the compute resources of the compute environment. - -`compute_resources (minv_cpus)` -: The minimum number of vCPUs of the compute environment. - -`compute_resources (maxv_cpus)` -: The maximum number of vCPUs of the compute environment. - -`compute_resources (desiredv_cpus)` -: The desired number of vCPUs of the compute environment. - -`compute_resources (instance_types)` -: The instance types of the compute environment. - -`compute_resources (image_id)` -: The Amazon Machine Image (AMI) ID for instances launched in the compute environment. - -`compute_resources (subnets)` -: The VPC subnets where the compute resources are launched. - -`compute_resources (security_group_ids)` -: The EC2 security group IDs of the compute resources of the compute environment. - -`compute_resources (ec2_key_pair)` -: The EC2 key pair for instances launched in the compute environment. - -`compute_resources (instance_role)` -: The ECS instance profile of EC2 instances in the compute environment. - -`compute_resources (tags)` -: The tags applied to EC2 instances in the compute environment. - -`compute_resources (placement_group)` -: The EC2 placement group of the compute resources in the compute environment. - -`compute_resources (bid_percentage)` -: The bid percentage of an instance in the compute environment. - -`compute_resources (spot_iam_fleet_role)` -: The ARN of the EC2 Spot Fleet IAM role applied to a SPOT compute environment. - -`compute_resources (launch_template (launch_template_id))` -: The ID of the launch template of the compute resources of the compute environment. - -`compute_resources (launch_template (launch_template_name))` -: The name of the launch template of the compute resources of the compute environment. - -`compute_resources (launch_template (version))` -: The version of the launch template of the compute resources of the compute environment. - -`service_role` -: The service role of the compute environment. - -## Examples - -**Ensure a compute environment name is available.** - -```ruby -describe aws_batch_compute_environment(compute_environment_name: 'COMPUTE_ENVIRONMENT_NAME') do - its('compute_environment_name') { should eq 'COMPUTE_ENVIRONMENT_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_batch_compute_environment(compute_environment_name: 'COMPUTE_ENVIRONMENT_NAME') do - its('state') { should eq 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_batch_compute_environment(compute_environment_name: 'COMPUTE_ENVIRONMENT_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_batch_compute_environment(compute_environment_name: 'COMPUTE_ENVIRONMENT_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the compute environment name is available. - -```ruby -describe aws_batch_compute_environment(compute_environment_name: 'COMPUTE_ENVIRONMENT_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Batch:Client:DescribeComputeEnvironmentsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_compute_environments.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_compute_environments.md deleted file mode 100644 index 3dd5410e5b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_compute_environments.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_batch_compute_environments Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_batch_compute_environments" -identifier = "inspec/resources/aws/aws_batch_compute_environments Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_batch_compute_environments` InSpec audit resource to test properties of multiple AWS Batch compute environments. - -For additional information, including details on parameters and properties, see the [AWS documentation on Batch compute environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-computeenvironment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a compute environment exists. - -```ruby -describe aws_batch_compute_environments do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`compute_environment_names` -: The name of the compute environment. - -`compute_environment_arns` -: The ARN of the compute environment. - -`ecs_cluster_arns` -: The ECS cluster ARN of the compute environment. - -`tags` -: The tags of the compute environment. - -`types` -: The type of the compute environment. - -`states` -: The state of the compute environment. - -`statuses` -: The status of the compute environment. - -`status_reasons` -: The status reason of the compute environment. - -`service_roles` -: The service role of the compute environment. - -## Examples - -**Ensure a work group name is available.** - -```ruby -describe aws_batch_compute_environments do - its('compute_environment_names') { should include 'COMPUTE_ENVIRONMENT_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_batch_compute_environments do - its('states') { should include 'ENABLED' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of the available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_batch_compute_environments do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_batch_compute_environments do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the compute environments are available. - -```ruby -describe aws_batch_compute_environments do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Batch:Client:DescribeComputeEnvironmentsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_definition.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_definition.md deleted file mode 100644 index 9a0721060f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_definition.md +++ /dev/null @@ -1,200 +0,0 @@ -+++ -title = "aws_batch_job_definition Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_batch_job_definition" -identifier = "inspec/resources/aws/aws_batch_job_definition Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_batch_job_definition` InSpec audit resource to test the properties of a single specific Batch job definition. - -The AWS::Batch::JobDefinition resource specifies the parameters for an AWS Batch job definition. - -For additional information, including details on parameters and properties, see the [AWS documentation on Batch Job Definition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-jobdefinition.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a job definition name exists. - -```ruby -describe aws_batch_job_definition(job_definition_name: 'JOB_DEFINITION_NAME') do - it { should exist } -end -``` - -## Parameters - -`job_definition_name` _(required)_ - -: The name of the job definition. - -## Properties - -`job_definition_name` -: The name of the job definition. - -`job_definition_arn` -: The ARN of the job definition. - -`revision` -: The revision of the job definition. - -`status` -: The status of the job definition. - -`type` -: The type of the job definition. - -`parameters` -: The parameters of the job definition. - -`container_properties (image)` -: The container image in the job definition. - -`container_properties (vcpus)` -: The number of vCPUs reserved for the container in the job definition. - -`container_properties (memory)` -: The hard limit of the container's memory in the job definition. - -`container_properties (command)` -: The command passed to the container in the job definition. - -`container_properties (job_role_arn)` -: The ARN of the IAM role that the container can assume for AWS permissions in the job definition. - -`container_properties (execution_role_arn)` -: The execution role ARN that the AWS Batch can assume in the job definition. - -`container_properties (volumes)` -: The list of the data volumes in the job definition. - -`container_properties (environment)` -: The environment variables to pass to a container in the job definition. - -`container_properties (mount_points)` -: The mount points for the data volumes in the container in the job definition. - -`container_properties (readonly_root_filesystem)` -: Whether the container is given read-only access to its root file system in the job definition. - -`container_properties (privileged)` -: Whether the container is given elevated permissions on the host container instance. - -`container_properties (ulimits)` -: The list of ulimits to set in the container in the job definition. - -`container_properties (user)` -: The user name to use in the container in the job definition. - -`container_properties (instance_type)` -: The instance type to use for a multi-node parallel job. - -`container_properties (resource_requirements)` -: The type and amount of resources to assign to a container in the job definition. - -`container_properties (linux_parameters (shared_memory_size))` -: The value in MiB of the `/dev/shm` volume for the container in the job definition. - -`container_properties (linux_parameters (tmpfs))` -: The container path, mount options, and size (in MiB) of the tmpfs mount for the container in the job definition. - -`container_properties (linux_parameters (max_swap))` -: The total amount of swap memory (in MiB) a container can use. - -`container_properties (linux_parameters (swappiness))` -: The container's memory swappiness behavior in the job definition. - -`container_properties (linux_parameters (shared_memory_size))` -: The shared_memory_size of the log configuration of the container properties of the job definition. - -`container_properties (log_configuration (options))` -: The log configuration options to send to the log driver for the container in the job. - -`container_properties (secrets)` -: The secrets for the job that are exposed as environment variables. - -`timeout (attempt_duration_seconds)` -: The timeout duration in seconds of the job definition. - -`node_properties (num_nodes)` -: The number of nodes that are associated with a multi-node parallel job in the job definition. - -`node_properties (main_node)` -: The node index for the main node of a multi-node parallel job. - -`node_properties (node_range_properties)` -: A list of node ranges and their properties that are associated with a multi-node parallel job. - -`tags` -: The tags of the job definition. - -`propagate_tags` -: Whether to propagate tags from the job definition to the ECS task. - -`platform_capabilities` -: The platform capabilities required by the job definition. - -## Examples - -**Ensure a job definition name is available.** - -```ruby -describe aws_batch_job_definition(job_definition_name: 'JOB_DEFINITION_NAME') do - its('job_definition_name') { should eq 'JOB_DEFINITION_NAME' } -end -``` - -**Ensure that the status is `ACTIVE`.** - -```ruby -describe aws_batch_job_definition(job_definition_name: 'JOB_DEFINITION_NAME') do - its('status') { should eq 'ACTIVE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_batch_job_definition(job_definition_name: 'JOB_DEFINITION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_batch_job_definition(job_definition_name: 'JOB_DEFINITION_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the job definition name is available. - -```ruby -describe aws_batch_job_definition(job_definition_name: 'JOB_DEFINITION_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Batch:Client:DescribeJobDefinitionsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_definitions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_definitions.md deleted file mode 100644 index 98fb1290bd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_definitions.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_batch_job_definitions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_batch_job_definitions" -identifier = "inspec/resources/aws/aws_batch_job_definitions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_batch_job_definitions` InSpec audit resource to test properties of multiple AWS Batch job definitions. - -The AWS::Batch::JobDefinition resource specifies the parameters for an AWS Batch job definition. - -For additional information, including details on parameters and properties, see the [AWS documentation on Batch Job Definition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-workgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a job definition exists. - -```ruby -describe aws_batch_job_definitions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`job_definition_names` -: The name of the job definition. - -`job_definition_arns` -: The ARN of the job definition. - -`revisions` -: The revision of the job definition. - -`statuses` -: The status of the job definition. - -`types` -: The type of the job definition. - -`parameters` -: The parameter of the job definition. - -`tags` -: The tags of the job definition. - -`propagate_tags` -: Whether to propagate tags from the job definition to the ECS task. - -`platform_capabilities` -: The platform capabilities required by the job definition. - -## Examples - -**Ensure a job definition name is available.** - -```ruby -describe aws_batch_job_definitions do - its('job_definition_names') { should include 'JOB_DEFINITION_NAME' } -end -``` - -**Ensure that the status is `ACTIVE`.** - -```ruby -describe aws_batch_job_definitions do - its('statuses') { should include 'ACTIVE' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of the available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_batch_job_definitions do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_batch_job_definitions do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the job_definition name is available. - -```ruby -describe aws_batch_job_definitions do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Batch:Client:DescribeJobDefinitionsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_queue.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_queue.md deleted file mode 100644 index 78674b3371..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_queue.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_batch_job_queue Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_batch_job_queue" -identifier = "inspec/resources/aws/aws_batch_job_queue Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_batch_job_queue` InSpec audit resource to test the properties of a single AWS Batch job queue. - -For additional information, including details on parameters and properties, see the [AWS Batch job queues documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-jobqueue.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a job_queue name exists. - -```ruby -describe aws_batch_job_queue(job_queue_name: 'JOB_QUEUE_NAME') do - it { should exist } -end -``` - -## Parameters - -`job_queue_name` _(required)_ - -: The name of the job queue. - -## Properties - -`job_queue_name` -: The name of the job queue. - -`job_queue_arn` -: The ARN of the job queue. - -`state` -: The state of the job queue. - -`status` -: The status of the job queue. - -`status_reason` -: The status_reason of the job queue. - -`priority` -: The priority of the job queue. - -`compute_environment_order (order)` -: The order of the compute environment of the job queue. - -`compute_environment_order (compute_environment)` -: The ARN of the compute environment of the job queue. - -`tags` -: The tags of the job queue. - -## Examples - -**Ensure a job queue name is available.** - -```ruby -describe aws_batch_job_queue(job_queue_name: 'JOB_QUEUE_NAME') do - its('job_queue_name') { should eq 'JOB_QUEUE_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_batch_job_queue(job_queue_name: 'JOB_QUEUE_NAME') do - its('state') { should eq 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_batch_job_queue(job_queue_name: 'JOB_QUEUE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_batch_job_queue(job_queue_name: 'JOB_QUEUE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the job_queue name is available. - -```ruby -describe aws_batch_job_queue(job_queue_name: 'JOB_QUEUE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Batch:Client:DescribeJobQueuesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_queues.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_queues.md deleted file mode 100644 index 08f8546b8c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_batch_job_queues.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_batch_job_queues Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_batch_job_queues" -identifier = "inspec/resources/aws/aws_batch_job_queues Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_batch_job_queues` InSpec audit resource to test the properties of multiple AWS Batch job queues. - -For additional information, including details on parameters and properties, see the [AWS Batch job queues documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-jobqueue.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a job queue exists. - -```ruby -describe aws_batch_job_queues do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`job_queue_names` -: The name of the job queue. - -`job_queue_arns` -: The ARN of the job queue. - -`states` -: The state of the job queue. - -`statuses` -: The status of the job queue. - -`status_reasons` -: The status_reason of the job queue. - -`priorities` -: The priority of the job queue. - -`tags` -: The tags of the job queue. - -## Examples - -**Ensure a job queue name is available.** - -```ruby -describe aws_batch_job_queues do - its('job_queue_names') { should include 'JOB_QUEUE_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_batch_job_queues do - its('states') { should include 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_batch_job_queues do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_batch_job_queues do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the job_queue name is available. - -```ruby -describe aws_batch_job_queues do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Batch:Client:DescribeJobQueuesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloud_formation_stack_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloud_formation_stack_set.md deleted file mode 100644 index 83f64eda4c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloud_formation_stack_set.md +++ /dev/null @@ -1,180 +0,0 @@ -+++ -title = "aws_cloud_formation_stack_set Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloud_formation_stack_set" -identifier = "inspec/resources/aws/aws_cloud_formation_stack_set Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloud_formation_stack_set` InSpec audit resource to test properties of the singular Cloud Formation stack set. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFormation stack set](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the stack set exists. - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`stack_set_name` -: The name that's associated with the stack set. - -`stack_set_id` -: The ID of the stack set. - -`description` -: A description of the stack set that you specify when the stack set is created or updated. - -`status` -: The status of the stack set. - -`template_body` -: The structure that contains the body of the template that was used to create or update the stack set. - -`parameters` -: A list of input parameters for a stack set. - -`parameter_keys` -: The key associated with the parameter. - -`parameter_values` -: The input value associated with the parameter. - -`use_previous_values` -: During a stack update, use the existing parameter value that the stack is using for a given parameter key. If you specify `true`, do not specify a parameter value. - -`resolved_values` -: The value that corresponds to a Systems Manager parameter key. - -`capabilities` -: The capabilities that are allowed in the stack set. Some stack set templates might include resources that can affect permissions in your Amazon Web Services account—for example, by creating new Identity and Access Management (IAM) users. - -`tags` -: A list of tags that specify information about the stack set. - -`stack_set_arn` -: The Amazon Resource Number (ARN) of the stack set. - -`administration_role_arn` -: The Amazon Resource Number (ARN) of the IAM role used to create or update the stack set. - -`execution_role_name` -: The name of the IAM execution role used to create or update the stack set. - -`stack_set_drift_detection_details.drift_status` -: Status of the stack set's actual configuration compared to its expected template and parameter configuration. - -`stack_set_drift_detection_details.drift_detection_status` -: The status of the stack set drift detection operation. - -`stack_set_drift_detection_details.last_drift_check_timestamp` -: Most recent time when CloudFormation performed a drift detection operation on the stack set. - -`stack_set_drift_detection_details.total_stack_instances_count` -: The total number of stack instances belonging to this stack set. - -`stack_set_drift_detection_details.drifted_stack_instances_count` -: The number of stack instances that have drifted from the expected template and parameter configuration of the stack set. - -`stack_set_drift_detection_details.in_sync_stack_instances_count` -: The number of stack instances which match the expected template and parameter configuration of the stack set. - -`stack_set_drift_detection_details.in_progress_stack_instances_count` -: The number of stack instances that are currently being checked for drift. - -`stack_set_drift_detection_details.failed_stack_instances_count` -: The number of stack instances for which the drift detection operation failed. - -`auto_deployment.enabled` -: If set to `true`, StackSets automatically deploys additional stack instances to AWS Organizations accounts that are added to a target organization or organizational unit (OU) in the specified Regions. - -`auto_deployment.retain_stacks_on_account_removal` -: If set to `true`, stack resources are retained when an account is removed from a target organization or OU. If set to `false`, stack resources are deleted. Specify only if `Enabled` is set to True. - -`permission_model` -: Describes how the IAM roles required for stack set operations are created. - -`organizational_unit_ids` -: The organization root ID or organizational unit (OU) IDs that you specified for deployment targets. - -## Examples - -**Ensure a stack set ID is available.** - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - its('stack_set_id') { should eq 'StackSetId' } -end -``` - -**Verify the description of the stack set.** - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - its('description') { should eq 'test-description'} -end -``` - -**Verify the parameter keys of the stack set.** - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - its('parameter_keys') { should include 'ParameterKey'} -end -``` - -**Verify the in-progress stack instances count of the stack set.** - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - its('stack_set_drift_detection_details.in_progress_stack_instances_count') { should eq 1} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - - -```ruby -describe aws_cloud_formation_stack_set(stack_set_name: "STACK_SET_NAME") do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFormation:Client:DescribeStackSetOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloud_formation_stack_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloud_formation_stack_sets.md deleted file mode 100644 index c7770da624..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloud_formation_stack_sets.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_cloud_formation_stack_sets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloud_formation_stack_sets" -identifier = "inspec/resources/aws/aws_cloud_formation_stack_sets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloud_formation_stack_sets` InSpec audit resource to test properties of multiple AWS Cloud Formation stack sets. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFormation Stack Set.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the stack set exists. - -```ruby -describe aws_cloud_formation_stack_sets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`stack_set_names` -: The name of the stack set. - -: **Field**: `stack_set_name` - -`stack_set_ids` -: The ID of the stack set. - -: **Field**: `stack_set_ids` - -`descriptions` -: A description of the stack set that you specify when the stack set is created or updated. - -: **Field**: `description` - -`status` -: The status of the stack set. - -: **Field**: `status` - -`auto_deployments` -: Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organizational unit (OU). - -: **Field**: `auto_deployment` - -`permission_models` -: Describes how the IAM roles required for stack set operations are created. - -: **Field**: `permission_model` - -`drift_statuses` -: Status of the stack set's actual configuration compared to its expected template and parameter configuration. - -: **Field**: `drift_status` - -`last_drift_check_timestamps` -: Most recent time when CloudFormation performed a drift detection operation on the stack set. - -: **Field**: `last_drift_check_timestamp` - -## Examples - -**Verify that a stack set ID is available.** - -```ruby -describe aws_cloud_formation_stack_sets do - its('stack_set_ids') { should include 'STACK_SET_ID' } -end -``` - -**Verify the descriptions of the stack set.** - -```ruby -describe aws_cloud_formation_stack_sets do - its('descriptions') { should include 'DESCRIPTION_STRING'} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloud_formation_stack_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloud_formation_stack_sets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFormation:Client:ListStackSetsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_stack.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_stack.md deleted file mode 100644 index a722158984..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_stack.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_cloudformation_stack Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudformation_stack" -identifier = "inspec/resources/aws/aws_cloudformation_stack Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudformation_stack ` InSpec audit resource to test properties of a single AWS Cloud Formation Stack. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cloud Formation](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/Welcome.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_cloudformation_stack` exists - -```ruby -describe aws_cloudformation_stack('stack-name') do - it { should exist } -end -``` - -```ruby -describe aws_cloudformation_stack(stack_name: 'stack-name') do - it { should exist } -end -``` - -## Parameters - -`stack_name` _(required)_ - -: This resource accepts a single parameter, the CloudFormation Stack name which uniquely identifies the stack. - This can be passed either as a string or as a `stack_name: 'value'` key-value entry in a hash. - -## Properties - -`stack_id` -: Unique identifier of the stack. - -`stack_name` -: The name associated with the stack. - -`change_set_id` -: The unique ID of the change set. - -`description` -: A user-defined description associated with the stack. - -`parameters` -: A list of Parameter structures. - -`creation_time` -: The time at which the stack was created. - -`deletion_time` -: The time the stack was deleted. - -`last_updated_time` -: The time the stack was last updated. - -`rollback_configuration` -: The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards. - -`stack_status` -: Current status of the stack. - -`stack_status_reason` -: Success/failure message associated with the stack status. - -`drift_information` -: Information on whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters. - -`disable_rollback` -: Boolean to enable or disable rollback on stack creation failures:. - -`notification_arns` -: SNS topic ARNs to which stack related events are published. - -`timeout_in_minutes` -: The amount of time within which stack creation should complete. - -`capabilities` -: The capabilities allowed in the stack. - -`outputs` -: A list of output structures. - -`role_arn` -: The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack. - -`tags` -: A list of Tags that specify information about the stack. - -`enable_termination_protection` -: Whether termination protection is enabled for the stack. - -`parent_id` -: For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. - -`root_id` -: For nested stacks--stacks created as resources for another stack--the stack ID of the the top-level stack to which the nested stack ultimately belongs. - -## Examples - -**Test that a CloudFormation Stack has its stack_status configured correctly.** - -```ruby -describe aws_cloudformation_stack('stack_name') do -its ('stack_status') { should eq 'CREATE_COMPLETE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_cloudformation_stack('AnExistingStack') do - it { should exist } -end -``` - -```ruby -describe aws_cloudformation_stack('ANonExistentStack') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFormation:Client:DescribeStacksOutput" %}} - -You can find detailed documentation at [Authentication and Access Control for CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_stacks.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_stacks.md deleted file mode 100644 index 2849852e58..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_stacks.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "aws_cloudformation_stacks Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudformation_stacks" -identifier = "inspec/resources/aws/aws_cloudformation_stacks Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudformation_stacks` InSpec audit resource to test properties of an AWS CloudFormation stack in bulk. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that `aws_cloudformation_stacks` exists - -```ruby -describe aws_cloudformation_stacks do - it { should exist } -end -``` - -See the [AWS documentation on CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/Welcome.html) for additional information. - -## Parameters - -This resource does not require any parameters. - -## Properties - -`stack_name` -: The name associated with the stack. - -`stack_id` -: Unique identifier of the stack. - -`creation_time` -: The time at which the stack was created. - -`notification_arns` -: SNS topic ARNs to which stack related events are published. - -`role_arn` -: The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack. - -`parent_id` -: For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. - -`root_id` -: For nested stacks--stacks created as resources for another stack--the stack ID of the top-level stack to which the nested stack ultimately belongs. - -## Examples - -**Request the names of all CloudFormation stacks, then test in-depth using the aws_cloudformation_stack resource.** - -```ruby -aws_cloudformation_stacks.names.each do |stack| - describe aws_cloudformation_stack(stack_name: stack) do - it { should exist } - its ('notification_arns') { should_not be_empty} - its ('stack_status') { should eq 'CREATE_COMPLETE' } - end -end -``` - -**Request the names of all CloudFormation stacks created at a certain time, then test in-depth using the aws_cloudformation_stack resource.** - -```ruby -aws_cloudformation_stacks.where(creation_time: 'creation time') do |stack| - describe aws_cloudformation_stack(stack) do - it { should exist } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_cloudformation_stacks do - it { should exist } -end -``` - -Use `should_not` to test that an entity should not exist. - -```ruby -describe aws_cloudformation_stacks do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFormation:Client:DescribeStacksOutput" %}} - -You can find detailed documentation at [Authentication and Access Control for CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_template.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_template.md deleted file mode 100644 index ae9af9a6f6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudformation_template.md +++ /dev/null @@ -1,225 +0,0 @@ -+++ -title = "aws_cloudformation_template Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudformation_template" -identifier = "inspec/resources/aws/aws_cloudformation_template Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudformation_template` InSpec audit resource to test a single AWS CloudFormation template. - -The above resource returns information about a new or existing template. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFormation templates](https://aws.amazon.com/cloudformation/resources/templates/). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the template exists by passing the `stack_name` parameter. - -```ruby -describe aws_cloudformation_template(stack_name: 'STACK_NAME') do - it { should exist } -end -``` - -Ensure that the template exists by passing the `stack_set_name` parameter. - -```ruby -describe aws_cloudformation_template(stack_set_name: 'STACK_SET_NAME') do - it { should exist } -end -``` - -Ensure that the template exists by passing the `template_url` parameter. - -```ruby -describe aws_cloudformation_template(template_url: 'TEMPLATE_URL') do - it { should exist } -end -``` - -Ensure that the template exists by passing the `template_body` parameter. - -```ruby -describe aws_cloudformation_template(template_body: 'TEMPLATE_BODY') do - it { should exist } -end -``` - -## Parameters - -: This resource requires one of the following parameters. - It must be passed as a `PARAMETER: 'PARAMETER_VALUE'` key-value entry in a hash. - -`stack_name` _(required if another parameter not provided)_ - -: The name or the stack ID that is associated with the stack, which are not always interchangeable. - -`stack_set_name` _(required if another parameter not provided)_ - -: The name or unique ID of the stack set from which the stack was created. - -`template_url` _(required if another parameter not provided)_ - -: Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket. - -`template_body` _(required if another parameter not provided)_ - -: Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. - -## Properties - -`parameter_keys` -: The name that is associated with the parameter. - -`default_values` -: The default value of the parameter. - -`parameter_types` -: The type of parameter. - -`no_echos` -: Flag that indicates whether the parameter value is shown as plain text in logs and in the AWS Management Console. - -`descriptions` -: The description that is associate with the parameter. - -`parameter_constraints_allowed_values` -: A list of values that are permitted for a parameter. - -`description` -: The value that is defined in the Description property of the template. - -`capabilities` -: The capabilities found within the template. - -`capabilities_reason` -: The list of resources that generated the values in the Capabilities response element. - -`resource_types` -: A list of all the template resource types that are defined in the template, such as `AWS::EC2::Instance`, `AWS::Dynamo::Table`, and `Custom::MyCustomInstance`. - -`version` -: The AWS template format version, which identifies the capabilities of the template. - -`metadata` -: The value that is defined for the Metadata property of the template. - -`declared_transforms` -: A list of the transforms that are declared in the template. - -`resource_types(resource_identifier_summaries)` -: The resource types of the resource identifier summaries. - -`logical_resource_ids` -: The logical resource id of the resource identifier summaries. - -`resource_identifiers` -: The resource identifier of the resource identifier summaries. - -`template_body` -: The structure that contains the body of the template. The `stack_name` must be passed as a parameter to access this property. - -## Examples - -**Ensure that the parameter keys exists by passing the required parameter `stack_name`.** - -```ruby -describe aws_cloudformation_template(stack_name: 'STACK_NAME') do - its('parameter_keys') {should include 'HttpsCACertificates' } - end -``` - -**Ensure that the parameter keys exists by passing the required parameter `template_url`.** - -```ruby -describe aws_cloudformation_template(template_url: 'TEMPLATE_URL') do - its('parameter_keys') {should include 'HttpsCACertificates' } -end -``` - -**Ensure that the resource_types exists by passing the required parameter `stack_name`.** - -```ruby -describe aws_cloudformation_template(stack_name: 'STACK_NAME') do - its('resource_types') {should include 'AWS::EC2::Instance' } - end -``` - -**Ensure that the resource_types exists by passing the required parameter `template_url`.** - -```ruby -describe aws_cloudformation_template(template_url: 'TEMPLATE_URL') do - its('resource_types') {should include 'AWS::EC2::Instance' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists by passing the required parameter `stack_name`. - -```ruby -describe aws_cloudformation_template(stack_name: 'STACK_NAME') do - it { should exist } -end -``` - -Use `should` to test that the entity exists by passing the required parameter `template_url`. - -```ruby -describe aws_cloudformation_template(template_url: 'TEMPLATE_URL') do - it { should exist } -end -``` - -Use `should_not` to test that the entity exists by passing the required parameter `stack_name`. - -```ruby -describe aws_cloudformation_template(stack_name: 'STACK_NAME') do - it { should_not exist } -end -``` - -Use `should_not` to test that the entity exists by passing the required parameter `template_url`. - -```ruby -describe aws_cloudformation_template(template_url: 'TEMPLATE_URL') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to test that the entity is available by passing the required parameter `stack_name`. - -```ruby -describe aws_cloudformation_template(stack_name: 'STACK_NAME') do - it { should be_available } -end -``` - -Use `should` to test that the entity is available by passing the required parameter `template_url`. - -```ruby -describe aws_cloudformation_template(template_url: 'TEMPLATE_URL') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFormation:Client:GetTemplateSummaryOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_cache_policies.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_cache_policies.md deleted file mode 100644 index 3b6d5e734f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_cache_policies.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_cloudfront_cache_policies Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_cache_policies" -identifier = "inspec/resources/aws/aws_cloudfront_cache_policies Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_cache_policies` InSpec audit resource to test properties of multiple AWS CloudFront cache policies. - -The `AWS::CloudFront::CachePolicy` resource describes the CloudFront cache policy. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the custom resource exists. - -```ruby -describe aws_cloudfront_cache_policies do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`types` -: The type for the cache policy. - -: **Field**: `type` - -`ids` -: The unique identifier for the cache policy. - -: **Field**: `id` - -`last_modified_times` -: The date and time when the cache policy was last modified. - -: **Field**: `last_modified_time` - -`comments` -: A comment to describe the cache policy. - -: **Field**: `comment` - -`names` -: A unique name to identify the cache policy. - -: **Field**: `name` - -`default_ttls` -: The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. - -: **Field**: `default_ttl` - -`max_ttls` -: The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. - -: **Field**: `max_ttl` - -`min_ttls` -: The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. - -: **Field**: `min_ttl` - -## Examples - -**Test that an ID is available.** - -```ruby -describe aws_cloudfront_cache_policies do - its('ids') { should include 'ID' } -end -``` - -**Verify the maximum TTL of the policy.** - -```ruby -describe aws_cloudfront_cache_policies do - its('max_ttls') { should include 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_cache_policies do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_cache_policies do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListCachePoliciesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_cache_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_cache_policy.md deleted file mode 100644 index 7e048e9493..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_cache_policy.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "aws_cloudfront_cache_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_cache_policy" -identifier = "inspec/resources/aws/aws_cloudfront_cache_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_cache_policy` InSpec audit resource to test properties of a single specific AWS CloudFront cache policy. - -The `AWS::CloudFront::CachePolicy` resource describes the CloudFront cache policy. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the custom resource exists. - -```ruby -describe aws_cloudfront_cache_policy(id: 'ID') do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The unique identifier for the cache policy. - -: For additional information, see the [AWS documentation on AWS CloudFormation cache policy.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cache policy.html). - -## Properties - -`id` -: The unique identifier for the cache policy. - -`last_modified_time` -: The date and time when the cache policy was last modified. - -`cache_policy_config.comment` -: A comment to describe the cache policy. - -`cache_policy_config.name` -: A unique name to identify the cache policy. - -`cache_policy_config.default_ttl` -: The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. - -`cache_policy_config.max_ttl` -: The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. - -`cache_policy_config.min_ttl` -: The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.enable_accept_encoding_gzip` -: A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.enable_accept_encoding_brotli` -: A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.headers_config.header_behavior` -: Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.headers_config.headers.quantity` -: The number of header names in the Items list. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.headers_config.headers.items` -: A list of HTTP header names. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.cookies_config.cookie_behavior` -: Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.cookies_config.cookies.quantity` -: The number of cookie names in the Items list. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.cookies_config.cookies.items` -: A list of cookie names. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.query_strings_config.query_string_behavior` -: Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.query_strings_config.query_strings.quantity` -: The number of query string names in the Items list. - -`cache_policy_config.parameters_in_cache_key_and_forwarded_to_origin.query_strings_config.query_strings.items` -: A list of query string names. - -## Examples - -**Ensure a ID is available.** - -```ruby -describe aws_cloudfront_cache_policy(id: 'ID') do - its('id') { should eq 'ID' } -end -``` - -**Verify the max TTL of the policy.** - -```ruby -describe aws_cloudfront_cache_policy(id: 'ID') do - its('cache_policy_config.max_ttl') { should eq 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_cache_policy(id: 'ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_cache_policy(id: 'ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_cache_policy(id: 'ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetCachePolicyResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_distribution.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_distribution.md deleted file mode 100644 index e52f42b697..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_distribution.md +++ /dev/null @@ -1,195 +0,0 @@ -+++ -title = "aws_cloudfront_distribution Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_distribution" -identifier = "inspec/resources/aws/aws_cloudfront_distribution Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_distribution` InSpec audit resource to test the properties of a single AWS CloudFront distribution. - -For additional information, including details on parameters and properties, see the [AWS API reference for CloudFront distributions](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_distribution.html) documentation. For available SSL/TLS version identifiers, see [OriginSslProtocols](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_OriginSslProtocols.html) and [AWS::CloudFront::distribution ViewerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html) documentation. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_cloudfront_distribution` exists: - -```ruby -describe aws_cloudfront_distribution('DISTRIBUTION') do - it { should exist } -end -``` - -```ruby -describe aws_cloudfront_distribution(distribution_id: 'DISTRIBUTION') do - it { should exist } -end -``` - -## Parameters - -`distribution_id` _(required)_ - -: The CloudFront distribution ID, which can be passed either as a string or as a `name: 'value'` key-value entry in a hash. - -`disallowed_ssl_protocols` _(optional)_ - -: If provided, this parameter is expected to be an array of strings identifying SSL/TLS protocols that you wish not to allow. - -: Included in the array should be the union of disallowed identifiers for: - -: - custom origin SSL/TLS protocols (currently SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2) - - identifiers for the minimum SSL/TLS protocol in the Viewer Certificate that CloudFront can use to communicate with viewers (currently SSLv3 | TLSv1 | TLSv1_1026 | TLSv1.1_2016 | TLSv1.2_2018 | TLSv1.2_2019 | TLSv1.2_2021). - -: Newer protocol identification strings (when available) may be provided in the set, as validity is not checked. The default value for disallowed_ssl_protocols is `%w{SSLv3 TLSv1 TLSv1_2016}`. - -`origin_domain_name` _(optional)_ - -: The domain name for the origin. - -: Provide the `origin_domain_name` if you want to validate the `s3_origin_path` property. - -## Properties - -`distribution_id` -: The identifier for the CloudFront distribution. - -`viewer_protocol_policies` -: An array of viewer protocol policies for all caches in this distribution; valid policy names are `allow-all` (which allows HTTP and HTTPS), `https-only` or `redirect-to-https`. - -`custom_origin_ssl_protocols` -: An array containing SSL/TLS protocols allowed by custom origins in this distribution. Empty if there are no custom origins (one or more standard S3 bucket origins). Current valid values are `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`. - -`viewer_certificate_minimum_ssl_protocol` -: The minimum SSL/TLS protocol version in the Viewer Certificate. Current valid values: `SSLv3`, `TLSv1`, `TLSv1_2016`, `TLSv1.1_2016`, `TLSv1.2_2018`, `TLSv1.2_2019`, `TLSv1.2_2021`. - -`s3_origin_config` -: `True`: if there are any S3 origin configs in the distribution (i.e. standard S3 bucket origins), else `False`. - -`s3_origin_path` -: The S3 origin path if `origin_domain_name` is specified in the resource parameters. - -`s3_origin_access` -: The origin access identity for s3 origin config. - -`access_logging` -: Access logging for CloudFront distribution. - -`ssl_certificate` -: The viewer certificate certificate source of CloudFront distribution. - -## Examples - -**Test that a CloudFront distribution has secure protocols configured.** - -```ruby -describe aws_cloudfront_distribution('DISTRIBUTION_ID') do - its('viewer_certificate_minimum_ssl_protocol') { should_not match /SSLv3|TLSv1$|TLSv1_2016/ } - its('viewer_protocol_policies') { should_not include 'allow-all' } - {SSLv3 TLSv1}.each do |protocol| - its('custom_origin_ssl_protocols') { should_not include protocol } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_viewer_protocol_policies_allowing_http - -The `have_viewer_protocol_policies_allowing_http` matcher tests if any of the caches for origins, including the default cache, has its viewer_protocol_policy set to 'allow-all'. - -```ruby -it { should_not have_viewer_protocol_policies_allowing_http } -``` - -### have_disallowed_custom_origin_ssl_protocols - -The `have_disallowed_custom_origin_ssl_protocols` matcher tests whether any of the SSL/TLS protocols defined in the ssl_protocols for all custom origins in the distribution are present in the `disallowed_ssl_protocols` parameter (if provided), or in the default disallowed SSL/TLS protocol list (if not). - -```ruby -it { should_not have_disallowed_custom_origin_ssl_protocols } -``` - -### have_disallowed_viewer_certificate_minimum_ssl_protocol - -The `have_disallowed_viewer_minimum_ssl_protocol` matcher tests whether the minimum SSL/TLS protocol for the distribution's Viewer Certificate is in the `disallowed_ssl_protocols` parameter (if provided), or in the default disallowed SSL/TLS protocol list (if not). - -```ruby -it { should_not have_disallowed_viewer_certificate_minimum_ssl_protocol } -``` - -### have_s3_origin_configs - -The `have_s3_origin_configs` matcher tests whether the distribution has a non-nil s3_origin_configs setting in any of its origins. - -```ruby -it { should_not have_s3_origin_configs } -``` - -### have_access_logging_enabled - -The `have_access_logging_enabled` matcher tests whether the distribution has access logging enabled. - -```ruby -it { should have_access_logging_enabled } -``` - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_cloudfront_distribution('EXISTING_DISTRIBUTION_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe cloudfront_distribution('NONEXISTING_DISTRIBUTION_ID') do - it { should_not exist } -end -``` - -### s3_origin_path - -Use `s3_origin_path` to return an origin path for the specified origin domain name if the origin path is configured, otherwise it returns an empty string. - -```ruby -describe aws_cloudfront_distribution(distribution_id: 'DISTRIBUTION_ID', origin_domain_name: 'ORIGIN_DOMAIN_NAME') do - its ('s3_origin_path') { should include '/next' } -end -``` - -```ruby -describe aws_cloudfront_distribution(distribution_id: 'DISTRIBUTION_ID', origin_domain_name: 'ORIGIN_DOMAIN_NAME') do - its ('s3_origin_path') { should include '/release' } -end -``` - -For the default origin path: - -```ruby -describe aws_cloudfront_distribution(distribution_id: 'DISTRIBUTION_ID', origin_domain_name: 'ORIGIN_DOMAIN_NAME') do - its ('s3_origin_path') { should include '' } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetDistributionResult" %}} - -You can find detailed documentation at [Identity and Access Management (IAM) in CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/auth-and-access-control.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_distributions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_distributions.md deleted file mode 100644 index 93c77bf6da..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_distributions.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_cloudfront_distributions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_distributions" -identifier = "inspec/resources/aws/aws_cloudfront_distributions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_distributions` InSpec audit resource to test the properties of a collection of an AWS CloudFront distributions. - -For additional information, including details on parameters and properties, see the [AWS API reference for CloudFront distributions](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_distribution.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a particular CloudFront distribution exists in `aws_cloudfront_distributions`: - -```ruby -describe aws_cloudfront_distributions do - its('distribution_ids') { should include 'DISTRIBUTION_ID' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`distribution_ids` -: The names of the CloudFront distributions. - -`distribution_arns` -: The Amazon Resource Name (ARN) of the CloudFront distributions. - -`statuses` -: The statuses of the CloudFront distributions (`InProgress` or `Deployed`). - -`domain_names` -: The domain names for the CloudFront distributions. - -`origin_domains_names` -: The domain names for the CloudFront distributions' origins (an array for each distribution). - -`default_cache_viewer_protocol_policies` -: The viewer protocol policy for the default cache for each of the CloudFront distributions. Values: `http-only`, `redirect-to-https` or `allow-all`. - -`cache_viewer_protocol_policies` -: The viewer protocol policy for all non-default caches for each of the CloudFront distributions (an array for each distribution). Values: `http-only`, `redirect-to-https` or `allow-all`. There may be an empty array for a distribution if no non-default caches are present. - -`custom_origin_ssl_protocols` -: An array for each CloudFront distribution containing SSL/TLS protocols allowed by all of the custom origins in that distribution, empty where no custom origins exist for a distribution. Current SSL/TLS protocol identifiers: `SSLv3`, `TLSv1`, `TLSv1_1026`, `TLSv1.1_2016`, `TLSv1.2_2018`, `TLSv1.2_2019` and `TLSv1.2_2021`. - -`s3_origin_config` -: Booleans indicating whether there are any S3 origin configs in a particular distribution (non-custom S3 bucket origins). - -`price_classes` -: The price classes for distributions, which corresponds with the maximum price that you want to pay for CloudFront service. Valid Values: `PriceClass_100`, `PriceClass_200`, `PriceClass_All`. - -`enabled` -: Booleans indicating whether the distributions are enabled. - -`viewer_certificate_ssl_support_methods` -: The SSL support methods for Viewer Certificates for the distributions, only set for distributions with aliases. Valid values: `sni-only`, `vip` or `static-ip`. - -`viewer_certificate_minimum_ssl_protocols` -: The minimum SSL/TLS protocol allowed by the Viewer Certificate in each distribution. Current valid values: `SSLv3`, `TLSv1`, `TLSv1_2016`, `TLSv1.1_2016`, `TLSv1.2_2018`, `TLSv1.2_2019`, `TLSv1.2_2021`. - -`http_versions` -: The maximum HTTP versions that viewers may to use to communicate with CloudFront distributions. Valid values: `http1.1` or `http2`. - -`ipv6_enabled` -: Booleans indicating whether IPv6 is enabled for CloudFront distributions. - -## Examples - -**Test that a particular CloudFront distribution exists, and that no cache viewer protocol policies allow HTTP.** - -```ruby -describe aws_cloudfront_distributions do - its('distribution_ids') { should include 'DISTRIBUTION_ID' } - its('default_cache_viewer_protocol_policies') { should_not include 'allow-all' } - its('cache_viewer_protocol_policies') { should_not include 'allow-all' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_cloudfront_distributions do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListDistributionsResult" %}} - -You can find detailed documentation at [Identity and Access Management (IAM) in CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/auth-and-access-control.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_key_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_key_group.md deleted file mode 100644 index a5179c37e6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_key_group.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_cloudfront_key_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_key_group" -identifier = "inspec/resources/aws/aws_cloudfront_key_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_key_group` InSpec audit resource to test properties of a single AWS CloudFront key group. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront key group.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the key group exists. - -```ruby -describe aws_cloudfront_key_group(id: "ID") do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The identifier for the key group. - -## Properties - -`id` -: The identifier for the key group. - -`last_modified_time` -: The date and time when the key group was last modified. - -`key_group_config.name` -: A name to identify the key group. - -`key_group_config.items` -: A list of the identifiers of the public keys in the key group. - -`key_group_config.comment` -: A comment to describe the key group. The comment cannot be longer than 128 characters. - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_cloudfront_key_group(id: "ID") do - its('id') { should eq 'ID' } -end -``` - -**Ensure that the key group name is available.** - -```ruby -describe aws_cloudfront_key_group(id: "ID") do - its('key_group_config.name') { should eq 'KEY_GROUP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_key_group(id: "ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_key_group(id: "ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_key_group(id: "ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetKeyGroupResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_key_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_key_groups.md deleted file mode 100644 index 51b9244958..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_key_groups.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "aws_cloudfront_key_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_key_groups" -identifier = "inspec/resources/aws/aws_cloudfront_key_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_key_groups` InSpec audit resource to test properties of multiple AWS CloudFront key groups. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront key group.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the key group exists. - -```ruby -describe aws_cloudfront_key_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The identifier for the key group. - -: **Field**: `id` - -`last_modified_times` -: The date and time when the key group was last modified. - -: **Field**: `last_modified_time` - -`names` -: A name to identify the key group. - -: **Field**: `name` - -`items` -: A list of the identifiers of the public keys in the key group. - -: **Field**: `items` - -`comments` -: A comment to describe the key group. The comment cannot be longer than 128 characters. - -: **Field**: `comment` - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_cloudfront_key_groups do - its('ids') { should include 'ID' } -end -``` - -**Ensure that the key group name is available.** - -```ruby -describe aws_cloudfront_key_groups do - its('names') { should include 'KEY_GROUP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_key_groups do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_cloudfront_key_groups do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListKeyGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_access_identities.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_access_identities.md deleted file mode 100644 index 792d30f490..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_access_identities.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "aws_cloudfront_origin_access_identities Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_origin_access_identities" -identifier = "inspec/resources/aws/aws_cloudfront_origin_access_identities Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_origin_access_identities` InSpec audit resource to test properties of multiple AWS CloudFront origin access identities. - -An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront CloudFrontOriginAccessIdentity.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the identity exists. - -```ruby -describe aws_cloudfront_origin_access_identities do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID for the origin access identity. - -: **Field**: `id` - -`s3_canonical_user_ids` -: The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3. - -: **Field**: `s3_canonical_user_id` - -`caller_references` -: A unique value (for example, a date-time stamp) that ensures that the request can't be replayed. - -: **Field**: `caller_reference` - -`comments` -: A comment to describe the origin access identity. - -: **Field**: `comment` - -## Examples - -**Test that an ID is available.** - -```ruby -describe aws_cloudfront_origin_access_identities do - its('ids') { should include 'ID' } -end -``` - -**Test that an s3 canonical user ID is available.** - -```ruby -describe aws_cloudfront_origin_access_identities do - its('s3_canonical_user_ids') { should include 'S3_CANONICAL_USER_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_origin_access_identities do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_origin_access_identities do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListCloudFrontOriginAccessIdentitiesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_access_identity.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_access_identity.md deleted file mode 100644 index 2ab67b5ece..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_access_identity.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_cloudfront_origin_access_identity Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_origin_access_identity" -identifier = "inspec/resources/aws/aws_cloudfront_origin_access_identity Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_origin_access_identity` InSpec audit resource to test properties of a single specific AWS CloudFront origin access identity. - -An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront CloudFrontOriginAccessIdentity.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the identity exists. - -```ruby -describe aws_cloudfront_origin_access_identity(id: 'ID') do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The ID for the origin access identity. - -## Properties - -`id` -: The ID for the origin access identity. - -`s3_canonical_user_id` -: The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3. - -`cloud_front_origin_access_identity_config.caller_reference` -: A unique value (for example, a date-time stamp) that ensures that the request can't be replayed. - -`cloud_front_origin_access_identity_config.comment` -: A comment to describe the origin access identity. - -## Examples - -**Test that an ID is available.** - -```ruby -describe aws_cloudfront_origin_access_identity(id: 'ID') do - its('id') { should eq 'ID' } -end -``` - -**Test that an s3 canonical user ID is available.** - -```ruby -describe aws_cloudfront_origin_access_identity(id: 'ID') do - its('s3_canonical_user_id') { should eq 'S3_CANONICAL_USER_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_origin_access_identity(id: 'ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_origin_access_identity(id: 'ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_origin_access_identity(id: 'ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetCloudFrontOriginAccessIdentityResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_request_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_request_policy.md deleted file mode 100644 index ae7d8e3f11..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_origin_request_policy.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "aws_cloudfront_origin_request_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_origin_request_policy" -identifier = "inspec/resources/aws/aws_cloudfront_origin_request_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_origin_request_policy` InSpec audit resource to test properties of a single specific AWS CloudFront origin request policy. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront origin request policy.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the origin request policy exists. - -```ruby -describe aws_cloudfront_origin_request_policy(id: 'ID') do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The unique identifier for the origin request policy. - -## Properties - -`id` -: The unique identifier for the origin request policy. - -`last_modified_time` -: The date and time when the origin request policy was last modified. - -`origin_request_policy_config.comment` -: A comment to describe the origin request policy. - -`origin_request_policy_config.name` -: A unique name to identify the origin request policy. - -`origin_request_policy_config.headers_config.header_behavior` -: Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. - -`origin_request_policy_config.headers_config.headers.quantity` -: The number of header names in the Items list. - -`origin_request_policy_config.headers_config.headers.items` -: A list of HTTP header names. - -`origin_request_policy_config.cookies_config.cookie_behavior` -: Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. - -`origin_request_policy_config.cookies_config.cookies.quantity` -: The number of cookie names in the Items list. - -`origin_request_policy_config.cookies_config.cookies.items` -: A list of cookie names. - -`origin_request_policy_config.query_strings_config.query_string_behavior` -: Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. - -`origin_request_policy_config.query_strings_config.query_strings.quantity` -: The number of query string names in the Items list. - -`origin_request_policy_config.query_strings_config.query_strings.items` -: A list of query string names. - -## Examples - -**Test that an ID is available.** - -```ruby -describe aws_cloudfront_origin_request_policy(id: 'ID') do - its('id') { should eq 'ID' } -end -``` - -**Verify the number of cookies.** - -```ruby -describe aws_cloudfront_origin_request_policy(id: 'ID') do - its('origin_request_policy_config.cookies_config.cookies.quantity') { should eq 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_origin_request_policy(id: 'ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_origin_request_policy(id: 'ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_origin_request_policy(id: 'ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetOriginRequestPolicyResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_public_key.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_public_key.md deleted file mode 100644 index a7861b2bf5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_public_key.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_cloudfront_public_key Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_public_key" -identifier = "inspec/resources/aws/aws_cloudfront_public_key Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_public_key` InSpec audit resource to test properties of a single AWS CloudFront public key. - -The `AWS::CloudFront::PublicKey` resource type creates a public key that you can use with signed URLs and signed cookies, or with field-level encryption. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs public key.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the public key exists. - -```ruby -describe aws_cloudfront_public_key(id: "PUBLIC_KEY_ID") do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The identifier of the public key. - -## Properties - -`id` -: The identifier of the public key. - -`created_time` -: The date and time when the public key was uploaded. - -`public_key_config.caller_reference` -: A string included in the request to help make sure that the request can’t be replayed. - -`public_key_config.name` -: A name to help identify the public key. - -`public_key_config.encoded_key` -: The public key that you can use with signed URLs and signed cookies , or with field-level encryption. - -`public_key_config.comment` -: A comment to describe the public key. The comment cannot be longer than 128 characters. - -## Examples - -**Ensure a public key ID is available.** - -```ruby -describe aws_cloudfront_public_key(id: "PUBLIC_KEY_ID") do - its('id') { should eq 'ID' } -end -``` - -**Ensure a public key name is available.** - -```ruby -describe aws_cloudfront_public_key(id: "PUBLIC_KEY_ID") do - its('public_key_config.name') { should eq 'PUBLIC_KEY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_public_key(id: "PUBLIC_KEY_ID") do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_cloudfront_public_key(id: "PUBLIC_KEY_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_public_key(id: "PUBLIC_KEY_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetPublicKeyResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_public_keys.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_public_keys.md deleted file mode 100644 index c2de363425..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_public_keys.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_cloudfront_public_keys Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_public_keys" -identifier = "inspec/resources/aws/aws_cloudfront_public_keys Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_public_keys` InSpec audit resource to test properties of multiple AWS CloudFront public keys. - -The `AWS::CloudFront::PublicKey` resource type creates a public key that you can use with signed URLs and signed cookies, or with field-level encryption. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront public key.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the public key exists. - -```ruby -describe aws_cloudfront_public_keys do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The identifier of the public key. - -: **Field**: `id` - -`created_times` -: The date and time when the public key was uploaded. - -: **Field**: `created_time` - -`caller_references` -: A string included in the request to help make sure that the request can’t be replayed. - -: **Field**: `caller_reference` - -`names` -: A name to help identify the public key. - -: **Field**: `name` - -`encoded_keys` -: The public key that you can use with signed URLs and signed cookies , or with field-level encryption. - -: **Field**: `encoded_key` - -`comments` -: A comment to describe the public key. The comment cannot be longer than 128 characters. - -: **Field**: `comment` - -## Examples - -**Ensure a public key ID is available.** - -```ruby -describe aws_cloudfront_public_keys do - its('ids') { should include 'ID' } -end -``` - -**Ensure a public key name is available.** - -```ruby -describe aws_cloudfront_public_keys do - its('names') { should include 'PUBLIC_KEY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_public_keys do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_public_keys do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListPublicKeysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_realtime_log_config.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_realtime_log_config.md deleted file mode 100644 index c587085eb6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_realtime_log_config.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_cloudfront_realtime_log_config Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_realtime_log_config" -identifier = "inspec/resources/aws/aws_cloudfront_realtime_log_config Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_realtime_log_config` InSpec audit resource to test properties of a single specific AWS CloudFront real-time log configuration. - -The `AWS::CloudFront::RealtimeLogConfig` resource creates a real-time log configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront RealtimeLogConfig.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the config exists. - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The unique name of this real-time log configuration. - -## Properties - -`arn` -: The Amazon Resource Name (ARN) of this real-time log configuration. - -`name` -: The unique name of this real-time log configuration. - -`sampling_rate` -: The sampling rate for this real-time log configuration. - -`end_points` -: Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration. - -`end_points_stream_types` -: The type of data stream where you are sending real-time log data. The only valid value is Kinesis. - -`end_points_kinesis_stream_config_role_arns` -: The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream. - -`end_points_kinesis_stream_config_stream_arns` -: The Amazon Resource Name (ARN) of the Kinesis data stream where you are sending real-time log data. - -`fields` -: A list of fields that are included in each real-time log record. - -## Examples - -**Ensure an ARN is available.** - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - its('arn') { should eq 'ARN' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - its('name') { should eq 'CONFIG_NAME' } -end -``` - -**Ensure a stream type is `Kinesis`.** - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - its('end_points_stream_types') { should include 'Kinesis' } -end -``` - -**Ensure a stream ARN is available.** - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - its('end_points_kinesis_stream_config_stream_arns') { should include 'STREAM_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetRealtimeLogConfigResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_realtime_log_configs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_realtime_log_configs.md deleted file mode 100644 index 5c5866af80..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_realtime_log_configs.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_cloudfront_realtime_log_configs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_realtime_log_configs" -identifier = "inspec/resources/aws/aws_cloudfront_realtime_log_configs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_realtime_log_configs` InSpec audit resource to test multiple AWS CloudFront real-time log configurations. - -The `AWS::CloudFront::RealtimeLogConfig` resource creates a real-time log configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront RealtimeLogConfig.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the config exists. - -```ruby -describe aws_cloudfront_realtime_log_configs do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arns` -: The Amazon Resource Name (ARN) of this real-time log configuration. - -: **Field**: `arn` - -`names` -: The unique name of this real-time log configuration. - -: **Field**: `name` - -`sampling_rates` -: The sampling rate for this real-time log configuration. - -: **Field**: `sampling_rate` - -`end_points` -: Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration. - -: **Field**: `end_points` - -`fields` -: A list of fields that are included in each real-time log record. - -: **Field**: `fields` - -## Examples - -**Ensure an ARN is available.** - -```ruby -describe aws_cloudfront_realtime_log_configs do - its('arns') { should include 'ARN' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_cloudfront_realtime_log_configs do - its('names') { should include 'CONFIG_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_realtime_log_configs do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_realtime_log_configs do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_realtime_log_configs do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListRealtimeLogConfigsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_streaming_distribution.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_streaming_distribution.md deleted file mode 100644 index f963c58dbb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_streaming_distribution.md +++ /dev/null @@ -1,168 +0,0 @@ -+++ -title = "aws_cloudfront_streaming_distribution Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_streaming_distribution" -identifier = "inspec/resources/aws/aws_cloudfront_streaming_distribution Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_streaming_distribution` InSpec audit resource to test properties of a single specific AWS CloudFront streaming distribution. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront streaming distribution.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the distribution exists. - -```ruby -describe aws_cloudfront_streaming_distribution(id: 'ID') do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The streaming distribution's ID. - -## Properties - -`id` -: The streaming distribution's ID. - -`arn` -: The ARN (Amazon Resource Name) for the distribution. - -`status` -: The current status of the RTMP distribution. - -`last_modified_time` -: The date and time that the distribution was last modified. - -`domain_name` -: The domain name that corresponds to the streaming distribution. - -`active_trusted_signers.enabled` -: This field is true if any of the accounts in the list have active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. - -`active_trusted_signers.quantity` -: The number of accounts in the list. - -`active_trusted_signers.items` -: A list of accounts and the identifiers of active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies. - -`active_aws_account_numbers` -: An account number that contains active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. - -`active_key_pair_id_quantities` -: The number of key pair identifiers in the list. - -`active_key_pair_id_items` -: A list of CloudFront key pair identifiers. - -`streaming_distribution_config.caller_reference` -: A unique value (for example, a date-time stamp) that ensures that the request can't be replayed. - -`streaming_distribution_config.s3_origin.domain_name` -: The DNS name of the Amazon S3 origin. - -`streaming_distribution_config.s3_origin.origin_access_identity` -: The CloudFront origin access identity to associate with the distribution. Use an origin access identity to configure the distribution so that end users can only access objects in an Amazon S3 bucket through CloudFront. - -`streaming_distribution_config.aliases.quantity` -: The number of CNAME aliases, if any, that you want to associate with this distribution. - -`streaming_distribution_config.aliases.items` -: A complex type that contains the CNAME aliases, if any, that you want to associate with this distribution. - -`streaming_distribution_config.comment` -: Any comments you want to include about the streaming distribution. - -`streaming_distribution_config.logging.enabled` -: Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. - -`streaming_distribution_config.logging.bucket` -: The Amazon S3 bucket to store the access logs in. - -`streaming_distribution_config.logging.prefix` -: An optional string that you want CloudFront to prefix to the access log filenames for this streaming distribution. - -`streaming_distribution_config.trusted_signers.enabled` -: This field is true if any of the accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false. - -`streaming_distribution_config.trusted_signers.quantity` -: The number of accounts in the list. - -`streaming_distribution_config.trusted_signers.items` -: A list of account identifiers. - -`streaming_distribution_config.price_class` -: A complex type that contains information about price class for this streaming distribution. - -`streaming_distribution_config.enabled` -: Whether the streaming distribution is enabled to accept user requests for content. - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_cloudfront_streaming_distribution(id: 'ID') do - its('id') { should eq 'ID' } -end -``` - -**Ensure a status is `Deployed`.** - -```ruby -describe aws_cloudfront_streaming_distribution(id: 'ID') do - its('status') { should eq 'Deployed' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_streaming_distribution(id: 'ID') do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_cloudfront_streaming_distribution(id: 'ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudfront_streaming_distribution(id: 'ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetStreamingDistributionResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_streaming_distributions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_streaming_distributions.md deleted file mode 100644 index 32fd75c8da..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudfront_streaming_distributions.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "aws_cloudfront_streaming_distributions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudfront_streaming_distributions" -identifier = "inspec/resources/aws/aws_cloudfront_streaming_distributions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudfront_streaming_distributions` InSpec audit resource to test plural properties of AWS CloudFront streaming distribution. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudFront streaming distribution.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the distribution exists. - -```ruby -describe aws_cloudfront_streaming_distributions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The streaming distribution's ID. - -: **Field**: `id` - -`arns` -: The ARN (Amazon Resource Name) for the distribution. - -: **Field**: `arn` - -`statuses` -: The current status of the RTMP distribution. - -: **Field**: `status` - -`last_modified_time` -: The date and time that the distribution was last modified. - -: **Field**: `last_modified_time` - -`domain_names` -: The domain name corresponding to the distribution. - -: **Field**: `domain_names` - -`s3_origins` -: A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution. - -: **Field**: `s3_origin` - -`aliases` -: A complex type that contains information about CNAMEs (alternate domain names), if any, for this streaming distribution. - -: **Field**: `aliases` - -`trusted_signers` -: A complex type that specifies the accounts. - -: **Field**: `trusted_signers` - -`comments` -: The comment originally specified when this distribution was created. - -: **Field**: `comment` - -`price_classes` -: A complex type that contains information about price class for this streaming distribution. - -: **Field**: `price_class` - -`enabled` -: Whether the distribution is enabled to accept end user requests for content. - -: **Field**: `enabled` - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_cloudfront_streaming_distributions do - its('ids') { should include 'ID' } -end -``` - -**Ensure a status is `Deployed`.** - -```ruby -describe aws_cloudfront_streaming_distributions do - its('statuses') { should include 'Deployed' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudfront_streaming_distributions do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudfront_streaming_distributions do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListStreamingDistributionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudtrail_trail.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudtrail_trail.md deleted file mode 100644 index d5d81dbe0e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudtrail_trail.md +++ /dev/null @@ -1,201 +0,0 @@ -+++ -title = "aws_cloudtrail_trail Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudtrail_trail" -identifier = "inspec/resources/aws/aws_cloudtrail_trail Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudtrail_trail` Chef InSpec audit resource to test properties of a single AWS CloudTrail trail. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_cloudtrail_trail` resource block identifies a trail by `TRAIL_NAME`. - -**Find a trail by name:** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should exist } -end -``` - -**Use hash syntax to find a trail by trail name:** - -```ruby -describe aws_cloudtrail_trail(trail_name: 'TRAIL_NAME') do - it { should exist } -end -``` - -## Parameters - -`trail_name` _(required)_ -: This resource expects a single parameter, the CloudTrail name which uniquely identifies it. - This can be passed either as a string or as a `trail_name: 'value'` key-value entry in a hash. - -See the [AWS documentation on CloudTrail](https://docs.aws.amazon.com/cloudtrail/index.html#lang/en_us). - -## Properties - -`trail_arn` -: Specifies the ARN of the trail. - -`TRAIL_NAME` -: Name of the trail. - -`home_region` -: The region in which the trail was created. - -`s3_bucket_name` -: Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. - -`cloud_watch_logs_role_arn` -: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. - -`cloud_watch_logs_log_group_arn` -: Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. - -`kms_key_id` -: Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. - -`s3_key_prefix` -: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. - -`is_organization_trail` -: Specifies whether the trail is an organization trail. It returns boolean value. - -## Examples - -**Test that the specified trail does exist.** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should exist } -end -``` - -```ruby -describe aws_cloudtrail_trail(trail_name: 'TRAIL_NAME') do - it { should exist } -end -``` - -**Check the KMS key used to encrypt.** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - its('kms_key_id') { should eq "KMS_KEY_ID" } -end -``` - -**Check the home region is correct.** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - its('home_region') { should eq 'us-east-1' } -end -``` - -**Test that the specified trail is a multi-region trail.** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should be_multi_region_trail } -end -``` - -**Test that the specified trail is an organization trail.** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - its("is_organization_trail") { should eq true } - it { should be_organization_trail } -end -``` - -**Test that the specified trail has a S3 Key Prefix.** - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - its("s3_key_prefix") { should eq 'S3_KEY_PREFIX_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` with the `exist` matcher to verify that the CloudTrail trail exists. - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should exist } -end -``` - -Use `should_not` to verify that a CloudTrail trail does not exists. - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should_not exist } -end -``` - -### be_multi_region_trail - -The test will pass if the identified trail is a multi-region trail. - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should be_multi_region_trail } -end -``` - -### be_encrypted - -The test will pass if the logs delivered by the identified trail are encrypted. - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should be_encrypted } -end -``` - -### be_log_file_validation_enabled - -The test will pass if the identified trail has log file integrity validation enabled. - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should be_log_file_validation_enabled } -end -``` - -### be_organization_trail - -The test will pass if the identified trail has organization trail is enabled. - -```ruby -describe aws_cloudtrail_trail('TRAIL_NAME') do - it { should be_organization_trail } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudTrail:Client:DescribeTrailsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudtrail_trails.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudtrail_trails.md deleted file mode 100644 index a1fca9ce7b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudtrail_trails.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_cloudtrail_trails Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudtrail_trails" -identifier = "inspec/resources/aws/aws_cloudtrail_trails Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudtrail_trails` InSpec audit resource to test properties of a collection of AWS CloudTrail Trails. - -For additional information, including details on parameters and properties, see the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_cloudtrail_trails` resource block returns all CloudTrail Trails and allows the testing of those trails. - -```ruby -describe aws_cloudtrail_trails do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`trail_arns` -: Specifies the ARNs of the trails. - -`names` -: The names of the trails. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a CloudTrail with a specific name exists.** - -```ruby -describe aws_cloudtrail_trails do - its('names') { should include('trail-1') } -end -``` - -**Ensure a CloudTrail with a specific arn exists.** - -```ruby -describe aws_cloudtrail_trails do - its('trail_arns') { should include('arn:aws:cloudtrail:us-east-1::trail/trail-1') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_cloudtrail_trails do - it { should exist } -end -``` - -```ruby -describe aws_cloudtrail_trails do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudTrail:Client:DescribeTrailsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_alarm.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_alarm.md deleted file mode 100644 index 48920811aa..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_alarm.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_cloudwatch_alarm Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_alarm" -identifier = "inspec/resources/aws/aws_cloudwatch_alarm Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_alarm` InSpec audit resource to test properties of a single CloudWatch Alarm. - -**If more than one Alarm matches, an error will be raised.** - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -### Ensure an Alarm exists. - -```ruby -aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do - it { should exist } -end -``` - -## Parameters - -`metric_name` _(required)_ - -: The metric name used by this alarm. This must be passed as a `metric_name: 'value'` key-value entry in a hash. - -`metric_namespace` _(required)_ - -: The metric namespace used by this alarm. This must be passed as a `metric_namespace: 'value'` key-value entry in a hash. - -`dimensions` _(optional)_ - -: The dimensions associated with this alarm. This must be passed as an array of hashes `dimensions: [{key:'value'}]` . - -## Properties - -`alarm_actions` -: The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -`alarm_name` -: The name of the alarm. - -`metric_name` -: The name of the metric. - -`metric_namespace` -: The namespace of the metric. - -## Examples - -**Ensure an Alarm has at least one alarm action.** - -```ruby -describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do - its('alarm_actions') { should_not be_empty } -end -``` - -**Ensure an Alarm with Dimensions exists.** - -```ruby -describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace', dimensions: [{key: 'value'}]) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_cloudwatch_alarm(metric_name: 'good-metric', metric_namespace: 'my-metric-namespace') do - it { should exist } -end -``` - -```ruby -describe aws_cloudwatch_alarm(metric_name: 'bed-metric', metric_namespace: 'my-metric-namespace') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:DescribeAlarmsForMetricOutput" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_anomaly_detector.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_anomaly_detector.md deleted file mode 100644 index 580a1a0ce3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_anomaly_detector.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_cloudwatch_anomaly_detector Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_anomaly_detector" -identifier = "inspec/resources/aws/aws_cloudwatch_anomaly_detector Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_anomaly_detector` InSpec audit resource to test properties of a single specific AWS CloudWatch anomaly detector. - -The `AWS::CloudWatch::AnomalyDetector` type specifies an anomaly detection band for a certain metric and statistic. The band represents the expected "normal" range for the metric values. Anomaly detection bands can be used for visualization of a metric's expected values, and for alarms. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch AnomalyDetector.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-anomalydetector.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the anomaly detector exists. - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - it { should exist } -end -``` - -## Parameters - -`metric_name` _(required)_ - -: The name of the metric associated with the anomaly detection model. - -## Properties - -`namespace` -: The namespace of the metric associated with the anomaly detection model. - -`metric_name` -: The name of the metric associated with the anomaly detection model. - -`dimensions` -: The metric dimensions associated with the anomaly detection model. - -`dimensions_names` -: The name of the dimension. - -`dimensions_values` -: The value of the dimension. - -`stat` -: The statistic associated with the anomaly detection model. - -`configuration_start_time` -: The start time of the range to exclude. - -`configuration_end_time` -: The end time of the range to exclude. - -`configuration.metric_timezone` -: The time zone to use for the metric. - -`state_value` -: he current status of the anomaly detector's training. The possible values are TRAINED, PENDING_TRAINING and TRAINED_INSUFFICIENT_DATA. - -## Examples - -**Ensure a namespace is available.** - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - its('namespace') { should eq 'NAMESPACE' } -end -``` - -**Ensure a config name is available.** - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - its('name') { should eq 'CONFIG_NAME' } -end -``` - -**Ensure a dimension name is available.** - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - its('dimensions_names') { should include 'DIMENSION_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatch_anomaly_detector(metric_name: 'METRIC_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:DescribeAnomalyDetectorsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_anomaly_detectors.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_anomaly_detectors.md deleted file mode 100644 index cf4f946a20..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_anomaly_detectors.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_cloudwatch_anomaly_detectors Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_anomaly_detectors" -identifier = "inspec/resources/aws/aws_cloudwatch_anomaly_detectors Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_anomaly_detectors` InSpec audit resource to test properties of multiple AWS CloudWatch anomaly detectors. - -The `AWS::CloudWatch::AnomalyDetector` type specifies an anomaly detection band for a certain metric and statistic. The band represents the expected "normal" range for the metric values. Anomaly detection bands can be used for visualization of a metric's expected values, and for alarms. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch AnomalyDetector.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-anomalydetector.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the anomaly detector exists. - -```ruby -describe aws_cloudwatch_anomaly_detectors do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`namespaces` -: The namespace of the metric associated with the anomaly detection model. - -: **Field**: `namespace` - -`metric_names` -: The name of the metric associated with the anomaly detection model. - -: **Field**: `metric_name` - -`dimensions` -: The metric dimensions associated with the anomaly detection model. - -: **Field**: `dimensions` - -`stats` -: The statistic associated with the anomaly detection model. - -: **Field**: `stat` - -`configurations` -: The configuration. - -: **Field**: `start_time` - -`state_values` -: he current status of the anomaly detector's training. The possible values are TRAINED, PENDING_TRAINING and TRAINED_INSUFFICIENT_DATA. - -: **Field**: `state_value` - -## Examples - -**Ensure a namespace is available.** - -```ruby -describe aws_cloudwatch_anomaly_detectors do - its('namespaces') { should include 'NAMESPACE' } -end -``` - -**Ensure a metric name is available.** - -```ruby -describe aws_cloudwatch_anomaly_detectors do - its('metric_names') { should include 'METRIC_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_anomaly_detectors do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatch_anomaly_detectors do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatch_anomaly_detectors do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:DescribeAnomalyDetectorsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_composite_alarm.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_composite_alarm.md deleted file mode 100644 index 0c0189f6c6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_composite_alarm.md +++ /dev/null @@ -1,142 +0,0 @@ -+++ -title = "aws_cloudwatch_composite_alarm Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_composite_alarm" -identifier = "inspec/resources/aws/aws_cloudwatch_composite_alarm Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_composite_alarm` InSpec audit resource to test properties of a single specific AWS CloudWatch composite alarm. - -The `AWS::CloudWatch::CompositeAlarm` resource type creates or updates a composite alarm. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch composite alarm.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the config exists. - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - it { should exist } -end -``` - -## Parameters - -`alarm_name` _(required)_ - -: The name of the alarm. - -## Properties - -`actions_enabled` -: Indicates whether actions should be executed during any changes to the alarm state. - -`alarm_actions` -: The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -`alarm_arn` -: The Amazon Resource Name (ARN) of the alarm. - -`alarm_configuration_updated_timestamp` -: The time stamp of the last update to the alarm configuration. - -`alarm_description` -: The description of the alarm. - -`alarm_name` -: The name of the alarm. - -`alarm_rule` -: The rule that this alarm uses to evaluate its alarm state. - -`insufficient_data_actions` -: The actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -`ok_actions` -: The actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -`state_reason` -: An explanation for the alarm state, in text format. - -`state_reason_data` -: An explanation for the alarm state, in JSON format. - -`state_updated_timestamp` -: The time stamp of the last update to the alarm state. - -`state_value` -: The state value for the alarm. - -## Examples - -**Ensure an actions is enabled.** - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - its('actions_enabled') { should eq true } -end -``` - -**Ensure an alarm ARN is available.** - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - its('alarm_arn') { should eq 'ALARM_ARN' } -end -``` - -**Ensure an alarm name is available.** - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - its('alarm_name') { should eq 'ALARM_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatch_composite_alarm(alarm_name: 'COMPOSITE_ALARM_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:DescribeAlarmsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_composite_alarms.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_composite_alarms.md deleted file mode 100644 index 754e0d9aa6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_composite_alarms.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "aws_cloudwatch_composite_alarms Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_composite_alarms" -identifier = "inspec/resources/aws/aws_cloudwatch_composite_alarms Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_composite_alarms` InSpec audit resource to test properties of multiple AWS CloudWatch composite alarms. - -The `AWS::CloudWatch::CompositeAlarm` resource type creates or updates a composite alarm. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch composite alarm.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the alarms exists. - -```ruby -describe aws_cloudwatch_composite_alarms do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`actions_enabled` -: Indicates whether actions should be executed during any changes to the alarm state. - -: **Field**: `actions_enabled` - -`alarm_actions` -: The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -: **Field**: `alarm_actions` - -`alarm_arns` -: The Amazon Resource Name (ARN) of the alarm. - -: **Field**: `alarm_arn` - -`alarm_configuration_updated_timestamp` -: The time stamp of the last update to the alarm configuration. - -: **Field**: `alarm_configuration_updated_timestamp` - -`alarm_descriptions` -: The description of the alarm. - -: **Field**: `alarm_description` - -`alarm_names` -: The name of the alarm. - -: **Field**: `alarm_name` - -`alarm_rules` -: The rule that this alarm uses to evaluate its alarm state. - -: **Field**: `alarm_rule` - -`insufficient_data_actions` -: The actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -: **Field**: `insufficient_data_actions` - -`ok_actions` -: The actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). - -: **Field**: `ok_actions` - -`state_reasons` -: An explanation for the alarm state, in text format. - -: **Field**: `state_reason` - -`state_reason_data` -: An explanation for the alarm state, in JSON format. - -: **Field**: `state_reason_data` - -`state_updated_timestamp` -: The time stamp of the last update to the alarm state. - -: **Field**: `state_updated_timestamp` - -`state_values` -: The state value for the alarm. - -: **Field**: `state_value` - -## Examples - -**Ensure an actions is enabled.** - -```ruby -describe aws_cloudwatch_composite_alarms do - its('actions_enabled') { should include true } -end -``` - -**Ensure an alarm arn is available.** - -```ruby -describe aws_cloudwatch_composite_alarms do - its('alarm_arns') { should include 'ALARM_ARN' } -end -``` - -**Ensure an alarm name is available.** - -```ruby -describe aws_cloudwatch_composite_alarms do - its('alarm_names') { should include 'ALARM_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_composite_alarms do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_cloudwatch_composite_alarms do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:DescribeAlarmsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_dashboard.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_dashboard.md deleted file mode 100644 index 39394dc30d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_dashboard.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_cloudwatch_dashboard Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_dashboard" -identifier = "inspec/resources/aws/aws_cloudwatch_dashboard Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_dashboard` InSpec audit resource to test properties of the plural AWS CloudWatch dashboard. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch Dashboard.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-dashboard.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the dashboard exists. - -```ruby -describe aws_cloudwatch_dashboard(dashboard_name: 'DASHBOARD_NAME') do - it { should exist } -end -``` - -## Parameters - -`dashboard_name` _(required)_ - -: The name of a dashboard. - -## Properties - -`dashboard_arn` -: The Amazon Resource Name (ARN) of the dashboard. - -`dashboard_body` -: The detailed information about the dashboard, including what widgets are included and their location on the dashboard. - -`dashboard_name` -: The name of the dashboard. - -## Examples - -**Ensure a dashboard ARN is available.** - -```ruby -describe aws_cloudwatch_dashboard(dashboard_name: 'DASHBOARD_NAME') do - its('dashboard_arn') { should eq 'ARN' } -end -``` - -**Ensure a dashboard body is available.** - -```ruby -describe aws_cloudwatch_dashboard(dashboard_name: 'DASHBOARD_NAME') do - its('dashboard_body') { should eq 'BODY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_dashboard(dashboard_name: 'DASHBOARD_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatch_dashboard(dashboard_name: 'DASHBOARD_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:GetDashboardOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_dashboards.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_dashboards.md deleted file mode 100644 index e672e1d579..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_dashboards.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_cloudwatch_dashboards Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_dashboards" -identifier = "inspec/resources/aws/aws_cloudwatch_dashboards Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_dashboards` InSpec audit resource to test properties of the plural AWS CloudWatch dashboard. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch dashboard.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-dashboard.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the dashboard exists. - -```ruby -describe aws_cloudwatch_dashboards do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`dashboard_names` -: The name of the dashboard. - -: **Field**: `dashboard_name` - -`dashboard_arns` -: The Amazon Resource Name (ARN) of the dashboard. - -: **Field**: `dashboard_arn` - -`last_modified` -: The time stamp of when the dashboard was last modified, either by an API call or through the console. - -: **Field**: `last_modified` - -`sizes` -: The size of the dashboard, in bytes. - -: **Field**: `size` - -## Examples - -**Ensure a dashboard ARN is available.** - -```ruby -describe aws_cloudwatch_dashboards do - its('dashboard_arns') { should include 'ARN' } -end -``` - -**Ensure a dashboard name is available.** - -```ruby -describe aws_cloudwatch_dashboards do - its('dashboard_names') { should include 'DASHBOARD_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_dashboards do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatch_dashboards do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:ListDashboardsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_insight_rules.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_insight_rules.md deleted file mode 100644 index 3eccc2806f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_insight_rules.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_cloudwatch_insight_rules Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_insight_rules" -identifier = "inspec/resources/aws/aws_cloudwatch_insight_rules Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_insight_rules` InSpec audit resource to test properties of the plural AWS CloudWatch Insight rules. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch Insight rules.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-insightrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the Insight rule exists. - -```ruby -describe aws_cloudwatch_insight_rules do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The name of the rule. - -: **Field**: `name` - -`states` -: Indicates whether the rule is enabled or disabled. - -: **Field**: `schema` - -`schemas` -: For rules that you create, this is always {"Name": "CloudWatchLogRule", "Version": 1} . For built-in rules, this is {"Name": "ServiceLogRule", "Version": 1}. - -: **Field**: `dashboard_name` - -`definitions` -: The definition of the rule, as a JSON object. - -: **Field**: `definition` - -## Examples - -**Ensure a rule name is available.** - -```ruby -describe aws_cloudwatch_insight_rules do - its('names') { should include 'RuleName' } -end -``` - -**Ensure a state is available.** - -```ruby -describe aws_cloudwatch_insight_rules do - its('states') { should include 'enabled' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_insight_rules do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatch_insight_rules do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatch:Client:DescribeInsightRulesOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_group.md deleted file mode 100644 index be7af47ee5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_group.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "aws_cloudwatch_log_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_log_group" -identifier = "inspec/resources/aws/aws_cloudwatch_log_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_log_group` InSpec audit resource to test properties of a single AWS CloudWatch Log Group. - -For additional information, including details on parameters and properties, see the [AWS documentation on CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_cloudwatch_log_group` exists - -```ruby -describe aws_cloudwatch_log_group('my_log_group') do - it { should exist } -end -``` - -```ruby -describe aws_cloudwatch_log_group(log_group_name: 'my_log_group') do - it { should exist } -end -``` - -## Parameters - -`log_group_name` _(required)_ - -: This resource accepts a single parameter, the log group name which uniquely identifies the CloudWatch Log Group. - This can be passed either as a string or as a `log_group_name: 'value'` key-value entry in a hash. - -`limit` _(optional)_ - -: This resource accepts a single parameter, an integer representing the number of results allowed to return. If not passed, in, this defaults to `1`, which will only return the first match to the `log_group_name`. - This can be passed as a `limit: 'value'` key-value entry in a hash. - -## Properties - -`retention_in_days` -: The number of days to retain the log events in the specified log group. - -`kms_key_id` -: The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. - -`tags` -: The tags for the log group. - -## Examples - -**Test tags on the CloudWatch Log Group.** - -```ruby -describe aws_cloudwatch_log_group('my_log_group') do - its('tags') { should include(:Environment => 'env-name', - :Name => 'my_log_group')} -end -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `CloudWatchLogs:Client:DescribeLogGroupsResponse` and `CloudWatchLogs:Client:ListTagsLogGroupResponse` actions with Effect set to Allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch Logs](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatchlogs.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_metric_filter.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_metric_filter.md deleted file mode 100644 index ffa3505628..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_metric_filter.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_cloudwatch_log_metric_filter Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_log_metric_filter" -identifier = "inspec/resources/aws/aws_cloudwatch_log_metric_filter Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_log_metric_filter` InSpec audit resource to search for and test properties of individual AWS Cloudwatch Log Metric Filters. - -For additional information, including details on parameters and properties, see the [AWS documentation on CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_cloudwatch_log_metric_filter(filter_name: 'my-filter', log_group_name: 'my-log-group') do - it { should exist } -end -``` - -```ruby -describe aws_cloudwatch_log_metric_filter(log_group_name: 'my-log-group', pattern: 'my-filter') do - it { should exist } -end -``` - -## Parameters - -**Note**: _While all parameters are optional, at least one must be provided. In practice, the more parameters you provide the narrower a result you will return._ - -`filter_name` _(optional)_ - -: The name of the Log Metric Filter. Expected in a hash as `filter_name: 'value'`. - -`log_group_name` _(optional)_ - -: The log group of the filter. Expected in a hash as `log_group_name: 'value'`. - -`pattern` _(optional)_ - -: A pattern by which to narrow down the result-set, if you expect multiple results. Expected in a hash as `pattern: 'value'`. - -## Properties - -`filter_name` -: The name of the metric filter. - -`log_group_name` -: The name of the log group. - -`metric_name` -: The name of the metric. - -`metric_namespace` -: The namespace of the metric. - -`pattern` -: A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event may contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message. - -## Examples - -**Ensure a Filter exists.** - -```ruby -describe aws_cloudwatch_log_metric_filter(filter_name: 'my-filter', log_group_name: 'my-log-group') do - it { should exist } -end -``` - -**Ensure a Filter exists for a specific pattern.** - -```ruby -describe aws_cloudwatch_log_metric_filter(pattern: '"ERROR" - "Exiting"') do - it { should exist } -end -``` - -**Check the name of a Filter.** - -```ruby -describe aws_cloudwatch_log_metric_filter(log_group_name: 'app-log-group', pattern: 'KERBLEWIE') do - its('filter_name') { should eq 'kaboom_lmf' } -end -``` - - -**Check the Log Group name of a Filter.** - -```ruby -describe aws_cloudwatch_log_metric_filter(filter_name: 'error-watcher') do - its('log_group_name') { should eq 'app-log-group' } -end -``` - -**Check a filter has the correct pattern.** - -```ruby -describe aws_cloudwatch_log_metric_filter(filter_name: 'error-watcher', log_group_name: 'app-log-group') do - its('pattern') { should cmp 'ERROR' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_cloudwatch_log_metric_filter(log_group_name: 'my-log-group') do - it { should exist } -end -``` - -```ruby -describe aws_cloudwatch_log_metric_filter(log_group_name: 'i-dont-exist') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeMetricFiltersResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_metric_stream.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_metric_stream.md deleted file mode 100644 index 3c93e729f9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_metric_stream.md +++ /dev/null @@ -1,102 +0,0 @@ -+++ -title = "aws_cloudwatch_metric_stream Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_metric_stream" -identifier = "inspec/resources/aws/aws_cloudwatch_metric_stream Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_metric_stream` InSpec audit resource to test properties of a single AWS CloudWatch metric stream. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch metric stream.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the metric stream exists. - -```ruby -describe aws_cloudwatch_metric_stream(metric_stream_name: 'METRIC_STREAM_NAME') do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arn` -: The ARN of the metric stream. - -`creation_date` -: The date that the metric stream was originally created. - -`last_update_date` -: The date that the configuration of this metric stream was most recently updated. - -`names` -: The name of the metric stream. - -`firehose_arn` -: The ARN of the Kinesis Firehose delivery stream that is used for this metric stream. - -`state` -: The current state of this stream. Valid values are running and stopped. - -`output_format` -: The output format of this metric stream. Valid values are `json` and `opentelemetry0.7`. - -## Examples - -**Ensure an ARN is available.** - -```ruby -describe aws_cloudwatch_metric_stream (metric_stream_name: 'METRIC_STREAM_NAME' ) do - its('arn') { should eq 'ARN' } -end -``` - -**Ensure a firehose_ARN is available.** - -```ruby -describe aws_cloudwatch_metric_stream (metric_stream_name: 'METRIC_STREAM_NAME' ) do - its('firehose_arn') { should eq 'FIREHOSE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_metric_stream (metric_stream_name: 'METRIC_STREAM_NAME' ) do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_cloudwatch_metric_stream (metric_stream_name: 'METRIC_STREAM_NAME' ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:GetMetricStreamsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_metric_streams.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_metric_streams.md deleted file mode 100644 index 60ee4b79e0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatch_metric_streams.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_cloudwatch_metric_streams Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatch_metric_streams" -identifier = "inspec/resources/aws/aws_cloudwatch_metric_streams Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatch_metric_streams` InSpec audit resource to test properties of multiple AWS CloudWatch metric streams. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS CloudWatch metric stream.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the metric streams exists. - -```ruby -describe aws_cloudwatch_metric_streams do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arns` -: The ARN of the metric stream. - -: **Field**: `arn` - -`creation_date` -: The date that the metric stream was originally created. - -: **Field**: `creation_date` - -`last_update_date` -: The date that the configuration of this metric stream was most recently updated. - -: **Field**: `last_update_date` - -`names` -: The name of the metric stream. - -: **Field**: `name` - -`firehose_arns` -: The ARN of the Kinesis Firehose delivery stream that is used for this metric stream. - -: **Field**: `firehose_arn` - -`states` -: The current state of this stream. Valid values are running and stopped . - -: **Field**: `state` - -`output_formats` -: The output format of this metric stream. Valid values are 'json' and 'opentelemetry0.7'. - -: **Field**: `output_format` - -## Examples - -**Ensure an ARN is available.** - -```ruby -describe aws_cloudwatch_metric_streams do - its('arns') { should include 'ARN' } -end -``` - -**Ensure a Firehose ARN is available.** - -```ruby -describe aws_cloudwatch_metric_streams do - its('firehose_arns') { should include 'FIREHOSE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatch_metric_streams do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_cloudwatch_metric_streams do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudFront:Client:ListMetricStreamsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_destination.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_destination.md deleted file mode 100644 index e8b3812554..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_destination.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_cloudwatchlogs_destination Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatchlogs_destination" -identifier = "inspec/resources/aws/aws_cloudwatchlogs_destination Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatchlogs_destination` InSpec audit resource to test properties of a single specific AWS Logs destination. - -The `AWS::Logs::Destination` resource type specifies a CloudWatch Logs destination. A destination encapsulates a physical resource (such as an Amazon Kinesis data stream) and enables you to subscribe that resource to a stream of log events. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS::Logs::Destination.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the destination name exists. - -```ruby -describe aws_cloudwatchlogs_destination(destination_name_prefix: "DESTINATION_NAME") do - it { should exist } -end -``` - -## Parameters - -`destination_name_prefix` _(required)_ - -: The name of the destination. - -## Properties - -`destination_name` -: The name of the destination. - -`target_arn` -: The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream). - -`role_arn` -: The ARN of an IAM role that permits CloudWatch Logs to send data to the specified AWS resource. - -`access_policy` -: An IAM policy document governing the Amazon Web Services accounts, which can create subscription filters against this destination. - -`arn` -: The ARN of this destination. - -`creation_time` -: The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -## Examples - -**Ensure destination name is available.** - -```ruby -describe aws_cloudwatchlogs_destination(destination_name_prefix: "DESTINATION_NAME") do - its('destination_name') { should eq 'DESTINATION_NAME' } -end -``` - -**Ensure that the IAM role ARN is available.** - -```ruby -describe aws_cloudwatchlogs_destination(destination_name_prefix: "DESTINATION_NAME") do - its('role_arn') { should eq 'ROLE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatchlogs_destination(destination_name_prefix: "DESTINATION_NAME") do - it { should exist } -end -``` - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_cloudwatchlogs_destination(destination_name_prefix: "DESTINATION_NAME") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatchlogs_destination(destination_name_prefix: "DESTINATION_NAME") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeDestinationsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_destinations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_destinations.md deleted file mode 100644 index 1ce0906f86..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_destinations.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_cloudwatchlogs_destinations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatchlogs_destinations" -identifier = "inspec/resources/aws/aws_cloudwatchlogs_destinations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatchlogs_destinations` InSpec audit resource to test properties of multiple AWS Logs destinations. - -The `AWS::Logs::Destination` resource type specifies a CloudWatch Logs destination. A destination encapsulates a physical resource (such as an Amazon Kinesis data stream) and enables you to subscribe that resource to a stream of log events. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS::Logs::Destination.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the destination name exists. - -```ruby -describe aws_cloudwatchlogs_destinations do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`destination_names` -: The name of the destination. - -: **Field**: `destination_name` - -`target_arns` -: The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream). - -: **Field**: `target_arn` - -`role_arns` -: The ARN of an IAM role that permits CloudWatch Logs to send data to the specified AWS resource. - -: **Field**: `role_arn` - -`access_policies` -: An IAM policy document governing the Amazon Web Services accounts, which can create subscription filters against this destination. - -: **Field**: `access_policy` - -`arns` -: The ARN of this destination. - -: **Field**: `arn` - -`creation_time` -: The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -: **Field**: `creation_time` - -## Examples - -**Ensure a destination name is available.** - -```ruby -describe aws_cloudwatchlogs_destinations do - its('destination_names') { should include 'DESTINATION_NAME' } -end -``` - -**Ensure a destination role ARN is available.** - -```ruby -describe aws_cloudwatchlogs_destinations do - its('role_arns') { should include 'ROLE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that an entity exists. - -```ruby -describe aws_cloudwatchlogs_destinations do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_cloudwatchlogs_destinations do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeDestinationsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_log_stream.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_log_stream.md deleted file mode 100644 index c1328cf0da..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_log_stream.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_cloudwatchlogs_log_stream Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatchlogs_log_stream" -identifier = "inspec/resources/aws/aws_cloudwatchlogs_log_stream Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatchlogs_log_stream` InSpec audit resource to test properties of the singular resource of AWS Logs log stream. - -The AWS::Logs::LogStream resource specifies an Amazon CloudWatch Logs log stream in a specific log group. A log stream represents the sequence of events coming from an application instance or resource you are monitoring. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs LogStream.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the log stream exists. - -```ruby -describe aws_cloudwatchlogs_log_stream(log_group_name: "LOG_GROUP_NAME", log_stream_name_prefix: 'LOG_STREAM_NAME') do - it { should exist } -end -``` - -## Parameters - -`log_group_name` and `log_stream_name_prefix` _(required)_ - -`log_group_name` -: The name of the log group where the log stream is created. - -`log_stream_name_prefix` -: The name of the log stream. - -## Properties - -`log_stream_name` -: The name of the log stream. The name must be unique within the log group. - -`creation_time` -: The creation time of the stream, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -`first_event_timestamp` -: The time of the first event, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -`last_event_timestamp` -: The time of the most recent log event in the log stream in CloudWatch Logs. - -`last_ingestion_time` -: The ingestion time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -`upload_sequence_token` -: The sequence token. - -`arn` -: The Amazon Resource Name (ARN) of the log stream. - -`stored_bytes` -: The number of bytes stored. - -## Examples - -**Ensure a log stream name is available.** - -```ruby -describe aws_cloudwatchlogs_log_stream(log_group_name: "LOG_GROUP_NAME", log_stream_name_prefix: 'LOG_STREAM_NAME') do - its('log_stream_name') { should eq 'LOG_STREAM_NAME' } -end -``` - -**Ensure a log stream ARN is available.** - -```ruby -describe aws_cloudwatchlogs_log_stream(log_group_name: "LOG_GROUP_NAME", log_stream_name_prefix: 'LOG_STREAM_NAME') do - its('arn') { should eq 'LOG_STREAM_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatchlogs_log_stream(log_group_name: "LOG_GROUP_NAME", log_stream_name_prefix: 'LOG_STREAM_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatchlogs_log_stream(log_group_name: "LOG_GROUP_NAME", log_stream_name_prefix: 'LOG_STREAM_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatchlogs_log_stream(log_group_name: "LOG_GROUP_NAME", log_stream_name_prefix: 'LOG_STREAM_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeLogStreamsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_log_streams.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_log_streams.md deleted file mode 100644 index 6f189f51de..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_log_streams.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_cloudwatchlogs_log_streams Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatchlogs_log_streams" -identifier = "inspec/resources/aws/aws_cloudwatchlogs_log_streams Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatchlogs_log_streams` InSpec audit resource to test properties of the plural resource of AWS Logs log stream. - -The AWS::Logs::LogStream resource specifies an Amazon CloudWatch Logs log stream in a specific log group. A log stream represents the sequence of events coming from an application instance or resource that you are monitoring. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs LogStream.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the log stream exists. - -```ruby -describe aws_cloudwatchlogs_log_streams(log_group_name: "LOG_GROUP_NAME") do - it { should exist } -end -``` - -## Parameters - -`log_group_name` _(required)_ - -: The name of the log group. - -## Properties - -`log_stream_names` -: The name of the log stream. - -: **Field**: `log_stream_name` - -`creation_times` -: The creation time of the stream, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -: **Field**: `creation_time` - -`first_event_timestamps` -: The time of the first event, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -: **Field**: `first_event_timestamp` - -`last_event_timestamps` -: The time of the most recent log event in the log stream in CloudWatch Logs. - -: **Field**: `last_event_timestamp` - -`last_ingestion_times` -: The ingestion time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -: **Field**: `last_ingestion_time` - -`upload_sequence_tokens` -: The sequence token. - -: **Field**: `upload_sequence_token` - -`arns` -: The Amazon Resource Name (ARN) of the log stream. - -: **Field**: `arn` - -`stored_bytes` -: The number of bytes stored. - -: **Field**: `stored_bytes` - -## Examples - -**Ensure a log stream name is available.** - -```ruby -describe aws_cloudwatchlogs_log_streams(log_group_name: "LOG_GROUP_NAME") do - its('log_stream_names') { should include 'LOG_STREAM_NAME' } -end -``` - -**Ensure a log stream arn is available.** - -```ruby -describe aws_cloudwatchlogs_log_streams(log_group_name: "LOG_GROUP_NAME") do - its('arns') { should include 'LOG_STREAM_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatchlogs_log_streams(log_group_name: "LOG_GROUP_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatchlogs_log_streams(log_group_name: "LOG_GROUP_NAME") do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeLogStreamsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_subscription_filter.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_subscription_filter.md deleted file mode 100644 index 87b819ab2a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_subscription_filter.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_cloudwatchlogs_subscription_filter Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatchlogs_subscription_filter" -identifier = "inspec/resources/aws/aws_cloudwatchlogs_subscription_filter Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatchlogs_subscription_filter` InSpec audit resource to test properties of a single specific AWS Logs Subscription Filter. - -The AWS::Logs::SubscriptionFilter specifies a subscription filter and associates it with the specified log group. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs SubscriptionFilter.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the subscription filter exists. - -```ruby -describe aws_cloudwatchlogs_subscription_filter(log_group_name: "LOG_GROUP_NAME", filter_name_prefix: "FILTER_NAME") do - it { should exist } -end -``` - -## Parameters - -`log_group_name` and `filter_name_prefix` _(required)_ - -`log_group_name` -: The name of the log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events. - -`filter_name_prefix` -: The name of the subscription filter. - -## Properties - -`filter_name` -: The name of the subscription filter. - -`log_group_name` -: The name of the log group. - -`filter_pattern` -: A symbolic description of how CloudWatch Logs should interpret the data in each log event. - -`destination_arn` -: The Amazon Resource Name (ARN) of the destination. - -`role_arn` -: The ARN of the IAM role. - -`distribution` -: The method used to distribute log data to the destination, which can be either random or grouped by log stream. - -`creation_time` -: The creation time of the subscription filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -## Examples - -**Ensure a filter name is available.** - -```ruby -describe aws_cloudwatchlogs_subscription_filter(log_group_name: "LOG_GROUP_NAME", filter_name_prefix: "FILTER_NAME") do - its('filter_name') { should eq 'FILTER_NAME' } -end -``` - -**Ensure a filter log group name is available.** - -```ruby -describe aws_cloudwatchlogs_subscription_filter(log_group_name: "LOG_GROUP_NAME", filter_name_prefix: "FILTER_NAME") do - its('log_group_name') { should eq 'LOG_GROUP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatchlogs_subscription_filter(log_group_name: "LOG_GROUP_NAME", filter_name_prefix: "FILTER_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatchlogs_subscription_filter(log_group_name: "LOG_GROUP_NAME", filter_name_prefix: "FILTER_NAME") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatchlogs_subscription_filter(log_group_name: "LOG_GROUP_NAME", filter_name_prefix: "FILTER_NAME") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeSubscriptionFiltersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_subscription_filters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_subscription_filters.md deleted file mode 100644 index 615ea11dcd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cloudwatchlogs_subscription_filters.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_cloudwatchlogs_subscription_filters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cloudwatchlogs_subscription_filters" -identifier = "inspec/resources/aws/aws_cloudwatchlogs_subscription_filters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cloudwatchlogs_subscription_filters` InSpec audit resource to test properties of the plural resource of AWS Logs Subscription Filters. - -The AWS::Logs::SubscriptionFilter specifies a subscription filter and associates it with the specified log group. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs SubscriptionFilter.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the subscription filter exists. - -```ruby -describe aws_cloudwatchlogs_subscription_filters(log_group_name: "LOG_GROUP_NAME") do - it { should exist } -end -``` - -## Parameters - -`log_group_name` _(required)_ - -: The name of the log group. - -## Properties - -`filter_names` -: The name of the subscription filters. - -: **Field**: `filter_name` - -`log_group_names` -: The name of the log group. - -: **Field**: `log_group_name` - -`filter_patterns` -: A symbolic description of how CloudWatch Logs should interpret the data in each log event. - -: **Field**: `filter_pattern` - -`destination_arns` -: The Amazon Resource Name (ARN) of the destination. - -: **Field**: `destination_arn` - -`role_arns` -: The ARN of the IAM role. - -: **Field**: `role_arn` - -`distributions` -: The method used to distribute log data to the destination, which can be either random or grouped by log stream. - -: **Field**: `distribution` - -`creation_times` -: The creation time of the subscription filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -: **Field**: `creation_time` - -## Examples - -**Ensure a filter name is available.** - -```ruby -describe aws_cloudwatchlogs_subscription_filters(log_group_name: "LOG_GROUP_NAME") do - its('filter_names') { should include 'FilterName' } -end -``` - -**Ensure a filter log group name is available.** - -```ruby -describe aws_cloudwatchlogs_subscription_filters(log_group_name: "LOG_GROUP_NAME") do - its('log_group_names') { should include 'LOG_GROUP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cloudwatchlogs_subscription_filters(log_group_name: "LOG_GROUP_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cloudwatchlogs_subscription_filters(log_group_name: "LOG_GROUP_NAME") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_cloudwatchlogs_subscription_filters(log_group_name: "LOG_GROUP_NAME") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeSubscriptionFiltersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_identity_pool.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_identity_pool.md deleted file mode 100644 index 00e154f881..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_identity_pool.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_cognito_identity_pool Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cognito_identity_pool" -identifier = "inspec/resources/aws/aws_cognito_identity_pool Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cognito_identity_pool` InSpec audit resource to test properties of a single Cognito identity pool. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cognito identity pool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an identity pool exists. -```ruby -describe aws_cognito_identity_pool(identity_pool_id: 'IDENTITY_POOL_ID') do - it { should exist } -end -``` - -## Parameters - -`identity_pool_id` _(required)_ - -## Properties - -`identity_pool_id` -: An identity pool ID in the format REGION:GUID. - -`identity_pool_name` -: The name of your Amazon Cognito identity pool. - -`allow_unauthenticated_identities` -: Specifies whether the identity pool supports unauthenticated logins. - -`supported_login_providers` -: Key-value pairs that map provider names to provider app IDs. - -`developer_provider_name` -: The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-). - -`open_id_connect_provider_arns` -: The Amazon Resource Names (ARNs) of the OpenID connect providers. - -`cognito_identity_providers (provider_name)` -: The Amazon Cognito user pools and their client IDs. The provider name of the cognito identity providers. - -`cognito_identity_providers (client_id)` -: The Amazon Cognito user pools and their client IDs. The client ID of the cognito identity providers. - -`cognito_identity_providers (server_side_token_check)` -: The Amazon Cognito user pools and their client IDs. The server side token check of the cognito identity providers. - -`saml_provider_arns` -: The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers. - -`identity_pool_tags` -: The tags of your Amazon Cognito identity pool. - -## Examples - -**Ensure an identity pool ID is available.** - -```ruby -describe aws_cognito_identity_pool(identity_pool_id: 'IDENTITY_POOL_ID') do - its('identity_pool_id') { should eq 'IDENTITY_POOL_ID' } -end -``` - -**Ensure that the identity pool name is available.** - -```ruby -describe aws_cognito_identity_pool(identity_pool_id: 'IDENTITY_POOL_ID') do - its('identity_pool_name') { should eq 'IDENTITY_POOL_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cognito_identity_pool(identity_pool_id: 'IDENTITY_POOL_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cognito_identity_pool(identity_pool_id: 'IDENTITY_POOL_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the identity pool id is available. - -```ruby -describe aws_cognito_identity_pool(identity_pool_id: 'IDENTITY_POOL_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CognitoIdentity:Client:IdentityPool" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_identity_pools.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_identity_pools.md deleted file mode 100644 index 90ca28803e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_identity_pools.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "aws_cognito_identity_pools Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cognito_identity_pools" -identifier = "inspec/resources/aws/aws_cognito_identity_pools Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cognito_identity_pools` InSpec audit resource to test properties of multiple Cognito identity pools. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cognito identity pool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an identity pool exists. - -```ruby -describe aws_cognito_identity_pools do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`identity_pool_ids` -: The IDs of the identity pool. - -`identity_pool_names` -: The names of the identity pool. - -## Examples - -**Ensure an identity pool is available.** - -```ruby -describe aws_cognito_identity_pools do - its('identity_pool_ids') { should include 'IDENTITY_POOL_ID' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_cognito_identity_pools do - its('identity_pool_names') { should include 'IDENTITY_POOL_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. -```ruby -describe aws_cognito_identity_pools do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. -```ruby -describe aws_cognito_identity_pools do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the identity pool is available. -```ruby -describe aws_cognito_identity_pools do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CognitoIdentity:Client:ListIdentityPoolsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool.md deleted file mode 100644 index 144b454882..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool.md +++ /dev/null @@ -1,177 +0,0 @@ -+++ -title = "aws_cognito_userpool Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cognito_userpool" -identifier = "inspec/resources/aws/aws_cognito_userpool Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cognito_userpool` InSpec audit resource to test properties of a single specific Cognito user pool. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cognito user pool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an user pool ID exists. - -```ruby -describe aws_cognito_userpool(user_pool_id: 'USER_POOL_ID') do - it { should exist } -end -``` - -## Parameters - -`user_pool_id` _(required)_ - -: The ID of the user pool. - -## Properties - -`user_pool_id` -: The user pool ID. - -`client_name` -: The client name of the user pool. - -`client_id` -: The client ID of the user pool. - -`client_secret` -: The client secret of the user pool. - -`last_modified_date` -: The last modified date of the user pool. - -`creation_date` -: The creation date of the user pool. - -`refresh_token_validity` -: The refresh token validity of the user pool. - -`access_token_validity` -: The access token validity of the user pool. - -`id_token_validity` -: The ID token validity of the user pool. - -`token_validity_units (access_token)` -: The access token in the token validity units of the user pool. - -`token_validity_units (id_token)` -: The ID token in the token validity units of the user pool. - -`token_validity_units (refresh_token)` -: The refresh token in the token validity units of the user pool. - -`read_attributes` -: The read attributes of the user pool. - -`write_attributes` -: The write attributes of the user pool. - -`explicit_auth_flows` -: The explicit auth flows of the user pool. - -`supported_identity_providers` -: The supported identity providers of the user pool. - -`callback_urls` -: The callback URLs of the user pool. - -`logout_urls` -: The logout urls of the user pool. - -`default_redirect_uri` -: The default redirect URI of the user pool. - -`allowed_o_auth_flows` -: The allowed_o_auth_flows of the user pool. - -`allowed_o_auth_scopes` -: The allowed_o_auth_scopes of the user pool. - -`allowed_o_auth_flows_user_pool_client` -: The allowed_o_auth_flows_user_pool_client of the user pool. - -`analytics_configuration (application_id)` -: The application ID of the analytics configuration of the user pool. - -`analytics_configuration (application_arn)` -: The application ARN of the analytics configuration of the user pool. - -`analytics_configuration (role_arn)` -: The role ARN of the analytics configuration of the user pool. - -`analytics_configuration (external_id)` -: The external ID of the analytics configuration of the user pool. - -`analytics_configuration (user_data_shared)` -: The user data shared of the analytics configuration of the user pool. - -`prevent_user_existence_errors` -: The prevent user existence errors of the user pool. - -## Examples - -**Ensure a user pool ID is available.** - -```ruby -describe aws_cognito_userpool(user_pool_id: 'USER_POOL_ID') do - its('user_pool_id') { should eq 'USER_POOL_ID' } -end -``` - -**Ensure a client name is available.** - -```ruby -describe aws_cognito_userpool(user_pool_id: 'USER_POOL_ID') do - its('client_name') { should eq 'CLIENT_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cognito_userpool(user_pool_id: 'USER_POOL_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cognito_userpool(user_pool_id: 'USER_POOL_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the client name is available. - -```ruby -describe aws_cognito_userpool(user_pool_id: 'USER_POOL_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CognitoIdentityProvider:Client:DescribeUserPoolResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool_client.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool_client.md deleted file mode 100644 index 7c2c804c30..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool_client.md +++ /dev/null @@ -1,182 +0,0 @@ -+++ -title = "aws_cognito_userpool_client Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cognito_userpool_client" -identifier = "inspec/resources/aws/aws_cognito_userpool_client Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cognito_userpool_client` InSpec audit resource to test properties of a single Cognito user pool client. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cognito user pool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a user pool exists. - -```ruby -describe aws_cognito_userpool_client(user_pool_id: 'USER_POOL_ID', client_id: 'CLIENT_ID') do - it { should exist } -end -``` - -## Parameters - -`user_pool_id` _(required)_ - -: The ID of the user pool. - - -`client_id` _(required)_ - -: The client ID of the user pool. - -## Properties - -`user_pool_id` -: The user pool ID. - -`client_name` -: The app client name associated with the user pool. - -`client_id` -: The app client ID associated with the user pool. - -`client_secret` -: The app client secret of the user pool client. - -`last_modified_date` -: The last modified date of the user pool client. - -`creation_date` -: The creation date of the user pool client. - -`refresh_token_validity` -: The time limit value that the refresh token is valid in token_validity_units. - -`access_token_validity` -: The time limit value of the access token in token_validity_units. - -`id_token_validity` -: The time limit value of the refresh token in token_validity_units. - -`token_validity_units (access_token)` -: The time unit for the access_token_validity. - -`token_validity_units (id_token)` -: The time unit for the id_token_validity. - -`token_validity_units (refresh_token)` -: The time unit for the refresh_token_validity. - -`read_attributes` -: A list of the read-only attributes of the user pool. - -`write_attributes` -: A list of writeable attributes of the user pool. - -`explicit_auth_flows` -: The authentication flows supported by the user pool client. - -`supported_identity_providers` -: The list of provider names for the identity providers supported by the user pool client. - -`callback_urls` -: The list of callback URLs for the identity providers. - -`logout_urls` -: The list of logout URLs for the identity providers. - -`default_redirect_uri` -: The default redirect URI. This must be in the callback_urls list. - -`allowed_o_auth_flows` -: The allowed_o_auth_flows of the user pool. - -`allowed_o_auth_scopes` -: The allowed_o_auth_scopes of the user pool. - -`allowed_o_auth_flows_user_pool_client` -: Whether the client is allowed to follow the OAuth protocol when interacting with user pools. Valid values: `true`, `false`. - -`analytics_configuration (application_id)` -: The Amazon Pinpoint analytics application ID. - -`analytics_configuration (application_arn)` -: The Amazon Pinpoint ARN. - -`analytics_configuration (role_arn)` -: The ARN of an IAM role that authorizes Cognito to publish events to Pinpoint. - -`analytics_configuration (external_id)` -: The Amazon Pinpoint analytics external ID. - -`analytics_configuration (user_data_shared)` -: Whether Cognito will include user data if it publishes to Pinpoint analytics. Valid values: `true`, `false`. - -`prevent_user_existence_errors` -: Select which errors are returned by Cognito APIs. Valid values: `ENABLED`, `LEGACY`. - -## Examples - -**Ensure an client name is available.** - -```ruby -describe aws_cognito_userpool_client(user_pool_id: 'USER_POOL_ID', client_id: 'CLIENT_ID') do - its('client_name') { should eq 'CLIENT_NAME' } -end -``` - -**Ensure an client secret is available.** - -```ruby -describe aws_cognito_userpool_client(user_pool_id: 'USER_POOL_ID', client_id: 'CLIENT_ID') do - its('client_secret') { should eq 'CLIENT_SECRET' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cognito_userpool_client(user_pool_id: 'USER_POOL_ID', client_id: 'CLIENT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cognito_userpool_client(user_pool_id: 'USER_POOL_ID', client_id: 'CLIENT_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the user pool is available. - -```ruby -describe aws_cognito_userpool_client(user_pool_id: 'USER_POOL_ID', client_id: 'CLIENT_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CognitoIdentityProvider:Client:DescribeUserPoolClientResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool_clients.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool_clients.md deleted file mode 100644 index 4d41975bb8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpool_clients.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_cognito_userpool_clients Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cognito_userpool_clients" -identifier = "inspec/resources/aws/aws_cognito_userpool_clients Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cognito_userpool_clients` InSpec audit resource to test properties of multiple Cognito user pool clients. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cognito user pool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a user pool client exists. - -```ruby -describe aws_cognito_userpool_clients(user_pool_id: 'USER_POOL_ID') do - it { should exist } -end -``` - -## Parameters - -`user_pool_id` _(required)_ - -## Properties - -`client_ids` -: The client IDs of the user pools. - -`user_pool_ids` -: The user pool IDs of the user pools. - -`client_names` -: The client names of the user pools. - -## Examples - -**Ensure that the specific client ID is available.** - -```ruby -describe aws_cognito_userpool_clients(user_pool_id: 'USER_POOL_ID') do - its('client_ids') { should include 'CLIENT_ID' } -end -``` - -**Ensure that the specific client name is available.** - -```ruby -describe aws_cognito_userpool_clients(user_pool_id: 'USER_POOL_ID') do - its('client_names') { should include 'CLIENT_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cognito_userpool_clients(user_pool_id: 'USER_POOL_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cognito_userpool_clients(user_pool_id: 'USER_POOL_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the user pool clients are available. - -```ruby -describe aws_cognito_userpool_clients(user_pool_id: 'USER_POOL_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CognitoIdentityProvider:Client:ListUserPoolClientsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpools.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpools.md deleted file mode 100644 index c8310a5f0b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_cognito_userpools.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "aws_cognito_userpools Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_cognito_userpools" -identifier = "inspec/resources/aws/aws_cognito_userpools Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_cognito_userpools` InSpec audit resource to test properties of multiple Cognito user pools. - -For additional information, including details on parameters and properties, see the [AWS documentation on Cognito user pool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a user pool exists. - -```ruby -describe aws_cognito_userpools do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The IDs of the user pools. - -`names` -: The names of the user pools. - -`lambda_configs` -: The lambda trigger configuration of the user pools. - -`statuses` -: The statuses of the user pools. - -`last_modified_dates` -: The last_modified_dates of the user pools. - -`creation_dates` -: The creation_dates of the user pools. - -## Examples - -**Ensure an ID is available.** - -```ruby -describe aws_cognito_userpools do - its('ids') { should include 'USER_POOL_ID' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_cognito_userpools do - its('names') { should include 'USER_POOL_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_cognito_userpools do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_cognito_userpools do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the user pool is available. - -```ruby -describe aws_cognito_userpools do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CognitoIdentityProvider:Client:ListUserPoolsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_config_delivery_channel.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_config_delivery_channel.md deleted file mode 100644 index 230be75416..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_config_delivery_channel.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "aws_config_delivery_channel Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_config_delivery_channel" -identifier = "inspec/resources/aws/aws_config_delivery_channel Resource" -parent = "inspec/resources/aws" -+++ - -The AWS Config service can monitor and record changes to your AWS resource configurations. A Delivery Channel can record the changes -to an S3 Bucket, an SNS or both. - -Use the `aws_config_delivery_channel` InSpec audit resource to examine how the AWS Config service delivers those change notifications. - -One delivery channel is allowed per region per AWS account, and the delivery channel is required to use AWS Config. - -For additional information, including details on parameters and properties, see the [AWS documentation on Delivery Channels](https://docs.aws.amazon.com/config/latest/developerguide/manage-delivery-channel.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_config_delivery_channel('my_channel') do - it { should exist } -end -``` - -```ruby -describe aws_config_delivery_channel(channel_name: 'my-channel') do - it { should exist } -end -``` - -Since you may only have one Delivery Channel per region, and InSpec connections are per-region, you may also omit the `channel_name` to obtain the one Delivery Channel (if any) that exists: - -```ruby -describe aws_config_delivery_channel do - it { should exist } -end -``` - -## Parameters - -`channel_name` _(optional)_ - -: This resource accepts a single parameter, the channel name. - This can be passed either as a string or as a `channel_name: 'value'` key-value entry in a hash. - -## Properties - -`channel_name` -: The name of the delivery channel. By default, AWS Config assigns the name "default" when creating the delivery channel. - -`s3_bucket_name` -: The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files. - -`s3_key_prefix` -: The prefix for the specified Amazon S3 bucket. - -`sns_topic_arn` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes. - -`delivery_frequency_in_hours` -: Specifies how often the AWS Config sends configuration changes to the s3 bucket in the delivery channel. - -## Examples - -**Test how frequently the channel writes configuration changes to the s3 bucket.** - -```ruby -describe aws_config_delivery_channel(channel_name: 'my-recorder') do - its('delivery_frequency_in_hours') { should be > 3 } -end -``` - -**Ensure configuration change notifications are being delivered to the correct bucket and key.** - -```ruby -describe aws_config_delivery_channel(channel_name: 'my_channel') - its('s3_bucket_name') { should eq 'my_bucket' } - its('s3_key_prefix') { should eq 'logs/' } -end -``` - -## Matchers - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_config_delivery_channel('my_channel') do - it { should exist } -end -``` - -```ruby -describe aws_config_delivery_channel('my-nonexistent-channel') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ConfigService:Client:DescribeDeliveryChannelsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Config](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsconfig.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_config_recorder.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_config_recorder.md deleted file mode 100644 index 325b9841c4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_config_recorder.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_config_recorder Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_config_recorder" -identifier = "inspec/resources/aws/aws_config_recorder Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_config_recorder` InSpec audit resource to test properties of your AWS Config service. - -The AWS Config service can monitor and record changes to your AWS resource configurations. The AWS Config recorder is used to detect changes in resource configurations and capture these changes as configuration items. - -As of April 2018, you are only permitted one configuration recorder per region. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::Config::ConfigurationRecorder` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_config_recorder` resource block declares the tests for a single AWS Config resource by recorder name. - -```ruby -describe aws_config_recorder('RECORDER_NAME') do - it { should exist } -end -``` - -You may also use hash syntax to pass the recorder name - -```ruby -describe aws_config_recorder(recorder_name: 'RECORDER_NAME') do - it { should exist } -end -``` - -Since you may only have one recorder per region, and InSpec connections are per-region, you may also omit the recorder name to obtain the one recorder (if any) that exists: - -```ruby -describe aws_config_recorder do - it { should exist } -end -``` - -## Parameters - -`recorder_name` _(optional)_ - -: This resource accepts a single parameter, the Configuration recorder name. - This can be passed either as a string or as a `recorder_name: 'value'` key-value entry in a hash. - -## Properties - -`recorder_name` -: The name of the recorder. By default, AWS Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name. - -`role_arn` -: Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account. - -`resource_types` -: A comma-separated list that specifies the types of AWS resources for which AWS Config records configuration changes (i.e. AWS::EC2::Instance). - -`last_status` -: The last (previous) status of the recorder. - -## Examples - -**Test if the recorder is active and recording.** - -```ruby -describe aws_config_recorder do - it { should be_recording } -end -``` - -**Ensure the role_arn is correct for the recorder.** - -The role is used to grant permissions to S3 Buckets, SNS topics and to get configuration details for supported AWS resources. - -```ruby -describe aws_config_recorder do - its('role_arn') { should eq 'arn:aws:iam::721741954427:role/My_Recorder' } -end -``` - -**Test the recorder is monitoring changes to the correct resources.** - -```ruby -describe aws_config_recorder do - its('resource_types') { should include 'AWS::EC2::CustomerGateway' } - its('resource_types') { should include 'AWS::EC2::EIP' } -end -``` - -**Test the recorder's last status.** - -```ruby -describe aws_config_recorder do - its('last_status') { should eq 'SUCCESS' } -end -``` - -## Matchers - -### be_recording - -Ensure the recorder is active - -```ruby -it { should be_recording } -``` - -### be_recording_all_resource_types - -Indicates if the configuration recorder will record changes for all resources, regardless of type. If this is true, resource_types is ignored. - -```ruby -it { should be_recording_all_resource_types } -``` - -### be_recording_all_global_types - -Indicates whether the configuration recorder will record changes for global resource types (such as [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)s). - -```ruby -it { should be_recording_all_global_types } -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ConfigService:Client:DescribeConfigurationRecordersResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Config](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsconfig.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_parameter_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_parameter_group.md deleted file mode 100644 index 212bdeba8f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_parameter_group.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "aws_db_parameter_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_db_parameter_group" -identifier = "inspec/resources/aws/aws_db_parameter_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_db_parameter_group` InSpec audit resource to test properties of an AWS DB parameter group. - -#### db_parameter_group_name _(required)_ - -This resource accepts a single parameter, the DB parameter group name. This can be passed either as a string or as a `aws_db_parameter_group: 'value'` key-value entry in a hash. - -For additional information, including details on parameters and properties, see the [AWS documentation on DB parameter groups](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_db_parameter_group` resource block uses the parameter to select a parameter group. - -```ruby -describe aws_db_parameter_group(db_parameter_group_name: 'parameter-group-name-12345') do - it { should exist } -end -``` - -## Parameters - -`db_parameter_group_name` _(required)_ - -: This resource accepts a single parameter, the DB parameter group name. This can be passed either as a string or as a `aws_db_parameter_group: 'value'` key-value entry in a hash. - -## Properties - -`db_parameter_group_name` -: The name of the DB parameter group. - -`db_parameter_group_family` -: The name of the DB parameter group family that this DB parameter group is compatible with. - -`description` -: The customer-specified description for this DB parameter group. - -`db_parameter_group_arn` -: The Amazon Resource Name (ARN) for the DB parameter group. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBParameterGroup.html) - -## Examples - -**Verify the group name of a DB parameter group.** - -```ruby -describe aws_db_parameter_group(db_parameter_group_name: 'parameter-group-name-12345') do - its('db_parameter_group_name') { should eq 'parameter-group-name-12345' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_db_parameter_group(db_parameter_group_name: 'parameter-group-name-12345') do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_db_parameter_group(db_parameter_group_name: 'parameter-group-name-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBParameterGroupsMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_parameter_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_parameter_groups.md deleted file mode 100644 index 5e88e16d5f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_parameter_groups.md +++ /dev/null @@ -1,91 +0,0 @@ -+++ -title = "aws_db_parameter_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_db_parameter_groups" -identifier = "inspec/resources/aws/aws_db_parameter_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_db_parameter_groups` InSpec audit resource to test properties of a collection of AWS DB parameter groups. - -This resource does not expect any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on DB parameter groups](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure you have exactly three DB parameter groups: - -```ruby -describe aws_db_parameter_groups do - its('db_parameter_group_names.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`db_parameter_group_names` -: The name of the DB parameter group. - -`db_parameter_group_families` -: The name of the DB parameter group family that this DB parameter group is compatible with. - -`descriptions` -: Provides the customer-specified description for this DB parameter group. - -`db_parameter_group_arns` -: The Amazon Resource Name (ARN) for the DB parameter group. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBParameterGroup.html) - -## Examples - -**Ensure the group name of a DB parameter group exists.** - -```ruby -describe aws_db_parameter_groups do - its('db_parameter_group_names') { should include 'parameter-group-name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe method returns at least one result. - -```ruby -describe aws_db_parameter_groups.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_db_parameter_groups.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBParameterGroupsMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_subnet_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_subnet_group.md deleted file mode 100644 index 7a2688e539..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_subnet_group.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_db_subnet_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_db_subnet_group" -identifier = "inspec/resources/aws/aws_db_subnet_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_db_subnet_group` InSpec audit resource to test properties of a db subnet group. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - An `aws_db_subnet_group` resource block uses the parameter to select a subnet group. - -```ruby -describe aws_db_subnet_group(db_subnet_group_name: 'subnet-group-name-12345') do - it { should exist } -end -``` - - -## Parameters - -`db_subnet_group_name` _(required)_ - -: This resource accepts a single parameter, the DB Subnet Group Name. - This can be passed either as a string or as a `aws_db_subnet_group: 'value'` key-value entry in a hash. - -See the [AWS documentation on DB Subnet Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets). - - -## Properties - -`db_subnet_group_name` -: The name of the DB subnet group. - -`db_subnet_group_description` -: Provides the description of the DB subnet group. - -`vpc_id` -: Provides the VPC ID of the DB subnet group. - -`subnet_group_status` -: Provides the status of the DB subnet group. - -`subnets` -: Contains a list of Subnet elements. - -`db_subnet_group_arn` -: The Amazon Resource Name for the DB subnet group. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBSubnetGroup.html) - -## Examples - -**Check DB Subnet Group Name of a subnet group.** - -```ruby -describe aws_db_subnet_group(db_subnet_group_name: 'subnet-group-name-12345') do - its('db_subnet_group_name') { should eq 'subnet-group-name-12345' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_db_subnet_group(db_subnet_group_name: 'subnet-group-name-12345') do - it { should exist } -end -``` - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'subnet-group-name-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBSubnetGroupMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_subnet_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_subnet_groups.md deleted file mode 100644 index 5d0574d5c4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_db_subnet_groups.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "aws_db_subnet_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_db_subnet_groups" -identifier = "inspec/resources/aws/aws_db_subnet_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_db_subnet_groups` InSpec audit resource to test properties of a collection of AWS RDS subnet groups. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 subnet groups - -```ruby -describe aws_db_subnet_groups do - its('db_subnet_group_names.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`db_subnet_group_names` -: The name of the DB subnet group. - -`db_subnet_group_descriptions` -: Provides the description of the DB subnet group. - -`vpc_ids` -: Provides the VPC ID of the DB subnet group. - -`subnet_group_status` -: Provides the status of the DB subnet group. - -`subnets` -: Contains a list of Subnet elements. - -`db_subnet_group_arns` -: The Amazon Resource Name for the DB subnet group. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBSubnetGroup.html) - -## Examples - -**Ensure DB Subnet Group Name of a subnet group exists.** - -```ruby -describe aws_db_subnet_groups do - its('db_subnet_group_names') { should include 'subnet-group-name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_db_subnet_groups.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_db_subnet_groups.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBSubnetGroupMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dhcp_options.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dhcp_options.md deleted file mode 100644 index 974f7e5ff0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dhcp_options.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "aws_dhcp_options Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dhcp_options" -identifier = "inspec/resources/aws/aws_dhcp_options Resource" -parent = "inspec/resources/aws" -+++ -**DEPRECATION NOTICE** - -The **aws_dhcp_options** InSpec audit resource is deprecated and replaced by the `aws_ec2_dhcp_option` and `aws_ec2_dhcp_options` resources. - -Use the `aws_dhcp_options` InSpec audit resource to test properties of a single AWS DHCP Options. - -For additional information, including details on parameters and properties, see the [AWS documentation on EC2](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_dhcp_options` exists - -```ruby -describe aws_dhcp_options('dopt-0123456789abcdefg') do - it { should exist } -end -``` - -```ruby -describe aws_dhcp_options(dhcp_options_id: 'dopt-0123456789abcdefg') do - it { should exist } -end -``` - -## Parameters - -`dhcp_options_id` _(required)_ - -: This resource accepts a single parameter, the DHCP Options ID which uniquely identifies the DHCP Options. - This can be passed either as a string or as a `dhcp_options_id: 'value'` key-value entry in a hash. - -## Properties - -`dhcp_configurations` -: The list of dhcp configurations. - -`domain_name_servers` -: The list of domain name servers in the dhcp configuration. - -`ntp_servers` -: The list of ntp servers in the dhcp configuration. - -`tags` -: The tags of the DHCP Options. - -## Examples - -**Test tags on the DHCP options.** - -```ruby -describe aws_dhcp_options('dopt-0123456789abcdefg') do - its('tags') { should include(:Environment => 'env-name', - :Name => 'dhcp-options-name')} -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeDhcpOptionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_endpoint.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_endpoint.md deleted file mode 100644 index 45e289aa09..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_endpoint.md +++ /dev/null @@ -1,192 +0,0 @@ -+++ -title = "aws_dms_endpoint Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dms_endpoint" -identifier = "inspec/resources/aws/aws_dms_endpoint Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dms_endpoint` InSpec audit resource to test properties of a single specific AWS Database Migration Service (DMS) endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on DMS endpoints](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an arn exists. - -```ruby -describe aws_dms_endpoint(endpoint_arn: 'test-arn') do - it { should exist } -end -``` - -## Parameters - -`endpoint_arn` _(required)_ - -: The ARN of the DMS endpoint. - -## Properties - -`endpoint_identifier` -: The database endpoint identifier. - -`endpoint_type` -: The endpoint type. - -`engine_name` -: The type of engine for the endpoint. Valid values: `mysql`, `oracle`, `postgres`, `mariadb`, `aurora`, `aurora-postgresql`, `redshift`, `s3`, `db2`, `azuredb`, `sybase`, `dynamodb`, `mongodb`, `kinesis`, `kafka`, `elasticsearch`, `docdb`, `sqlserver`, and `neptune`. - -`engine_display_name` -: The expanded name for the engine name. - -`username` -: The user name used to connect to the endpoint. - -`server_name` -: The name of the server at the endpoint. - -`port` -: The port value used to access the endpoint. - -`database_name` -: The name of the database at the endpoint. - -`extra_connection_attributes` -: Additional connection attributes used to connect to the endpoint. - -`status` -: The status of the endpoint. - -`kms_key_id` -: An AWS KMS key identifier that is used to encrypt the connection parameters for the endpoint. - -`endpoint_arn` -: The ARN of the endpoint. - -`certificate_arn` -: The ARN used for SSL connection to the endpoint. - -`ssl_mode` -: The SSL mode used to connect to the endpoint. - -`service_access_role_arns` -: The ARN used by the service access IAM role. - -`external_table_definition` -: The external table definition. - -`external_id` -: Value returned by a call to CreateEndpoint that can be used for cross-account validation. - -`dynamo_db_settings` -: Settings in JSON format for the target Amazon DynamoDB endpoint. - -`s3_settings` -: Settings in JSON format for the target Amazon S3 endpoint. - -`dms_transfer_settings` -: The settings in JSON format for the DMS transfer type of source endpoint. - -`mongo_db_settings` -: The settings for the MongoDB source endpoint. - -`kinesis_settings` -: The settings for the Amazon Kinesis target endpoint. - -`kafka_settings` -: The settings for the Apache Kafka endpoint. - -`elasticsearch_settings` -: The settings for the Elasticsearch endpoint. - -`neptune_settings` -: The settings for the Amazon Neptune target endpoint. - -`redshift_settings` -: The settings for the Amazon Redshift endpoint. - -`postgre_sql_settings` -: The settings for the PostgreSQL source and target endpoint. - -`my_sql_settings` -: The settings for the MySQL source and target endpoint. - -`oracle_settings` -: The settings for the Oracle source and target endpoint. - -`sybase_settings` -: The settings for the SAP ASE source and target endpoint. - -`microsoft_sql_server_settings` -: The settings for the Microsoft SQL Server source and target endpoint. - -`ibm_db_2_settings` -: The settings for the IBM Db2 LUW source endpoint. - -`doc_db_settings` -: The settings for the DocumentDB endpoint. - -## Examples - -**Ensure an engine name is available.** - -```ruby -describe aws_dms_endpoint(endpoint_arn: 'ENDPOINT_ARN') do - its('engine_name') { should eq 'ENDPOINT_ENGINE_NAME' } -end -``` - -**Ensure that the endpoint listens to a specific port.** - -```ruby -describe aws_dms_endpoint(endpoint_arn: 'ENDPOINT_ARN') do - its('port') { should eq 3306 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_dms_endpoint(endpoint_arn: 'ENDPOINT_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_dms_endpoint(endpoint_arn: 'ENDPOINT_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the endpoint is available. - -```ruby -describe aws_dms_endpoint(endpoint_arn: 'ENDPOINT_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DatabaseMigrationService:Client:DescribeEndpointsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_endpoints.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_endpoints.md deleted file mode 100644 index 08d9f8abf3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_endpoints.md +++ /dev/null @@ -1,190 +0,0 @@ -+++ -title = "aws_dms_endpoints Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dms_endpoints" -identifier = "inspec/resources/aws/aws_dms_endpoints Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dms_endpoints` InSpec audit resource to test properties of a single specific AWS Database Migration Service (DMS) endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on DMS Endpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an endpoint exists. - -```ruby -describe aws_dms_endpoints do - it { should exist } -end -``` - -## Parameters - -There are no required parameters. - -## Properties - -`endpoint_identifiers` -: The database endpoint identifiers. - -`endpoint_types` -: The endpoint types. - -`engine_names` -: The type of engine for an endpoint. Valid values: `mysql`, `oracle`, `postgres`, `mariadb`, `aurora`, `aurora-postgresql`, `redshift`, `s3`, `db2`, `azuredb`, `sybase`, `dynamodb`, `mongodb`, `kinesis`, `kafka`, `elasticsearch`, `docdb`, `sqlserver`, and `neptune`. - -`engine_display_names` -: An expanded name for an engine name. - -`usernames` -: The user names used to connect to an endpoint. - -`server_names` -: The name of the server at an endpoint. - -`ports` -: The port value used to access an endpoint. - -`database_names` -: The name of the database at an endpoint. - -`extra_connection_attributes` -: Additional connection attributes used to connect to an endpoint. - -`statuses` -: The status of an endpoint. - -`kms_key_ids` -: An AWS KMS key identifier that is used to encrypt the connection parameters for an endpoint. - -`endpoint_arns` -: The ARN of an endpoint. - -`certificate_arns` -: The ARN used for SSL connection to an endpoint. - -`ssl_modes` -: The SSL mode used to connect to an endpoint. - -`service_access_role_arns` -: The ARN used by the service access IAM role. - -`external_table_definitions` -: The external table definition. - -`external_ids` -: Value returned by a call to CreateEndpoint that can be used for cross-account validation. - -`dynamo_db_settings` -: Settings in JSON format for an Amazon DynamoDB endpoint. - -`s3_settings` -: Settings in JSON format for an Amazon S3 endpoint. - -`dms_transfer_settings` -: The settings in JSON format for a DMS transfer type of source endpoint. - -`mongo_db_settings` -: The settings for a MongoDB source endpoint. - -`kinesis_settings` -: The settings for a Amazon Kinesis target endpoint. - -`kafka_settings` -: The settings for an Apache Kafka endpoint. - -`elasticsearch_settings` -: The settings for an Elasticsearch endpoint. - -`neptune_settings` -: The settings for an Amazon Neptune target endpoint. - -`redshift_settings` -: The settings for an Amazon Redshift endpoint. - -`postgre_sql_settings` -: The settings for a PostgreSQL source and target endpoint. - -`my_sql_settings` -: The settings for a MySQL source and target endpoint. - -`oracle_settings` -: The settings for an Oracle source and target endpoint. - -`sybase_settings` -: The settings for a SAP ASE source and target endpoint. - -`microsoft_sql_server_settings` -: The settings for a Microsoft SQL Server source and target endpoint. - -`ibm_db_2_settings` -: The settings for an IBM Db2 LUW source endpoint. - -`doc_db_settings` -: The settings for a DocumentDB endpoint. - -## Examples - -**Ensure an engine name is available.** - -```ruby -describe aws_dms_endpoints do - its('engine_names') { should include 'ENGINE_NAME' } -end -``` - -**Ensure that an endpoint listens to a specific port.** - -```ruby -describe aws_dms_endpoints do - its('ports') { should include 3306 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_dms_endpoints do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_dms_endpoints do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if an endpoint is available. - -```ruby -describe aws_dms_endpoints do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DatabaseMigrationService:Client:DescribeEndpointsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_instance.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_instance.md deleted file mode 100644 index c634b55c10..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_instance.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_dms_replication_instance Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dms_replication_instance" -identifier = "inspec/resources/aws/aws_dms_replication_instance Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dms_replication_instance` InSpec audit resource to test properties of a single AWS DMS replication instance. - -The AWS::DMS::ReplicationInstance resource creates an AWS DMS replication instance. - -For additional information, including details on parameters and properties, see the [AWS documentation on DMS replication instances](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationinstance.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a replication instance exists. - -```ruby -describe aws_dms_replication_instance do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`engine_version` -: The engine version of the replication instance. - -`replication_instance_class` -: The compute and memory capacity of the replication instance as defined for the specified replication instance class. - -`storage_type` -: The storage type of the replication instance. - -`min_allocated_storage` -: The min allocated storage of the replication instance. - -`max_allocated_storage` -: The max allocated storage of the replication instance. - -`default_allocated_storage` -: The default allocated storage of the replication instance in gigabytes. - -`included_allocated_storage` -: The included allocated storage of the replication instance in gigabytes. - -`availability_zones` -: The availability zones of the replication instance. - -`release_status` -: The release status of the replication instance. - -## Examples - -**Ensure an engine version is available.** - -```ruby -describe aws_dms_replication_instance do - its('engine_version') { should eq '3.4.4' } -end -``` - -**Ensure that the replication instance class is `dms.c4.2xlarge`.** - -```ruby -describe aws_dms_replication_instance do - its('replication_instance_class') { should eq 'dms.c4.2xlarge' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_dms_replication_instance do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_dms_replication_instance do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_dms_replication_instance do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DatabaseMigrationService:Client:DescribeOrderableReplicationInstancesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_instances.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_instances.md deleted file mode 100644 index ffdba0cd9b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_instances.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_dms_replication_instances Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dms_replication_instances" -identifier = "inspec/resources/aws/aws_dms_replication_instances Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dms_replication_instances` InSpec audit resource to test properties of multiple AWS DMS replication instances. - -The AWS::DMS::ReplicationInstance resource creates an AWS DMS replication instance. - -For additional information, including details on parameters and properties, see the [AWS documentation on DMS Replication Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationinstance.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -### Ensure that a replication instance exists. - -```ruby -describe aws_dms_replication_instances do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`engine_versions` -: The engine versions of the replication instance. - -`replication_instance_classes` -: The compute and memory capacity of the replication instance as defined for the specified replication instance class. - -`storage_types` -: The storage types of the replication instance. - -`min_allocated_storages` -: The min allocated storages of the replication instance. - -`max_allocated_storages` -: The max allocated storages of the replication instance. - -`default_allocated_storages` -: The default allocated storages of the replication instance in gigabytes. - -`included_allocated_storages` -: The included allocated storages of the replication instance in gigabytes. - -`availability_zones` -: The availability zones of the replication instance. - -`release_statuses` -: The release statuses of the replication instance. - -## Examples - -**Ensure an engine version is available.** - -```ruby -describe aws_dms_replication_instances do - its('engine_versions') { should include '3.4.4' } -end -``` - -**Ensure that the classes are available.** - -```ruby -describe aws_dms_replication_instances do - its('replication_instance_classes') { should include 'dms.c4.2xlarge' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -### Use `should` to test that the entity exists. - -```ruby -describe aws_dms_replication_instances do - it { should exist } -end -``` - -### Use `should_not` to test the entity does not exist. - -```ruby -describe aws_dms_replication_instances do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work group name is available. - -```ruby -describe aws_dms_replication_instances do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DatabaseMigrationService:Client:DescribeOrderableReplicationInstancesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_subnet_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_subnet_group.md deleted file mode 100644 index e8ae3133ce..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_subnet_group.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_dms_replication_subnet_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dms_replication_subnet_group" -identifier = "inspec/resources/aws/aws_dms_replication_subnet_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dms_replication_subnet_group` InSpec audit resource to test properties of a single DMS replication instance subnet group. - -For additional information, including details on parameters and properties, see the [AWS documentation on DMS Replication Subnet Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationsubnetgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a subnet group identifier exists. - -```ruby -describe aws_dms_replication_subnet_group(replication_subnet_group_identifier: 'test1') do - it { should exist } -end -``` - -## Parameters - -`replication_subnet_group_identifier` _(required)_ - -: The identifier for the replication subnet group. - -## Properties - -`replication_subnet_group_identifier` -: The identifier of the replication subnet group. - -`replication_subnet_group_description` -: The description of the replication subnet group. - -`vpc_id` -: The ID of the virtual private cloud. - -`subnet_group_status` -: The status of the replication subnet group. - -`subnets` -: The subnets that are in the replication subnet group. - -## Examples - -**Ensure a identifier is available.** - -```ruby -describe aws_dms_replication_subnet_group(replication_subnet_group_identifier: 'SUBNET_GROUP_IDENTIFIER') do - its('replication_subnet_group_identifier') { should eq 'SUBNET_GROUP_IDENTIFIER' } -end -``` - -**Ensure that the vpc is available.** - -```ruby -describe aws_dms_replication_subnet_group(replication_subnet_group_identifier: 'SUBNET_GROUP_IDENTIFIER') do - its('vpc_id') { should eq 'VPC_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_dms_replication_subnet_group(replication_subnet_group_identifier: 'SUBNET_GROUP_IDENTIFIER') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_dms_replication_subnet_group(replication_subnet_group_identifier: 'SUBNET_GROUP_IDENTIFIER') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the identifier is available. - -```ruby -describe aws_dms_replication_subnet_group(replication_subnet_group_identifier: 'SUBNET_GROUP_IDENTIFIER') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DatabaseMigrationService:Client:DescribeReplicationSubnetGroupsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_subnet_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_subnet_groups.md deleted file mode 100644 index ad999a0b73..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dms_replication_subnet_groups.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "aws_dms_replication_subnet_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dms_replication_subnet_groups" -identifier = "inspec/resources/aws/aws_dms_replication_subnet_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dms_replication_subnet_groups` InSpec audit resource to test properties of multiple DMS replication instance subnet groups. - -For additional information, including details on parameters and properties, see the [AWS documentation on DMS Replication Subnet Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationsubnetgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a subnet group exists. - -```ruby -describe aws_dms_replication_subnet_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`replication_subnet_group_identifiers` -: The identifiers of the replication subnet groups. - -`replication_subnet_group_descriptions` -: The descriptions of the replication subnet groups. - -`vpc_ids` -: The IDs of the virtual private clouds. - -`subnet_group_statuses` -: The statuses of the replication subnet groups. - -`subnets` -: The subnets that are in the replication subnet groups. - -## Examples - -**Ensure an identifier is available.** - -```ruby -describe aws_dms_replication_subnet_groups do - its('replication_subnet_group_identifiers') { should include 'REPLICATION_SUBNET_GROUP_IDENTIFIER' } -end -``` - -**Ensure that the VPC is available.** - -```ruby -describe aws_dms_replication_subnet_groups do - its('vpc_ids') { should include 'VPC_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_dms_replication_subnet_groups do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_dms_replication_subnet_groups do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_dms_replication_subnet_groups do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DatabaseMigrationService:Client:DescribeReplicationSubnetGroupsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dynamodb_table.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dynamodb_table.md deleted file mode 100644 index 9b6ceec950..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dynamodb_table.md +++ /dev/null @@ -1,157 +0,0 @@ -+++ -title = "aws_dynamodb_table Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dynamodb_table" -identifier = "inspec/resources/aws/aws_dynamodb_table Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dynamodb_table` InSpec audit resource to test properties of a single DynamoDb Table. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -### Ensure an DynamoDb Table exists. - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - it { should exist } -end -``` - -## Parameters - -`table_name` _(required)_ - -: The table name used by this DynamoDb Table. This must be passed as a `table_name: 'value'` key-value entry in a hash. - -## Properties - -`table_name` -: The name of the DynamoDb Table. - -`table_status` -: The status of the DynamoDb Table. - -`table_arn` -: The Amazon Resource Names of the DynamoDb Table. - -`creation_date` -: The date the DynamoDb Table was created. eg. `01/01/2019`. - -`number_of_decreases_today` -: The number of provisioned throughput decreases for this table during this UTC calendar day. - -`write_capacity_units` -: The maximum number of writes consumed per second before DynamoDb returns a ThrottlingException. - -`read_capacity_units` -: The maximum number of strongly consistent reads consumed per second before DynamoDb returns a ThrottlingException. - -`item_count` -: The number of entries in the DynamoDb Table. - -`attributes` -: An array of attributes that describe the key schema for the table and indexes. This is returned as a hash. Each entry is composed of: `attribute_name` - The name of this key attribute. `attribute_type` - The datatype of the attribute : `B` - Boolean, `N` - Number, `S` - string. - -`key_schema` -: Specifies the attributes that make up the primary key for a table or an index. This is returned as a hash. The attributes in KeySchema must also be defined in the Attributes array. Each element in the KeySchemaElement array is composed of: `attribute_name` - The name of this key attribute. `key_type` - The role that the key attribute will assume: `HASH` - partition key, `RANGE` - sort key. - -`global_secondary_indexes` -: A list of global secondary indexes if there is any referenced on the selected table. - -## Examples - -**Ensure DynamoDb Table status is active.** - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - its('table_status') { should eq 'ACTIVE' } -end -``` - -**Ensure DynamoDb Table has an attribute.** - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - its('attributes') { should_not be_empty } - its('attributes') { should include({:attribute_name =>'table_field', :attribute_type =>'N'}) } -end -``` - -**Ensure DynamoDb Table has a key_schema.** - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - its('key_schema') { should_not be_empty } - its('key_schema') { should include({:attribute_name =>'table_field', :key_type =>'HASH'}) } -end -``` - -**Ensure DynamoDb Table has the correct global secondary indexes set.** - -```ruby -aws_dynamodb_table(table_name: 'table-name').global_secondary_indexes.each do |global_sec_idx| - describe global_sec_idx do - its('index_name') { should eq 'TitleIndex' } - its('index_status') { should eq 'ACTIVE' } - its('key_schema') { should include({:attribute_name =>'Title', :key_type =>'HASH'}) } - its('provisioned_throughput.write_capacity_units') { should cmp 10 } - its('provisioned_throughput.read_capacity_units') { should cmp 10 } - its('projection.projection_type') { should eq 'INCLUDE' } - end -end -``` - -**Ensure DynamoDb Table is encrypted.** - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - it { should be_encrypted} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -#### be_encrypted - -The `be_encrypted` matcher tests if the DynamoDB Table is encrypted. - -```ruby -it { should be_encrypted } -``` - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - it { should exist } -end -``` - -```ruby -describe aws_dynamodb_table(table_name: 'table-name') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DynamoDB:Client:DescribeTableOutput" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Dynamodb](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazondynamodb.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dynamodb_tables.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dynamodb_tables.md deleted file mode 100644 index 67f4c75774..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_dynamodb_tables.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "aws_dynamodb_tables Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_dynamodb_tables" -identifier = "inspec/resources/aws/aws_dynamodb_tables Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_dynamodb_table` InSpec audit resource to test properties of a collection of AWS DynamoDB Table. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure exactly 3 DynamoDB Tables exist. - -```ruby -describe aws_dynamodb_tables do - its('names.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`table_names` -: The names of the tables associated with the current account at the current endpoint. - - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListTables.html) - -## Examples - -**Ensure DynamoDB Tables are encrypted.** - -```ruby -aws_dynamodb_tables.table_names.each do |table| - describe aws_dynamodb_table(table_name: table) do - it { should exist } - it { should be_encrypted} - end -end -``` - -**Ensure the DynamoDB Tables exists and encrypted.** - -```ruby -aws_dynamodb_tables.where(table_names: 'table_name').table_names.each do |table| - describe aws_dynamodb_table(table_name: table) do - it { should exist } - it { should be_encrypted } - end -end -``` - -**Ensure the DynamoDB table exist.** - -```ruby -describe aws_dynamodb_tables do - its('table_names') { should include 'table_name'} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test the entity should exist. - -```ruby -describe aws_dynamodb_tables.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_dynamodb_tables.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="DynamoDB:Client:ListTablesOutput" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Dynamodb](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazondynamodb.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_snapshot.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_snapshot.md deleted file mode 100644 index 421e00c727..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_snapshot.md +++ /dev/null @@ -1,187 +0,0 @@ -+++ -title = "aws_ebs_snapshot Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ebs_snapshot" -identifier = "inspec/resources/aws/aws_ebs_snapshot Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ebs_snapshot` InSpec audit resource to test properties of a single AWS EBS Snapshot. These are point-in-time -incremental backups of AWS EBS volumes that are saved to AWS S3. - -For additional information, including details on parameters and properties, see the [AWS documentation on EBS Snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure an EBS Snapshot exists: - -```ruby -describe aws_ebs_snapshot(snapshot_id: 'SNAPSHOT_ID') do - it { should exist } -end -``` - -You may also use hash syntax to pass the EBS volume name: - -```ruby -describe aws_ebs_snapshot(name: 'SNAPSHOT_ID') do - it { should exist } -end -``` - -## Parameters - -This resource accepts a single parameter, either the EBS Snapshot ID or name (from the Name tag). At least one must be provided. - -`snapshot_id` - -: The EBS Snapshot ID which uniquely identifies the volume. - This can be passed as either a string or an `snapshot_id: 'value'` key-value entry in a hash. - -`name` _(required if `snapshot_id` not provided)_ - -: The EBS volume name from the name tag. This must be passed as a `name: 'value'` key-value entry in a hash. - It is not advised to use this parameter if your Name tags for your snapshots are not unique, as at most one entry is returned. - -## Properties - -`snapshot_id` -: The unique ID for the EBS Snapshot. - -`encrypted` -: A boolean indicating whether the EBS Snapshot is encrypted. - -`data_encryption_key_id` -: The data encryption key identifier for the EBS Snapshot. - -`description` -: The description for the EBS Snapshot. - -`group` -: Either set to `'all'` if the EBS Snapshot is public (anyone can create a volume from the EBS Snapshot), or `nil`. - -`kms_key_id` -: The ARN of the AWS KMS customer master key that was used to protect the volume encryption key for the parent volume. - -`outpost_arn` -: The ARN of the AWS Outpost on which the EBS Snapshot is stored. - -`owner_alias` -: The AWS owner alias, from an Amazon-maintained list. - -`owner_id` -: The AWS account ID of the EBS Snapshot owner. - -`progress` -: The progress of the EBS Snapshot, as a percentage, e.g. `'100%'`. - -`start_time` -: The time stamp when the EBS Snapshot was initiated. - -`state` -: The EBS Snapshot state. - -`state_message` -: A message about the EBS Snapshot state. - -`tags` -: A hash of tags for the EBS Snapshot, e.g. `{'Name' => 'snapshot-name'}` . - -`user_ids` -: An array of user_ids (account numbers) that have been granted permission to create a volume from this EBS Snapshot. - -`volume_id` -: The ID of the volume that was used to create the EBS Snapshot. - -`volume_size` -: The size of the volume, in GiB. - -## Examples - -**Test that an EBS Snapshot is encrypted.** - -```ruby -describe aws_ebs_snapshot(id: 'SNAPSHOT_ID')do - its('encrypted') { should eq true } -end -``` - -**Test that an EBS Snapshot has the expected Name tag.** - -```ruby -describe aws_ebs_snapshot(id: 'SNAPSHOT_ID') do - its('tags') { should include(key: 'Name', value: 'SNAPSHOT_NAME') } -end -``` - -**Tests that no specified accounts have been given access to create volumes from this EBS Snapshot.** - -```ruby -describe aws_ebs_snapshot(id: 'SNAPSHOT_ID') do - its('user_ids') { should be_empty } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_ebs_snapshot(name: 'SNAPSHOT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ebs_snapshot(id: 'SNAPSHOT_ID') do - it { should_not exist } -end -``` - -### be_encrypted - -The `be_encrypted` matcher tests whether the described EBS Snapshot is encrypted. - -```ruby -it { should be_encrypted } -``` - -### be_public - -The `be_public` matcher tests whether the described EBS Snapshot is public, i.e. if anyone may create a volume from the EBS Snapshot. - -```ruby -it { should be_public } -``` - -### be_private - -The `be_private` matcher tests whether the described EBS Snapshot is private, i.e. not open for anyone to create a volume from -the EBS Snapshot. It does not check whether specific user_ids (AWS accounts) have been given access to create a volume from the -EBS Snapshot). To check permissions for specific user_ids, see the last example in the previous section. - -```ruby -it { should be_private } -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `EC2:Client::DescribeSnapshotsResult` and `EC2:Client:DescribeSnapshotAttributeResult` actions with `Effect` set to `Allow`. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_snapshots.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_snapshots.md deleted file mode 100644 index cb3bb78de2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_snapshots.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_ebs_snapshots Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ebs_snapshots" -identifier = "inspec/resources/aws/aws_ebs_snapshots Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ebs_snapshots` InSpec audit resource to test properties of a collection of AWS EBS Snapshots. - -For additional information, including details on parameters and properties, see the [AWS documentation on EBS Snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSsnapshots.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 EBS Snapshots: - -```ruby -describe aws_ebs_snapshots do - its('snapshot_ids.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`snapshot_ids` -: An array of the unique IDs of the EBS Snapshots that are returned. - -`owner_ids` -: An array of AWS Account IDs of the owners of the EBS Snapshots that are returned. - -`encrypted` -: An array of booleans indicating whether the EBS Snapshots returned are encrypted. - -`tags` -: An array of hashes; each hash is a set of keys and values for tags for one of the EBS Snapshots returned, and may be empty. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a specific EBS Snapshot exists.** - -```ruby -describe aws_ebs_snapshots do - its('snapshot_ids') { should include 'SNAPSHOT_ID' } -end -``` - -**Use the InSpec resource to request the IDs of all EBS Snapshots, then test in-depth using `aws_ebs_snapshot` to ensure all EBS Snapshots are encrypted and not public.** - -```ruby -aws_ebs_snapshots.snapshot_ids.each do |snapshot_id| - describe aws_ebs_snapshot(snapshot_id: snapshot_id) do - it { should be_encrypted } - it { should_not be_public } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_ebs_snapshots do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ebs_snapshots do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client::DescribeSnapshotsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_volume.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_volume.md deleted file mode 100644 index 7a6a931744..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_volume.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_ebs_volume Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ebs_volume" -identifier = "inspec/resources/aws/aws_ebs_volume Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ebs_volume` InSpec audit resource to test the properties of a single AWS EBS volume. - -For additional information, including details on parameters and properties, see the [AWS documentation on EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure an EBS exists - -```ruby -describe aws_ebs_volume('VOLUME-01a2349e94458a507') do - it { should exist } -end -``` - -You may also use hash syntax to pass the EBS volume name. - -```ruby -describe aws_ebs_volume(name: 'DATA-VOLUME') do - it { should exist } -end -``` - -## Parameters - -This resource accepts a single parameter, either the EBS volume name or ID. _mandatory_ - -`volume_id` _(required if `name` not provided)_ - -: The EBS volume ID which uniquely identifies the volume. This can be passed as either a string or an `volume_id: 'value'` key-value entry in a hash. - -`name` _(required if `volume_id` not provided)_ - -: The EBS volume name which uniquely identifies the volume. This must be passed as a `name: 'value'` key-value entry in a hash. - -## Properties - -`availability_zone` -: The availability zone for the volume. - -`encrypted` -: Indicates whether the volume is encrypted. - -`iops` -: The number of I/O operations per second (IOPS) that the volume supports. - -`kms_key_id` -: The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) is used to protect the encryption key for the volume. - -`size` -: The size of the volume in GiBs. - -`snapshot_id` -: The snapshot from which the volume is created, if applicable. - -`status` -: The volume state. - -`volume_type` -: The volume type. - -## Examples - -**Test that an EBS Volume does not exist.** - -```ruby -describe aws_ebs_volume(name: 'DATA-VOLUME') do - it { should_not exist } -end -``` - -**Test that an EBS Volume is encrypted.** - -```ruby -describe aws_ebs_volume(name: 'SECURE_DATA-VOLUME') do - it { should be_encrypted } -end -``` - -**Test that an EBS Volume has the correct size.** - -```ruby -describe aws_ebs_volume(name: 'DATA-VOLUME') do - its('size') { should cmp 32 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ebs_volume(name: 'DATA-VOLUME') do - it { should exist } -end -``` - -```ruby -describe aws_ebs_volume(name: 'DATA-VOLUME') do - it { should_not exist } -end -``` - -#### be_encrypted - -The `be_encrypted` matcher tests if the described EBS volume is encrypted. - -```ruby -it { should be_encrypted } -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVolumesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_volumes.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_volumes.md deleted file mode 100644 index 86c1b73e2b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ebs_volumes.md +++ /dev/null @@ -1,138 +0,0 @@ -+++ -title = "aws_ebs_volumes Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ebs_volumes" -identifier = "inspec/resources/aws/aws_ebs_volumes Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ebs_volumes` InSpec audit resource to test the properties of a collection of AWS EBS volumes. - -EBS volumes are persistent block storage volumes for Amazon EC2 instances in the AWS Cloud. - -For additional information, including details on parameters and properties, see the [AWS documentation on EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly three volumes. - -```ruby -describe aws_ebs_volumes do - its('VOLUME_ID_COUNT') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`attachments` -: The EBS volume attachments returned. - -`availability_zones` -: The list of availability zones in use by the EBS volumes. - -`create_times` -: The creation times of the EBS volumes. - -`encrypted` -: The list of true/false values indicating whether the EBS volumes are encrypted. - -`fast_restored` -: The list of true/false values indicating whether the EBS volume is created with a snapshot enabled for fast snapshot restore. - -`iops` -: The list of I/O per second for each EBS volume. - -`kms_key_ids` -: The list of ARNs for EBS volume KMS keys. - -`multi_attach_enabled` -: The list of boolean values indicating whether the EBS volume is multi-attach enabled. - -`outpost_arns` -: The list of ARNs of outposts. - -`sizes` -: The list of EBS volume sizes. - -`snapshot_ids` -: The list of snapshots from which EBS volumes are created. - -`states` -: The list of volume states returned. - -`tags` -: The list of volume tags returned. - -`volume_ids` -: The unique IDs of the EBS volumes returned. - -`volume_types` -: The list of volume types returned. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a specific volume exists.** - -```ruby -describe aws_ebs_volumes do - its('VOLUME_IDs') { should include 'VOLUME-12345678' } -end -``` - -**Request the EBS volumes IDs.** - -Test in-depth using `aws_ebs_volume` to ensure all volumes are encrypted and have a sensible size. - -```ruby -aws_ebs_volumes.volume_ids.each do |volume_id| - describe aws_ebs_volume(volume_id) do - it { should be_encrypted } - its('size') { should be > 10 } - its('iops') { should cmp 100 } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ebs_volumes do - it { should exist } -end -``` - -```ruby -describe aws_ebs_volumes do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVolumesResult" %}} -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_capacity_reservation.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_capacity_reservation.md deleted file mode 100644 index 41432061d5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_capacity_reservation.md +++ /dev/null @@ -1,155 +0,0 @@ -+++ -title = "aws_ec2_capacity_reservation Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_capacity_reservation" -identifier = "inspec/resources/aws/aws_ec2_capacity_reservation Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_capacity_reservation` InSpec audit resource to test properties of the singular resource of AWS EC2 Capacity Reservation. - -The `AWS::EC2::CapacityReservation` resource type creates a new Capacity Reservation with the specified attributes. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Capacity Reservation.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-capacityreservation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the Capacity Reservation Id exists. - -```ruby -describe aws_ec2_capacity_reservation(capacity_reservation_id: 'CAPACITY_RESERVATION_ID') do - it { should exist } -end -``` - -## Parameters - -`capacity_reservation_id` _(required)_ - -: The ID of the Capacity Reservation. - -## Properties - -`capacity_reservation_id` -: The ID of the Capacity Reservation. - -`owner_id` -: The ID of the Amazon Web Services account that owns the Capacity Reservation. - -`capacity_reservation_arn` -: The Amazon Resource Name (ARN) of the Capacity Reservation. - -`availability_zone_id` -: The Availability Zone ID of the Capacity Reservation. - -`instance_type` -: The type of instance for which the Capacity Reservation reserves capacity. - -`instance_platform` -: The type of operating system for which the Capacity Reservation reserves capacity. - -`availability_zone` -: The Availability Zone in which the capacity is reserved. - -`tenancy` -: Indicates the tenancy of the Capacity Reservation. - -`total_instance_count` -: The total number of instances for which the Capacity Reservation reserves capacity. - -`available_instance_count` -: The remaining capacity. - -`ebs_optimized` -: Indicates whether the Capacity Reservation supports EBS-optimized instances. - -`ephemeral_storage` -: Indicates whether the Capacity Reservation supports instances with temporary, block-level storage. - -`state` -: The current state of the Capacity Reservation. - -`start_date` -: The date and time at which the Capacity Reservation was started. - -`end_date` -: The date and time at which the Capacity Reservation expires. - -`end_date_type` -: Indicates the way in which the Capacity Reservation ends. - -`instance_match_criteria` -: Indicates the type of instance launches that the Capacity Reservation accepts. - -`create_date` -: The date and time at which the Capacity Reservation was created. - -`tags` -: Any tags assigned to the Capacity Reservation. - -`outpost_arn` -: The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created. - -## Examples - -**Ensure a Capacity Reservation ID is available.** - -```ruby -describe aws_ec2_capacity_reservation(capacity_reservation_id: 'CAPACITY_RESERVATION_ID') do - its('capacity_reservation_id') { should eq 'CAPACITY_RESERVATION_ID' } -end -``` - -**Ensure that the state is `active`.** - -```ruby -describe aws_ec2_capacity_reservation(capacity_reservation_id: 'CAPACITY_RESERVATION_ID') do - its('state') { should eq 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_capacity_reservation(capacity_reservation_id: 'CAPACITY_RESERVATION_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_capacity_reservation(capacity_reservation_id: 'CAPACITY_RESERVATION_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_capacity_reservation(capacity_reservation_id: 'CAPACITY_RESERVATION_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeCapacityReservationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_capacity_reservations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_capacity_reservations.md deleted file mode 100644 index f66e5244c0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_capacity_reservations.md +++ /dev/null @@ -1,183 +0,0 @@ -+++ -title = "aws_ec2_capacity_reservations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_capacity_reservations" -identifier = "inspec/resources/aws/aws_ec2_capacity_reservations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_capacity_reservations` InSpec audit resource to test properties of the plural resource of AWS EC2 Capacity Reservation. - -The `AWS::EC2::CapacityReservation` resource type creates a new Capacity Reservation with the specified attributes. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Capacity Reservation.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-capacityreservation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the Capacity Reservation ID exists. - -```ruby -describe aws_ec2_capacity_reservations do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`capacity_reservation_ids` -: The ID of the Capacity Reservation. - -: **Field**: `capacity_reservation_id` - -`owner_ids` -: The ID of the Amazon Web Services account that owns the Capacity Reservation. - -: **Field**: `owner_id` - -`capacity_reservation_arns` -: The Amazon Resource Name (ARN) of the Capacity Reservation. - -: **Field**: `capacity_reservation_arn` - -`availability_zone_ids` -: The Availability Zone ID of the Capacity Reservation. - -: **Field**: `availability_zone_id` - -`instance_types` -: The type of instance for which the Capacity Reservation reserves capacity. - -: **Field**: `instance_type` - -`instance_platforms` -: The type of operating system for which the Capacity Reservation reserves capacity. - -: **Field**: `instance_platform` - -`availability_zones` -: The Availability Zone in which the capacity is reserved. - -: **Field**: `availability_zone` - -`tenancies` -: Indicates the tenancy of the Capacity Reservation. - -: **Field**: `tenancy` - -`total_instance_counts` -: The total number of instances for which the Capacity Reservation reserves capacity. - -: **Field**: `total_instance_count` - -`available_instance_counts` -: The remaining capacity. - -: **Field**: `available_instance_count` - -`ebs_optimized` -: Indicates whether the Capacity Reservation supports EBS-optimized instances. - -: **Field**: `ebs_optimized` - -`ephemeral_storages` -: Indicates whether the Capacity Reservation supports instances with temporary, block-level storage. - -: **Field**: `ephemeral_storage` - -`states` -: The current state of the Capacity Reservation. - -: **Field**: `state` - -`start_dates` -: The date and time at which the Capacity Reservation was started. - -: **Field**: `start_date` - -`end_dates` -: The date and time at which the Capacity Reservation expires. - -: **Field**: `end_date` - -`end_date_types` -: Indicates the way in which the Capacity Reservation ends. - -: **Field**: `end_date_type` - -`instance_match_criterias` -: Indicates the type of instance launches that the Capacity Reservation accepts. - -: **Field**: `instance_match_criteria` - -`create_dates` -: The date and time at which the Capacity Reservation was created. - -: **Field**: `create_date` - -`tags` -: Any tags assigned to the Capacity Reservation. - -: **Field**: `tags` - -`outpost_arns` -: The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created. - -: **Field**: `outpost_arn` - -## Examples - -**Ensure a Capacity Reservation ID is available.** - -```ruby -describe aws_ec2_capacity_reservations do - its('capacity_reservation_ids') { should include 'CAPACITY_RESERVATION_ID' } -end -``` - -**Ensure that the state is `active`.** - -```ruby -describe aws_ec2_capacity_reservations do - its('states') { should include 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_capacity_reservations do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_capacity_reservations do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeCapacityReservationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_carrier_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_carrier_gateway.md deleted file mode 100644 index 7e438135dd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_carrier_gateway.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "aws_ec2_carrier_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_carrier_gateway" -identifier = "inspec/resources/aws/aws_ec2_carrier_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_carrier_gateway` InSpec audit resource to test properties of a specific AWS EC2 carrier gateway. - -The AWS::EC2::CarrierGateway resource creates a carrier gateway. - -`carrier_gateway_id` _(required)_ - - The ID of the carrier gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Carrier Gateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-carriergateway.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the carrier gateway exists. - -```ruby -describe aws_ec2_carrier_gateway(carrier_gateway_id: "GATEWAY_ID") do - it { should exist } -end -``` - -## Parameters - -`carrier_gateway_id` _(required)_ - - The ID of the carrier gateway. - -## Properties - -`carrier_gateway_id` -: The ID of the carrier gateway. - -`vpc_id` -: The ID of the VPC (Virtual Private Cloud) associated with the carrier gateway. - -`state` -: The state of the carrier gateway. - -`owner_id` -: The Amazon Web Services account ID of the owner of the carrier gateway. - -`tags` -: The tags assigned to the carrier gateway. - -## Examples - -**Ensure a carrier gateway ID is available.** - -```ruby -describe aws_ec2_carrier_gateway(carrier_gateway_id: "GATEWAY_ID") do - its('carrier_gateway_id') { should eq 'GATEWAY_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_carrier_gateway(carrier_gateway_id: "GATEWAY_ID") do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_carrier_gateway(carrier_gateway_id: "GATEWAY_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_carrier_gateway(carrier_gateway_id: "GATEWAY_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_carrier_gateway(carrier_gateway_id: "GATEWAY_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeCarrierGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_carrier_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_carrier_gateways.md deleted file mode 100644 index 7cea57d38a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_carrier_gateways.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_ec2_carrier_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_carrier_gateways" -identifier = "inspec/resources/aws/aws_ec2_carrier_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_carrier_gateways` InSpec audit resource to test properties of the plural resource of AWS EC2 carrier gateway. - -The AWS::EC2::CarrierGateway resource creates a carrier gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Carrier Gateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-carriergateway.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the carrier gateway exists. - -```ruby -describe aws_ec2_carrier_gateways do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`carrier_gateway_ids` -: The ID of the carrier gateway. - -: **Field**: `carrier_gateway_id` - -`vpc_ids` -: The ID of the VPC (Virtual Private Cloud) associated with the carrier gateway. - -: **Field**: `vpc_id` - -`states` -: The state of the carrier gateway. - -: **Field**: `state` - -`owner_ids` -: The Amazon Web Services account ID of the owner of the carrier gateway. - -: **Field**: `owner_id` - -`tags` -: The tags assigned to the carrier gateway. - -: **Field**: `tags` - -## Examples - -**Ensure a carrier gateway ID is available.** - -```ruby -describe aws_ec2_carrier_gateways do - its('carrier_gateway_ids') { should include 'GATEWAY_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_carrier_gateways do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_carrier_gateways do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_carrier_gateways do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeCarrierGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_authorization_rule.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_authorization_rule.md deleted file mode 100644 index 2634d8eecf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_authorization_rule.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_authorization_rule Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_authorization_rule" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_authorization_rule Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_authorization_rule` InSpec audit resource to test properties of a single specific AWS EC2 Client VPN authorization rule. - -The `AWS::EC2::ClientVpnAuthorizationRule` specifies an ingress authorization rule to add to a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Client VPN authorization rule.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnauthorizationrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN endpoint association rule exists. - -```ruby -describe aws_ec2_client_vpn_authorization_rule(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint. - -`group_id` _(required)_ - -: The ID of the Active Directory group to which the authorization rule grants access. - -## Properties - -`client_vpn_endpoint_id` -: The ID of the Client VPN endpoint with which the authorization rule is associated. - -`description` -: A brief description of the authorization rule. - -`group_id` -: The ID of the Active Directory group to which the authorization rule grants access. - -`access_all` -: Indicates whether the authorization rule grants access to all clients. - -`destination_cidr` -: The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies. - -`status.code` -: The state of the authorization rule. - -`status.message` -: A message about the status of the authorization rule, if applicable. - -## Examples - -**Ensure a client VPN endpoint ID is available.** - -```ruby -describe aws_ec2_client_vpn_authorization_rule(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - its('client_vpn_endpoint_id') { should eq 'CLIENT_VPN_ENDPOINT_ID' } -end -``` - -**Ensure that the status code is `active`.** - -```ruby -describe aws_ec2_client_vpn_authorization_rule(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - its('status.code') { should eq 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_authorization_rule(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_authorization_rule(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_authorization_rule(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnAuthorizationRulesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_authorization_rules.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_authorization_rules.md deleted file mode 100644 index 807f2d9076..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_authorization_rules.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_authorization_rules Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_authorization_rules" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_authorization_rules Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_authorization_rules` InSpec audit resource to test properties of a single specific AWS EC2 Client VPN authorization rule. - -The AWS::EC2::ClientVpnAuthorizationRule specifies an ingress authorization rule to add to a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Client VPN authorization rule.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnauthorizationrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN endpoint association rule exists. - -```ruby -describe aws_ec2_client_vpn_authorization_rules(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint. - -## Properties - -`client_vpn_endpoint_ids` -: The ID of the Client VPN endpoint with which the authorization rule is associated. - -: **Field**: `client_vpn_endpoint_id` - -`descriptions` -: A brief description of the authorization rule. - -: **Field**: `description` - -`group_ids` -: The ID of the Active Directory group to which the authorization rule grants access. - -: **Field**: `group_id` - -`access_all` -: Indicates whether the authorization rule grants access to all clients. - -: **Field**: `access_all` - -`destination_cidrs` -: The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies. - -: **Field**: `destination_cidr` - -`status_codes` -: The status of the authorization rule. - -: **Field**: `status_code` - -`status_messages` -: A message about the status of the authorization rule, if applicable. - -: **Field**: `status_message` - -## Examples - -**Ensure a client VPN endpoint ID is available.** - -```ruby -describe aws_ec2_client_vpn_authorization_rules(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - its('client_vpn_endpoint_ids') { should include 'CLIENT_VPN_ENDPOINT_ID' } -end -``` - -**Ensure that the status code is `active`.** - -```ruby -describe aws_ec2_client_vpn_authorization_rules(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - its('status_codes') { should include 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_authorization_rules(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_authorization_rules(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_authorization_rules(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", group_id: "GROUP_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnAuthorizationRulesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_endpoint.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_endpoint.md deleted file mode 100644 index 6082c7f89f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_endpoint.md +++ /dev/null @@ -1,197 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_endpoint Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_endpoint" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_endpoint Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_endpoint` InSpec audit resource to test properties of a single specific AWS EC2 Client VPN endpoint. - -The `AWS::EC2::ClientVpnEndpoint` specifies a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 ClientVpnEndpoint.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN endpoint exists. - -```ruby -describe aws_ec2_client_vpn_endpoint(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint. - -## Properties - -`client_vpn_endpoint_id` -: The ID of the Client VPN endpoint. - -`description` -: A brief description of the endpoint. - -`status.code` -: The state of the Client VPN endpoint. - -`status.message` -: A message about the status of the Client VPN endpoint. - -`creation_time` -: The date and time the Client VPN endpoint was created. - -`deletion_time` -: The date and time the Client VPN endpoint was deleted, if applicable. - -`dns_name` -: The DNS name to be used by clients when connecting to the Client VPN endpoint. - -`client_cidr_block` -: The IPv4 address range, in CIDR notation, from which client IP addresses are assigned. - -`dns_servers` -: Information about the DNS servers to be used for DNS resolution. - -`split_tunnel` -: Indicates whether split-tunnel is enabled in the Client VPN endpoint. - -`vpn_protocol` -: The protocol used by the VPN session. - -`transport_protocol` -: The transport protocol used by the Client VPN endpoint. - -`vpn_port` -: The port number for the Client VPN endpoint. - -`associated_target_networks` -: Information about the associated target networks. A target network is a subnet in a VPC. - -`associated_target_network_id` -: The ID of the subnet. - -`associated_target_network_type` -: The target network type. - -`server_certificate_arn` -: The ARN of the server certificate. - -`authentication_options` -: Information about the authentication method used by the Client VPN endpoint. - -`authentication_options_types` -: The authentication type used. - -`authentication_options_active_directory_ids` -: The ID of the Active Directory used for authentication. - -`authentication_options_mutual_authentication.client_root_certificate_chains` -: The ARN of the client certificate. - -`authentication_options_federated_authentication_saml_provider_arns` -: The Amazon Resource Name (ARN) of the IAM SAML identity provider. - -`authentication_options_federated_authentication_self_service_saml_provider_arns` -: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal. - -`connection_log_options_enabled` -: Indicates whether client connection logging is enabled for the Client VPN endpoint. - -`connection_log_options_cloudwatch_log_groups` -: The name of the Amazon CloudWatch Logs log group to which connection logging data is published. - -`connection_log_options_cloudwatch_log_streams` -: The name of the Amazon CloudWatch Logs log stream to which connection logging data is published. - -`tags` -: Describes a tag. - -`security_group_ids` -: The IDs of the security groups for the target network. - -`vpc_id` -: The ID of the VPC. - -`self_service_portal_url` -: The URL of the self-service portal. - -`client_connect_options_enabled` -: Indicates whether client connect options are enabled. - -`client_connect_options_lambda_function_arns` -: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. - -`client_connect_options_status_codes` -: The status code. - -`client_connect_options_status_messages` -: The status message. - -## Examples - -**Ensure a client VPN endpoint ID is available.** - -```ruby -describe aws_ec2_client_vpn_endpoint(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - its('client_vpn_endpoint_id') { should eq 'CLIENT_VPN_ENDPOINT_ID' } -end -``` - -**Ensure that the status code is `available`.** - -```ruby -describe aws_ec2_client_vpn_endpoint(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - its('status.code') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_endpoint(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_endpoint(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_endpoint(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnEndpointsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_endpoints.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_endpoints.md deleted file mode 100644 index e12aaa4933..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_endpoints.md +++ /dev/null @@ -1,263 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_endpoints Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_endpoints" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_endpoints Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_endpoints` InSpec audit resource to test properties of multiple AWS EC2 Client VPN endpoint. - -The `AWS::EC2::ClientVpnEndpoint` specifies a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 ClientVpnEndpoint.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN endpoint exists. - -```ruby -describe aws_ec2_client_vpn_endpoints do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`client_vpn_endpoint_ids` -: The ID of the Client VPN endpoint. - -: **Field**: `client_vpn_endpoint_id` - -`descriptions` -: A brief description of the endpoint. - -: **Field**: `description` - -`status_codes` -: The state of the Client VPN endpoint. - -: **Field**: `status.code` - -`status_messages` -: A message about the status of the Client VPN endpoint. - -: **Field**: `status.message` - -`creation_times` -: The date and time the Client VPN endpoint was created. - -: **Field**: `creation_time` - -`deletion_times` -: The date and time the Client VPN endpoint was deleted, if applicable. - -: **Field**: `deletion_time` - -`dns_names` -: The DNS name to be used by clients when connecting to the Client VPN endpoint. - -: **Field**: `dns_name` - -`client_cidr_blocks` -: The IPv4 address range, in CIDR notation, from which client IP addresses are assigned. - -: **Field**: `client_cidr_block` - -`dns_servers` -: Information about the DNS servers to be used for DNS resolution. - -: **Field**: `dns_servers` - -`split_tunnels` -: Indicates whether split-tunnel is enabled in the Client VPN endpoint. - -: **Field**: `split_tunnel` - -`vpn_protocols` -: The protocol used by the VPN session. - -: **Field**: `vpn_protocol` - -`transport_protocols` -: The transport protocol used by the Client VPN endpoint. - -: **Field**: `transport_protocol` - -`vpn_ports` -: The port number for the Client VPN endpoint. - -: **Field**: `vpn_port` - -`associated_target_networks` -: Information about the associated target networks. A target network is a subnet in a VPC. - -: **Field**: `associated_target_networks` - -`associated_target_network_id` -: The ID of the subnet. - -: **Field**: `network_id` - -`associated_target_network_type` -: The target network type. - -: **Field**: `network_type` - -`server_certificate_arns` -: The ARN of the server certificate. - -: **Field**: `server_certificate_arn` - -`authentication_options` -: Information about the authentication method used by the Client VPN endpoint. - -: **Field**: `authentication_options` - -`authentication_options_types` -: The authentication type used. - -: **Field**: `type` - -`authentication_options_active_directory_ids` -: The ID of the Active Directory used for authentication. - -: **Field**: `directory_id` - -`authentication_options_mutual_authentication.client_root_certificate_chains` -: The ARN of the client certificate. - -: **Field**: `client_root_certificate_chain` - -`authentication_options_federated_authentication_saml_provider_arns` -: The Amazon Resource Name (ARN) of the IAM SAML identity provider. - -: **Field**: `saml_provider_arn` - -`authentication_options_federated_authentication_self_service_saml_provider_arns` -: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal. - -: **Field**: `self_service_saml_provider_arn` - -`connection_log_options_enabled` -: Indicates whether client connection logging is enabled for the Client VPN endpoint. - -: **Field**: `enabled` - -`connection_log_options_cloudwatch_log_groups` -: The name of the Amazon CloudWatch Logs log group to which connection logging data is published. - -: **Field**: `cloudwatch_log_group` - -`connection_log_options_cloudwatch_log_streams` -: The name of the Amazon CloudWatch Logs log stream to which connection logging data is published. - -: **Field**: `cloudwatch_log_stream` - -`tags` -: Describes a tag. - -: **Field**: `tags` - -`security_group_ids` -: The IDs of the security groups for the target network. - -: **Field**: `security_group_ids` - -`vpc_id` -: The ID of the VPC. - -: **Field**: `vpc_id` - -`self_service_portal_url` -: The URL of the self-service portal. - -: **Field**: `self_service_portal_url` - -`client_connect_options_enabled` -: Indicates whether client connect options are enabled. - -: **Field**: `enabled` - -`client_connect_options_lambda_function_arns` -: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. - -: **Field**: `lambda_function_arn` - -`client_connect_options_status_codes` -: The status code. - -: **Field**: `status.code` - -`client_connect_options_status_messages` -: The status message. - -: **Field**: `status.message` - -## Examples - -**Ensure a client VPN endpoint ID is available.** - -```ruby -describe aws_ec2_client_vpn_endpoints do - its('client_vpn_endpoint_ids') { should include 'CLIENT_VPN_ENDPOINT_ID' } -end -``` - -**Ensure that the status code is `available`.** - -```ruby -describe aws_ec2_client_vpn_endpoints do - its('status_codes') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_endpoints do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_endpoints do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_endpoints do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnEndpointsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_route.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_route.md deleted file mode 100644 index 173148c412..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_route.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_route Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_route" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_route Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_route` InSpec audit resource to test properties of a single specific AWS EC2 Client VPN route. - -The `AWS::EC2::ClientVpnRoute` specifies a network route to add to a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 ClientVpnRoute.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnroute.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN endpoint exists. - -```ruby -describe aws_ec2_client_vpn_route(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", target_subnet: "TARGET_SUBNET") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint with which the route is associated. - -`target_subnet` _(required)_ - -: The ID of the subnet through which traffic is routed. - -## Properties - -`client_vpn_endpoint_id` -: The ID of the Client VPN endpoint with which the route is associated. - -: **Field**: `carrier_gateway_id` - -`destination_cidr` -: The IPv4 address range, in CIDR notation, of the route destination. - -: **Field**: `carrier_gateway_id` - -`target_subnet` -: The ID of the subnet through which traffic is routed. - -: **Field**: `carrier_gateway_id` - -`type` -: The route type. - -: **Field**: `carrier_gateway_id` - -`origin` -: Indicates how the route was associated with the Client VPN endpoint. associate indicates that the route was automatically added when the target network was associated with the Client VPN endpoint. - -: **Field**: `carrier_gateway_id` - -`status.code` -: The state of the Client VPN endpoint route. - -: **Field**: `carrier_gateway_id` - -`status.message` -: A message about the status of the Client VPN endpoint route, if applicable. - -: **Field**: `carrier_gateway_id` - -`description` -: A brief description of the route. - -: **Field**: `carrier_gateway_id` - -## Examples - -**Ensure a client VPN endpoint ID is available.** - -```ruby -describe aws_ec2_client_vpn_route(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", target_subnet: "TARGET_SUBNET") do - its('client_vpn_endpoint_id') { should eq 'CLIENT_VPN_ENDPOINT_ID' } -end -``` - -**Ensure that the status code is `active`.** - -```ruby -describe aws_ec2_client_vpn_route(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", target_subnet: "TARGET_SUBNET") do - its('status.code') { should eq 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_route(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", target_subnet: "TARGET_SUBNET") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_route(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", target_subnet: "TARGET_SUBNET") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_route(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", target_subnet: "TARGET_SUBNET") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnRoutesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_routes.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_routes.md deleted file mode 100644 index 48abe7dd6f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_routes.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_routes Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_routes" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_routes Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_routes` InSpec audit resource to test properties of a single specific AWS EC2 Client VPN route. - -The `AWS::EC2::ClientVpnRoute` specifies a network route to add to a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 ClientVpnRoute.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnroute.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN endpoint exists. - -```ruby -describe aws_ec2_client_vpn_routes(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint with which the route is associated. - -## Properties - -`client_vpn_endpoint_ids` -: The ID of the Client VPN endpoint with which the route is associated. - -: **Field**: `client_vpn_endpoint_id` - -`destination_cidrs` -: The IPv4 address range, in CIDR notation, of the route destination. - -: **Field**: `destination_cidr` - -`target_subnets` -: The ID of the subnet through which traffic is routed. - -: **Field**: `target_subnet` - -`types` -: The route type. - -: **Field**: `type` - -`origins` -: Indicates how the route was associated with the Client VPN endpoint. associate indicates that the route was automatically added when the target network was associated with the Client VPN endpoint. - -: **Field**: `origin` - -`status_codes` -: The state of the Client VPN endpoint route. - -: **Field**: `status.code` - -`status_messages` -: A message about the status of the Client VPN endpoint route, if applicable. - -: **Field**: `status.message` - -`descriptions` -: A brief description of the route. - -: **Field**: `carrier_gateway_id` - -## Examples - -**Ensure a client VPN endpoint ID is available.** - -```ruby -describe aws_ec2_client_vpn_routes(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - its('client_vpn_endpoint_ids') { should include 'CLIENT_VPN_ENDPOINT_ID' } -end -``` - -**Ensure that the status code is `active`.** - -```ruby -describe aws_ec2_client_vpn_routes(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - its('status_codes') { should include 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_routes(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_routes(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_routes(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnRoutesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_target_network_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_target_network_association.md deleted file mode 100644 index df2f2f3515..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_target_network_association.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_target_network_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_target_network_association" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_target_network_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_target_network_association` InSpec audit resource to test properties of a single AWS EC2 Client VPN target network association. - -The `AWS::EC2::ClientVpnTargetNetworkAssociation` checks if a target network to associated with a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Client VPN target network association.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpntargetnetworkassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client VPN target network association exists. - -```ruby -describe aws_ec2_client_vpn_target_network_association(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", association_id: "ASSOCIATION_ID") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint. - -`association_id` _(required)_ - -: The ID of the association. - -## Properties - -`association_id` -: The ID of the association. - -`vpc_id` -: The ID of the VPC in which the target network (subnet) is located. - -`target_network_id` -: The ID of the subnet specified as the target network. - -`client_vpn_endpoint_id` -: The ID of the Client VPN endpoint with which the target network is associated. - -`status.code` -: The state of the target network association. - -`status.message` -: A message about the status of the target network association, if applicable. - -`security_groups` -: The IDs of the security groups applied to the target network association. - -## Examples - -**Ensure an association exists.** - -```ruby -describe aws_ec2_client_vpn_target_network_association(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", association_id: "ASSOCIATION_ID") do - its('association_id') { should eq 'ASSOCIATION_ID' } -end -``` - -**Ensure that the status code is `active`.** - -```ruby -describe aws_ec2_client_vpn_target_network_association(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", association_id: "ASSOCIATION_ID") do - its('status.code') { should eq 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_target_network_association(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", association_id: "ASSOCIATION_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_target_network_association(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", association_id: "ASSOCIATION_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_target_network_association(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID", association_id: "ASSOCIATION_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnTargetNetworksResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_target_network_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_target_network_associations.md deleted file mode 100644 index fb6822a6bf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_client_vpn_target_network_associations.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_ec2_client_vpn_target_network_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_client_vpn_target_network_associations" -identifier = "inspec/resources/aws/aws_ec2_client_vpn_target_network_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_client_vpn_target_network_associations` InSpec audit resource to test properties of multiple AWS EC2 Client VPN target network associations. - -The `AWS::EC2::ClientVpnTargetNetworkAssociation` specifies a target network to associate with a Client VPN endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 ClientVpnTargetNetworkAssociation.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpntargetnetworkassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the client vpn target network association exists. - -```ruby -describe aws_ec2_client_vpn_target_network_associations(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -## Parameters - -`client_vpn_endpoint_id` _(required)_ - -: The ID of the Client VPN endpoint. - -## Properties - -`association_ids` -: The ID of the association. - -: **Field**: `association_id` - -`vpc_ids` -: The ID of the VPC in which the target network (subnet) is located. - -: **Field**: `vpc_id` - -`target_network_ids` -: The ID of the subnet specified as the target network. - -: **Field**: `target_network_id` - -`client_vpn_endpoint_ids` -: The ID of the Client VPN endpoint with which the target network is associated. - -: **Field**: `client_vpn_endpoint_id` - -`status_codes` -: The state of the target network association. - -: **Field**: `status.code` - -`status_messages` -: A message about the status of the target network association, if applicable. - -: **Field**: `status.message` - -`security_groups` -: The IDs of the security groups applied to the target network association. - -: **Field**: `security_groups` - -## Examples - -**Ensure an association exists.** - -```ruby -describe aws_ec2_client_vpn_target_network_associations(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - its('association_ids') { should include 'ASSOCIATION_ID' } -end -``` - -**Ensure that the status code is `active`.** - -```ruby -describe aws_ec2_client_vpn_target_network_associations(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - its('status_code') { should include 'active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_client_vpn_target_network_associations(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_client_vpn_target_network_associations(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_client_vpn_target_network_associations(client_vpn_endpoint_id: "CLIENT_VPN_ENDPOINT_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeClientVpnTargetNetworksResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_customer_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_customer_gateway.md deleted file mode 100644 index 712473cba2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_customer_gateway.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "aws_ec2_customer_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_customer_gateway" -identifier = "inspec/resources/aws/aws_ec2_customer_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_customer_gateway` InSpec audit resource to test properties of a single AWS EC2 customer gateway. - -The `AWS::EC2::CustomerGateway` resource type specifies a customer gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 customer gateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-customer-gateway.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the customer gateway Id exists. - -```ruby -describe aws_ec2_customer_gateway(customer_gateway_id: "CUSTOMER_GATEWAY_ID") do - it { should exist } -end -``` - -## Parameters - -`customer_gateway_id` _(required)_ - -: The ID of the customer gateway. - -## Properties - -`bgp_asn` -: The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). - -`customer_gateway_id` -: The ID of the customer gateway. - -`ip_address` -: The internet-routable IP address of the customer gateway's outside interface. - -`certificate_arn` -: The Amazon Resource Name (ARN) for the customer gateway certificate. - -`state` -: The current state of the customer gateway. - -`type` -: The type of VPN connection the customer gateway supports (ipsec.1). - -`device_name` -: The name of customer gateway device. - -`tags` -: Any tags assigned to the customer gateway. - -## Examples - -**Ensure a customer gateway ID is available.** - -```ruby -describe aws_ec2_customer_gateway(customer_gateway_id: "CUSTOMER_GATEWAY_ID") do - its('customer_gateway_id') { should eq 'CUSTOMER_GATEWAY_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_customer_gateway(customer_gateway_id: "CUSTOMER_GATEWAY_ID") do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_customer_gateway(customer_gateway_id: "CUSTOMER_GATEWAY_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_customer_gateway(customer_gateway_id: "CUSTOMER_GATEWAY_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_customer_gateway(customer_gateway_id: "CUSTOMER_GATEWAY_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeCustomerGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_customer_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_customer_gateways.md deleted file mode 100644 index 19ba77b842..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_customer_gateways.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_ec2_customer_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_customer_gateways" -identifier = "inspec/resources/aws/aws_ec2_customer_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_customer_gateways` InSpec audit resource to test properties of the plural resource of AWS EC2 customer gateway. - -The `AWS::EC2::CustomerGateway` resource type specifies a customer gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 customer gateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-customer-gateway.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the customer gateway exists. - -```ruby -describe aws_ec2_customer_gateways do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`bgp_asns` -: The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). - -: **Field**: `bgp_asn` - -`customer_gateway_ids` -: The ID of the customer gateway. - -: **Field**: `customer_gateway_id` - -`ip_addresses` -: The Internet-routable IP address of the customer gateway's outside interface. - -: **Field**: `ip_address` - -`certificate_arns` -: The Amazon Resource Name (ARN) for the customer gateway certificate. - -: **Field**: `certificate_arn` - -`states` -: The current state of the customer gateway. - -: **Field**: `state` - -`types` -: The type of VPN connection the customer gateway supports (ipsec.1). - -: **Field**: `type` - -`device_names` -: The name of customer gateway device. - -: **Field**: `device_name` - -`tags` -: Any tags assigned to the customer gateway. - -: **Field**: `tags` - -## Examples - -**Ensure a customer gateway ID is available.** - -```ruby -describe aws_ec2_customer_gateways do - its('customer_gateway_ids') { should include 'CUSTOMER_GATEWAY_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_customer_gateways do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_customer_gateways do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_customer_gateways do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_customer_gateways do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeCustomerGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_dhcp_option.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_dhcp_option.md deleted file mode 100644 index f65861b632..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_dhcp_option.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_ec2_dhcp_option Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_dhcp_option" -identifier = "inspec/resources/aws/aws_ec2_dhcp_option Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_dhcp_option` InSpec audit resource to test the properties of a single AWS DHCP options set. - -For additional information, including details on parameters and properties, see the [AWS documentation on EC2](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_ec2_dhcp_option` exists. - -```ruby -describe aws_ec2_dhcp_option('dopt-0123456789abcdefg') do - it { should exist } -end -``` - -```ruby -describe aws_ec2_dhcp_option(dhcp_options_id: 'dopt-0123456789abcdefg') do - it { should exist } -end -``` - -```ruby -describe aws_ec2_dhcp_option(name: 'dopt-vpc-1') do - it { should exist } -end -``` - -## Parameters - -This resource requires either the `dhcp_options_id` or `name` parameter. - -`dhcp_options_id` - -: The DHCP options ID uniquely identifies the DHCP options set. - This can be passed either as a string or as a `dhcp_options_id: 'value'` key-value entry in a hash. - -`name` - -: The DHCP options name uniquely identifies the DHCP options set. - This can be passed as a `name: 'value'` key-value entry in a hash. - -## Properties - -`domain_name` -: The configured AWS DNS name. - -`domain_name_servers` -: The list of domain name servers in the DHCP configuration. - -`ntp_servers` -: The list of ntp servers in the DHCP configuration. - -`netbios_name_servers` -: The list of NetBIOS name servers in the DHCP configuration. - -`netbios_node_type` -: The type of NetBIOS node in the DHCP configuration. - -`tags` -: The tags of the DHCP options. - -## Examples - -**Test tags on the DHCP options.** - -```ruby -describe aws_ec2_dhcp_option('dopt-0123456789abcdefg') do - its('tags') { should include(:Environment => 'env-name', - :Name => 'dhcp-options-name')} -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeDhcpOptionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_dhcp_options.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_dhcp_options.md deleted file mode 100644 index c15b7b231a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_dhcp_options.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "aws_ec2_dhcp_options Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_dhcp_options" -identifier = "inspec/resources/aws/aws_ec2_dhcp_options Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_dhcp_options` InSpec audit resource to test properties of multiple AWS DHCP options sets. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `aws_ec2_dhcp_options` exists. - -```ruby -describe aws_ec2_dhcp_options do - it { should exist } -end -``` - -```ruby -describe aws_ec2_dhcp_options.where(dhcp_options_id: 'dopt-0123456789abcdefg') do - it { should exist } -end -``` - - -## Properties - -`domain_names` -: The list of DHCP configurations domain names. - -`domain_name_servers` -: The list of domain name servers in the DHCP configuration. - -`ntp_servers` -: The list of ntp servers in the DHCP configuration. - -`netbios_name_servers` -: The list of NetBIOS name servers in the DHCP configuration. - -`netbios_node_types` -: The list of NetBIOS node types in the DHCP configuration. - -`tags` -: The tags of the DHCP options. - -## Examples - -This resource does not have any examples. - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeDhcpOptionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_egress_only_internet_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_egress_only_internet_gateway.md deleted file mode 100644 index af9e600ed8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_egress_only_internet_gateway.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "aws_ec2_egress_only_internet_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_egress_only_internet_gateway" -identifier = "inspec/resources/aws/aws_ec2_egress_only_internet_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_egress_only_internet_gateway` InSpec audit resource to test properties of a single specific AWS EC2 egress-only internet gateway. - -The `AWS::EC2::EgressOnlyInternetGateway` specifies an egress-only internet gateway for your VPC. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the egress-only internet gateway Id exists. - -```ruby -describe aws_ec2_egress_only_internet_gateway(egress_only_internet_gateway_id: 'EGRESS_ONLY_INTERNET_GATEWAY_ID') do - it { should exist } -end -``` - -## Parameters - -`egress_only_internet_gateway_id` _(required)_ - -: The ID of the egress-only internet gateway. - -: For additional information, see the [AWS documentation on AWS EC2 egress-only internet gateway.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-egressonlyinternetgateway.html). - -## Properties - -`attachments` -: Information about the attachment of the egress-only internet gateway. - -`attachments_states` -: The current state of the attachment. - -`attachments_vpc_ids` -: The ID of the VPC. - -`egress_only_internet_gateway_id` -: The ID of the egress-only internet gateway. - -`tags` -: The tags assigned to the egress-only internet gateway. - -## Examples - -**Ensure an egress-only internet gateway ID is available.** - -```ruby -describe aws_ec2_egress_only_internet_gateway(egress_only_internet_gateway_id: 'EGRESS_ONLY_INTERNET_GATEWAY_ID') do - its('egress_only_internet_gateway_id') { should eq 'EGRESS_ONLY_INTERNET_GATEWAY_ID' } -end -``` - -**Ensure that the attachments states is `attached`.** - -```ruby -describe aws_ec2_egress_only_internet_gateway(egress_only_internet_gateway_id: 'EGRESS_ONLY_INTERNET_GATEWAY_ID') do - its('attachments_states') { should eq 'attached' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_egress_only_internet_gateway(egress_only_internet_gateway_id: 'EGRESS_ONLY_INTERNET_GATEWAY_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_egress_only_internet_gateway(egress_only_internet_gateway_id: 'EGRESS_ONLY_INTERNET_GATEWAY_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_egress_only_internet_gateway(egress_only_internet_gateway_id: 'EGRESS_ONLY_INTERNET_GATEWAY_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeEgressOnlyInternetGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_egress_only_internet_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_egress_only_internet_gateways.md deleted file mode 100644 index d17bae1f1b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_egress_only_internet_gateways.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_ec2_egress_only_internet_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_egress_only_internet_gateways" -identifier = "inspec/resources/aws/aws_ec2_egress_only_internet_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_egress_only_internet_gateways` InSpec audit resource to test properties of multiple AWS EC2 egress-only internet gateways. - -The `AWS::EC2::EgressOnlyInternetGateway` specifies an egress-only internet gateway for your VPC. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the egress-only internet gateway Id exists. - -```ruby -describe aws_ec2_egress_only_internet_gateways do - it { should exist } -end -``` - -## Parameters - -For additional information, see the [AWS documentation on AWS EC2 egress-only internet gateway.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-egressonlyinternetgateway.html). - -## Properties - -`attachments` -: Information about the attachment of the egress-only internet gateway. - -: **Field**: `attachments` - -`attachments_states` -: The current state of the attachment. - -: **Field**: `state` - -`attachments_vpc_ids` -: The ID of the VPC. - -: **Field**: `vpc_id` - -`egress_only_internet_gateway_id` -: The ID of the egress-only internet gateway. - -: **Field**: `egress_only_internet_gateway_id` - -`tags` -: The tags assigned to the egress-only internet gateway. - -: **Field**: `tags` - -## Examples - -**Ensure an egress-only internet gateway ID is available.** - -```ruby -describe aws_ec2_egress_only_internet_gateways do - its('egress_only_internet_gateway_ids') { should include 'EgressOnlyInternetGatewayId' } -end -``` - -**Ensure that the attachments states is `attached`.** - -```ruby -describe aws_ec2_egress_only_internet_gateways do - its('attachments_states') { should include 'attached' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_egress_only_internet_gateways do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_ec2_egress_only_internet_gateways do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_egress_only_internet_gateways do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeEgressOnlyInternetGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip.md deleted file mode 100644 index 2ceec434e0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_ec2_eip Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_eip" -identifier = "inspec/resources/aws/aws_ec2_eip Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_eip` InSpec audit resource to test properties of a single specific Elastic IP (EIP). - -An Elastic IP (EIP) is uniquely identified by the public IPv4 address, for example `192.0.2.0`. - -For additional information, including details on parameters and properties, see the [AWS documentation on Elastic IP (EIP)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a Public IP exists. - -```ruby -describe aws_ec2_eip(public_ip: '192.0.2.0') do - it { should exist } -end -``` - -## Parameters - -`public_ip` _(required)_ - -## Properties - -`public_ip` -: The Elastic IP address, or the carrier IP address. - -`instance_id` -: The ID of the instance the address is associated with, if any. - -`allocation_id` -: The allocation ID for the address. - -`association_id` -: The association ID for the address. - -`domain` -: Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc). - -`network_interface_id` -: The ID of the network interface that the address is associated with, if any. - -`network_interface_owner_id` -: The AWS account ID of the owner. - -`private_ip_address` -: The private IP address associated with the Elastic IP address. - -`public_ipv_4_pool` -: The Elastic IPV4 pool address. - -`network_border_group` -: A unique set of Availability Zones, Local Zones, or Wavelength Zones from where AWS advertises IP addresses. - -## Examples - -**Ensure a Public IP is available.** - -```ruby -describe aws_ec2_eip(public_ip: '192.0.2.0') do - its('public_ip') { should eq '192.0.2.0' } -end -``` - -**Ensure that the domain is `vpc` or `standard`.** - -```ruby -describe aws_ec2_eip(public_ip: '192.0.2.0') do - its('domain') { should eq 'vpc' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_eip(public_ip: '192.0.2.0') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_vpc_endpoint(public_ip: '192.0.2.0') do - it { should_not exist } -end -``` - -### be_available - -Check if the IP address is available. - -```ruby -describe aws_ec2_eip(public_ip: '192.0.2.0') do - it { should be_available } -end -``` - -Use `should_not` to test an IP address that should not exist. - -```ruby -describe aws_ec2_eip(public_ip: '192.0.2.0') do - it { should_not be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeAddressesResult" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip_association.md deleted file mode 100644 index c9ff7dc49c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip_association.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "aws_ec2_eip_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_eip_association" -identifier = "inspec/resources/aws/aws_ec2_eip_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_eip_association` InSpec audit resource to test properties of the singular resource of AWS Elastic IP association. - -An Elastic IP (EIP) is uniquely identified by the public IPv4 address, for example `association_id`. - -`association_id` _(required)_ - -The association ID for the address. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Elastic IP association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip-association.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -### Verify that the association exists. - -```ruby -describe aws_ec2_eip_association(association_id: 'ASSOCIATION_ID') do - it { should exist } -end -``` - -## Parameters - -`association_id` _(required)_ - -: The association ID for the address. - -## Properties - -`association_id` -: The association ID for the address. - -## Examples - -**Check association ID whether it is correct or not.** - -```ruby -describe aws_ec2_eip_association(association_id: 'ASSOCIATION_ID') do - its('ASSOCIATION_ID') { should eq "ASSOCIATION_ID" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_eip_association(association_id: 'ASSOCIATION_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_eip_association(association_id: 'ASSOCIATION_ID') do - it { should_not exist } -end -``` - -### be_available - -Check if the entity is available. - -```ruby -describe aws_ec2_eip_association(association_id: 'ASSOCIATION_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeAddressesResult" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip_associations.md deleted file mode 100644 index c52c65ce03..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eip_associations.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "aws_ec2_eip_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_eip_associations" -identifier = "inspec/resources/aws/aws_ec2_eip_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_eip_associations` InSpec audit resource to test properties of some or all AWS Elastic IP association. - -This resource does not expect any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Elastic IP association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip-association.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Verify that the association exists. - -```ruby -describe aws_ec2_eip_associations do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`association_ids` -: The association ID for the address. - -: **Field**: `association_id` - -## Examples - -**Check association ID is available.** - -```ruby -describe aws_ec2_eip_associations do - its('association_ids') { should include "ASSOCIATION_ID" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_eip_associations do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_eip_associations do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeAddressesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eips.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eips.md deleted file mode 100644 index 79d5809ec5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_eips.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "aws_ec2_eips Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_eips" -identifier = "inspec/resources/aws/aws_ec2_eips Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_eips` InSpec audit resource to test properties of some or all AWS Elastic IP addresses. - -This resource does not expect any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on Elastic IP (EIP)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Verify that a public IP address exists. - -```ruby -describe aws_ec2_eips do - it { should exist } -end -``` - -An `aws_eips` resource block uses an optional filter to select a group of Elastic IPs and then test that group. - -## Parameters - -This resource does not require any parameters. - -## Properties - -`public_ip` -: The Elastic IP address, or the carrier IP address. - -`instance_id` -: The ID of the instance the address is associated with, if any. - -`allocation_id` -: The allocation ID for the address. - -`association_id` -: The association ID for the address. - -`domain` -: Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc). - -`network_interface_id` -: The ID of the network interface that the address is associated with, if any. - -`network_interface_owner_id` -: The AWS account ID of the owner. - -`private_ip_address` -: The private IP address associated with the Elastic IP address. - -`public_ipv_4_pool` -: The Elastic IPV4 pool address. - -`network_border_group` -: A unique set of Availability Zones, Local Zones, or Wavelength Zones from where AWS advertises IP addresses. - -## Examples - -**Ensure a Elastic IP(EIP) has Public IP.** - -```ruby -describe aws_ec2_eips do - it { should exist } -end -``` - -**Match count of Elastic IP(EIP).** - -```ruby -describe aws_ec2_eips do - its('count') { should eq 5 } -end -``` - -**Check Allocation ID whether it is correct or not.** - -```ruby -describe aws_ec2_eips do - its('allocation_ids') { should include "eipassoc-0ew2bc8cde18191da" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ec2_eips do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeAddressesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_fleet.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_fleet.md deleted file mode 100644 index 51bb88ad28..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_fleet.md +++ /dev/null @@ -1,203 +0,0 @@ -+++ -title = "aws_ec2_fleet Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_fleet" -identifier = "inspec/resources/aws/aws_ec2_fleet Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_fleet` InSpec audit resource to test properties of a single AWS EC2 fleet. - -The `AWS::EC2::SpotFleet` resource specifies the configuration information to launch a fleet--or group--of instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Fleet.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ec2fleet.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the fleet ID exists. - -```ruby -describe aws_ec2_fleet(fleet_id: "FLEET_ID") do - it { should exist } -end -``` - -## Parameters - -`fleet_id` _(required)_ - -: The ID of the EC2 Fleet. - -## Properties - -`activity_status` -: The progress of the EC2 Fleet. - -`create_time` -: The creation date and time of the EC2 Fleet. - -`fleet_id` -: The ID of the EC2 Fleet. - -`fleet_state` -: The state of the EC2 Fleet. - -`client_token` -: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. - -`excess_capacity_termination_policy` -: Indicates whether running instances should be terminated if the target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. - -`fulfilled_capacity` -: The number of units fulfilled by this request compared to the set target capacity. - -`fulfilled_on_demand_capacity` -: The number of units fulfilled by this request compared to the set target On-Demand capacity. - -`launch_template_configs` -: The launch template and overrides. - -`target_capacity_specification.total_target_capacity` -: The number of units to request. - -`target_capacity_specification.on_demand_target_capacity` -: The number of On-Demand units to request. - -`target_capacity_specification.spot_target_capacity` -: The maximum number of Spot units to launch. - -`target_capacity_specification.default_target_capacity_type` -: The default TotalTargetCapacity , which is either Spot or On-Demand. - -`terminate_instances_with_expiration` -: Indicates whether running instances should be terminated when the EC2 Fleet expires. - -`type` -: The type of request. - -`valid_from` -: The start date and time of the request. - -`valid_until` -: The end date and time of the request. - -`replace_unhealthy_instances` -: Indicates whether EC2 Fleet should replace unhealthy Spot Instances. - -`spot_options.allocation_strategy` -: Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet. - -`spot_options.maintenance_strategies.capacity_rebalance.replacement_strategy` -: To allow EC2 Fleet to launch a replacement Spot Instance when an instance rebalance notification is emitted for an existing Spot Instance in the fleet, specify launch. - -`spot_options.instance_interruption_behavior` -: The behavior when a Spot Instance is interrupted. - -`spot_options.instance_pools_to_use_count` -: The number of Spot pools across which to allocate your target Spot capacity. - -`spot_options.single_instance_type` -: Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet. - -`spot_options.single_availability_zone` -: Indicates that the fleet launches all Spot Instances into a single Availability Zone. - -`spot_options.min_target_capacity` -: The minimum target capacity for Spot Instances in the fleet. - -`spot_options.max_total_price` -: The maximum target capacity for Spot Instances in the fleet. - -`on_demand_options.allocation_strategy` -: The order of the launch template overrides to use in fulfilling On-Demand capacity. - -`on_demand_options.capacity_reservation_options.usage_strategy` -: If you specify use-capacity-reservations-first , the fleet uses unused Capacity Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. - -`on_demand_options.single_instance_type` -: Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet. - -`on_demand_options.single_availability_zone` -: Indicates that the fleet launches all On-Demand Instances into a single Availability Zone. - -`on_demand_options.min_target_capacity` -: The minimum target capacity for On-Demand Instances in the fleet. - -`on_demand_options.max_total_price` -: The maximum amount per hour for On-Demand Instances that you're willing to pay. - -`tags` -: The tags for an EC2 Fleet resource. - -`errors` -: Information about the instances that could not be launched by the fleet. - -`instances` -: Information about the instances that were launched by the fleet. - -`context` -: The context. - -## Examples - -**Ensure a fleet ID is available.** - -```ruby -describe aws_ec2_fleet(fleet_id: "FLEET_ID") do - its('fleet_id') { should eq 'FLEET_ID' } -end -``` - -**Ensure that the type is `instant`.** - -```ruby -describe aws_ec2_fleet(fleet_id: "FLEET_ID") do - its('type') { should eq 'instant' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_fleet(fleet_id: "FLEET_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_fleet(fleet_id: "FLEET_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_fleet(fleet_id: "FLEET_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeFleetsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_fleets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_fleets.md deleted file mode 100644 index f024a04815..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_fleets.md +++ /dev/null @@ -1,193 +0,0 @@ -+++ -title = "aws_ec2_fleets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_fleets" -identifier = "inspec/resources/aws/aws_ec2_fleets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_fleets` InSpec audit resource to test properties multiple AWS EC2 fleets. - -The `AWS::EC2::SpotFleet` resource specifies the configuration information to launch a fleet--or group--of instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Fleet.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ec2fleet.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the fleet id exists. - -```ruby -describe aws_ec2_fleets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`activity_statuses` -: The progress of the EC2 Fleet. - -: **Field**: `activity_status` - -`create_times` -: The creation date and time of the EC2 Fleet. - -: **Field**: `create_time` - -`fleet_ids` -: The ID of the EC2 Fleet. - -: **Field**: `fleet_id` - -`fleet_states` -: The state of the EC2 Fleet. - -: **Field**: `fleet_state` - -`client_tokens` -: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. - -: **Field**: `client_token` - -`excess_capacity_termination_policies` -: Indicates whether running instances should be terminated if the target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. - -: **Field**: `excess_capacity_termination_policy` - -`fulfilled_capacities` -: The number of units fulfilled by this request compared to the set target capacity. - -: **Field**: `fulfilled_capacity` - -`fulfilled_on_demand_capacities` -: The number of units fulfilled by this request compared to the set target On-Demand capacity. - -: **Field**: `fulfilled_on_demand_capacity` - -`launch_template_configs` -: The launch template and overrides. - -: **Field**: `launch_template_configs` - -`target_capacity_specifications` -: The number of units to request. - -: **Field**: `target_capacity_specifications` - -`types` -: The type of request. - -: **Field**: `type` - -`valid_from` -: The start date and time of the request. - -: **Field**: `valid_from` - -`valid_until` -: The end date and time of the request. - -: **Field**: `valid_until` - -`replace_unhealthy_instances` -: Indicates whether EC2 Fleet should replace unhealthy Spot Instances. - -: **Field**: `replace_unhealthy_instances` - -`spot_options` -: The configuration of Spot Instances in an EC2 Fleet. - -: **Field**: `spot_options` - -`on_demand_options` -: The allocation strategy of On-Demand Instances in an EC2 Fleet. - -: **Field**: `on_demand_options` - -`tags` -: The tags for an EC2 Fleet resource. - -: **Field**: `tags` - -`errors` -: Information about the instances that could not be launched by the fleet. - -: **Field**: `errors` - -`instances` -: Information about the instances that were launched by the fleet. - -: **Field**: `instances` - -`context` -: Reserved. - -: **Field**: `context` - -## Examples - -**Ensure a fleet id is available.** - -```ruby -describe aws_ec2_fleets do - its('fleet_ids') { should include 'FLEET_ID' } -end -``` - -**Ensure that the type is `instant`.** - -```ruby -describe aws_ec2_fleets do - its('types') { should include 'instant' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_fleets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_fleets do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_fleets do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeFleetsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_host.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_host.md deleted file mode 100644 index b804745df8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_host.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "aws_ec2_host Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_host" -identifier = "inspec/resources/aws/aws_ec2_host Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_host` InSpec audit resource to test properties of a single AWS EC2 host resource. - -The `AWS::EC2::host` allocates a fully dedicated physical server for launching EC2 instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 host.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-host.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the host exists. - -```ruby -describe aws_ec2_host(host_id: 'DEDICATED_HOST_ID') do - it { should exist } -end -``` - -## Parameters - -`host_id` _(required)_ - -: The ID of the dedicated host. - -## Properties - -`auto_placement` -: Whether auto-placement is on or off. - -`availability_zone` -: The Availability Zone of the Dedicated host. - -`available_capacity.available_instance_capacity` -: The number of instances that can be launched onto the Dedicated host based on the host's available capacity. - -`available_capacity.available_v_cpus` -: The number of vCPUs available for launching instances onto the Dedicated host. - -`client_token` -: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. - -`host_id` -: The ID of the Dedicated host. - -`host_properties.cores` -: The number of cores on the Dedicated host. - -`host_properties.instance_type` -: The instance type supported by the Dedicated host. - -`host_properties.instance_family` -: The instance family supported by the Dedicated host. - -`host_properties.sockets` -: The number of sockets on the Dedicated host. - -`host_properties.total_v_cpus` -: The total number of vCPUs on the Dedicated host. - -`host_reservation_id` -: The reservation ID of the Dedicated host. - -`instances` -: The IDs and instance type that are currently running on the Dedicated host. - -`state` -: The Dedicated host's state. - -`allocation_time` -: The time that the Dedicated host was allocated. - -`release_time` -: The time that the Dedicated host was released. - -`tags` -: Any tags assigned to the Dedicated host. - -`host_recovery` -: Indicates whether host recovery is enabled or disabled for the Dedicated host. - -`allows_multiple_instance_types` -: Indicates whether the Dedicated host supports multiple instance types of the same instance family. - -`owner_id` -: The ID of the Amazon Web Services account that owns the Dedicated host. - -`availability_zone_id` -: The ID of the Availability Zone in which the Dedicated host is allocated. - -`member_of_service_linked_resource_group` -: Indicates whether the Dedicated host is in a host resource group. - -## Examples - -**Ensure a host is available.** - -```ruby -describe aws_ec2_host(host_id: 'DEDICATED_HOST_ID') do - its('host_id') { should eq 'DEDICATED_HOST_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_host(host_id: 'DEDICATED_HOST_ID') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_host(host_id: 'DEDICATED_HOST_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_host(host_id: 'DEDICATED_HOST_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_host(host_id: 'DEDICATED_HOST_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeHostsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_hosts.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_hosts.md deleted file mode 100644 index fc87b6c58c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_hosts.md +++ /dev/null @@ -1,178 +0,0 @@ -+++ -title = "aws_ec2_hosts Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_hosts" -identifier = "inspec/resources/aws/aws_ec2_hosts Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_hosts` InSpec audit resource to test properties of multiple AWS EC2 host resources. - -The `AWS::EC2::host` allocates a fully dedicated physical server for launching EC2 instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 host.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-host.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the host exists. - -```ruby -describe aws_ec2_hosts do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`auto_placements` -: Whether auto-placement is on or off. - -: **Field**: `auto_placement` - -`availability_zones` -: The Availability Zone of the Dedicated host. - -: **Field**: `availability_zone` - -`available_capacities` -: The number of instances that can be launched onto the Dedicated host depending on the host's available capacity. - -: **Field**: `available_instance_capacity` - -`client_tokens` -: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. - -: **Field**: `client_token` - -`host_ids` -: The ID of the Dedicated host. - -: **Field**: `host_id` - -`host_properties` -: The hardware specifications of the Dedicated host. - -: **Field**: `host_properties` - -`host_reservation_ids` -: The reservation ID of the Dedicated host. - -: **Field**: `host_reservation_id` - -`instances` -: The IDs and instance type that are currently running on the Dedicated host. - -: **Field**: `instances` - -`states` -: The Dedicated host's state. - -: **Field**: `state` - -`allocation_times` -: The time that the Dedicated host was allocated. - -: **Field**: `allocation_time` - -`release_times` -: The time that the Dedicated host was released. - -: **Field**: `release_time` - -`tags` -: Any tags assigned to the Dedicated host. - -: **Field**: `tags` - -`host_recoveries` -: Indicates whether host recovery is enabled or disabled for the Dedicated host. - -: **Field**: `host_recovery` - -`allows_multiple_instance_types` -: Indicates whether the Dedicated host supports multiple instance types of the same instance family. - -: **Field**: `allows_multiple_instance_types` - -`owner_ids` -: The ID of the Amazon Web Services account that owns the Dedicated host. - -: **Field**: `owner_id` - -`availability_zone_ids` -: The ID of the Availability Zone in which the Dedicated host is allocated. - -: **Field**: `availability_zone_id` - -`member_of_service_linked_resource_groups` -: Indicates whether the Dedicated host is in a host resource group. - -: **Field**: `member_of_service_linked_resource_group` - -## Examples - -**Ensure a host is available.** - -```ruby -describe aws_ec2_hosts do - its('host_ids') { should include 'DEDICATED_HOST_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_hosts do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_hosts do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_hosts do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_hosts do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeHostsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_instance.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_instance.md deleted file mode 100644 index 38992cfa5e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_instance.md +++ /dev/null @@ -1,220 +0,0 @@ -+++ -title = "aws_ec2_instance Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_instance" -identifier = "inspec/resources/aws/aws_ec2_instance Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_instance` InSpec audit resource to test properties of a single AWS EC2 instance. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_instance` resource block declares the tests for a single AWS EC2 instance by either name or instance id. - -```ruby -describe aws_ec2_instance('i-01a2349e94458a507') do - it { should exist } -end -``` - -```ruby -describe aws_ec2_instance(name: 'my-instance') do - it { should exist } -end -``` - -## Parameters - -One of either the EC2 instance's ID or name must be be provided. - -`instance_id` _(required if `name` not provided)_ - -: The ID of the EC2 instance. This is in the format of `i-` followed by 8 or 17 hexadecimal characters. - This can be passed either as a string or as an `instance_id: 'value'` key-value entry in a hash. - -`name` _(required if `instance_id` not provided)_ - -: If you have a `Name` tag applied to the EC2 instance, this can be used to lookup the instance. - This must be passed as a `name: 'value'` key-value entry in a hash. - -## Properties - -`state` -: The current state of the EC2 Instance, for example 'running'. - -`image_id` -: The id of the AMI used to launch the instance. - -`role` -: The IAM role attached to the instance. - -`launch_time` -: The time the instance was launched. - -`availability_zone` -: The availability zone of the instance. - -`security_groups` -: A hash containing the security group ids and names associated with the instance. - -`security_group_ids` -: The security group ids associated with the instance. - -`ebs_volumes` -: A hash containing the names and ids of any EBS volumes associated with the instance. - -`tags` -: A list of hashes with each key-value pair corresponding to an EC2 instance tag, e.g, `[{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}]`. - -`tags_hash` -: A hash, with each key-value pair corresponding to an EC2 instance tag, e.g, `{"Name"=>"Testing Box", "Environment"=>"Dev"}`. This property is available in InSpec AWS resource pack version **[1.12.0](https://github.com/inspec/inspec-aws/releases/tag/v1.12.0)** onwards. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Instance.html) - -## Examples - -**Test that an EC2 instance is running.** - -```ruby -describe aws_ec2_instance(name: 'prod-database') do - it { should be_running } -end -``` - -**Test that an EC2 instance is using the correct AMI.** - -```ruby -describe aws_ec2_instance(name: 'my-instance') do - its('image_id') { should eq 'ami-27a58d5c' } -end -``` - -**Test that an EC2 instance has the correct tag.** - -```ruby -describe aws_ec2_instance('i-090c29e4f4c165b74') do - its('tags') { should include(key: 'Contact', value: 'Gilfoyle') } -end -``` - -**Test that an EC2 instance has the correct tag (using the `tags_hash` property).** - -```ruby -describe aws_ec2_instance('i-090c29e4f4c165b74') do - its('tags_hash') { should include('Contact' => 'Gilfoyle') } -**Regardless of the value.** - -end -``` - -**Test that an EC2 instance has no roles.** - -```ruby -describe aws_ec2_instance('i-090c29e4f4c165b74') do - it { should_not have_roles } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -##### has_roles -Test if the EC2 instance has any roles associated with it. - -Use `should_not` to test the entity does not have roles. - -```ruby -it { should have_roles } -``` - -```ruby -it { should_not have_roles } -``` - -#### be_pending - -The `be_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary. - -```ruby -it { should be_pending } -``` - -#### be_running - -The `be_running` matcher tests if the described EC2 instance state is `running`. This indicates the instance is fully operational from AWS's perspective. - -```ruby -it { should be_running } -``` - -#### be_shutting_down - -The `be_shutting_down` matcher tests if the described EC2 instance state is `shutting-down`. This indicates the instance has received a termination command and is in the process of being permanently halted and de-provisioned. This state should be temporary. - -```ruby -it { should be_shutting_down } -``` - -#### be_stopped - -The `be_stopped` matcher tests if the described EC2 instance state is `stopped`. This indicates that the instance is suspended and may be started again. - -```ruby -it { should be_stopped } -``` - -#### be_stopping - -The `be_stopping` matcher tests if the described EC2 instance state is `stopping`. This indicates that an AWS stop command has been issued, which will suspend the instance in an OS-unaware manner. This state should be temporary. - -```ruby -it { should be_stopping } -``` - -#### be_terminated - -The `be_terminated` matcher tests if the described EC2 instance state is `terminated`. This indicates the instance is permanently halted and will be removed from the instance listing in a short period. This state should be temporary. - -```ruby -it { should be_terminated } -``` - -#### be_unknown - -The `be_unknown` matcher tests if the described EC2 instance state is `unknown`. This indicates an error condition in the AWS management system. This state should be temporary. - -```ruby -it { should be_unknown } -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeInstancesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_instances.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_instances.md deleted file mode 100644 index 5ed5b31b70..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_instances.md +++ /dev/null @@ -1,165 +0,0 @@ -+++ -title = "aws_ec2_instances Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_instances" -identifier = "inspec/resources/aws/aws_ec2_instances Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_instances` InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_instances` resource block collects a group of EC2 Instances and then tests that group. - -```ruby -describe aws_ec2_instances do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`instance_ids` -: The ID of the EC2 instance. - -: **Field**: `instance_id` - -`names` -: The value of the `Name` tag if applied to the instance. The filed name is `name`. - -: **Field**: `instance_id` - -`vpc_ids` -: The VPC with which the EC2 instance is associated. - -: **Field**: `vpc_id` - -`subnet_ids` -: The subnet with which the EC2 instance is associated. - -: **Field**: `subnet_id` - -`instance_types` -: The type of instance, for example m5.large. - -: **Field**: `instance_type` - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -: **Field**: `instance_type` - -`tags` -: A hash, with each key-value pair corresponding to an EC2 instance tag, e.g, `{"Name"=>"Testing Box", "Environment"=>"Dev"}`. This property is available in InSpec AWS resource pack version **[1.12.0](https://github.com/inspec/inspec-aws/releases/tag/v1.12.0)** onwards. - -: **Field**: `tags` - -`iam_profiles` -: The IAM instance profile associated with the instance. The `role` property of the `aws_ec2_instance` singular resource can be used to check the attached IAM role on the profile. - -: **Field**: `iam_profile` - -## Examples - -**Ensure you have exactly 3 instances.** - -```ruby -describe aws_ec2_instances do - its('instance_ids.count') { should cmp 3 } -end -``` - -**Use this InSpec resource to request the IDs of all EC2 instances, then test in-depth using `aws_ec2_instance`.** - -```ruby -aws_ec2_instances.instance_ids.each do |instance_id| - describe aws_ec2_instance(instance_id) do - it { should_not have_roles } - its('key_name') { should cmp 'admin-ssh-key' } - its('image_id') { should eq 'ami-27a58d5c' } - end -end -``` - -**Filter EC2 instances with their `Environment` tags* equal to `Dev`, then test in-depth using `aws_ec2_instance`.** - -```ruby -aws_ec2_instances.where(tags: {"Environment" => "Dev"}).instance_ids.each do |id| - describe aws_ec2_instance(id) do - it { should be_stopped } - end -end -*Note that the filter won't return the EC2 instances with multiple tags. In this case use regex: `/"Environment"=>"Dev"/` -``` - -**Filter EC2 instances with multiple tags like `Environment` equal to `Dev` and `Component` equal to `API` , then test in-depth using `aws_ec2_instance`.** - -```ruby -aws_ec2_instances.where(tags: /"Environment"=>"Dev"/).where(tags: /"Component"=>"API"/).instance_ids.each do |id| - describe aws_ec2_instance(id) do - it { should be_stopped } - end -end -``` - -**Filter EC2 instances with a `stop-at-10-pm` tag regardless of its value, then test in-depth using `aws_ec2_instance`. .** - -```ruby -aws_ec2_instances.where(tags: /"stop-at-10-pm"=>/).instance_ids.each do |id| - describe aws_ec2_instance(id) do - it { should be_stopped } - end -end -``` - -**Filter EC2 instances with their `name` equal to `Test Box`, then check their role using `aws_ec2_instance`. .** - -```ruby -aws_ec2_instances.where(name: "Test Box").instance_ids.each do |id| - describe aws_ec2_instance(id) do - its('role) { should eq "test-role" } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. -The field names described in the [properties table](##-properties) should be used for the `` in the `where` clause. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ec2_instances.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ec2_instances.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeInstancesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_internet_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_internet_gateway.md deleted file mode 100644 index 7c37e8bd13..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_internet_gateway.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_ec2_internet_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_internet_gateway" -identifier = "inspec/resources/aws/aws_ec2_internet_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_internet_gateway` InSpec audit resource to test properties of a single specific AWS EC2 internet gateway. - -The `AWS::EC2::InternetGateway` resource allocates an internet gateway for use with a VPC. After creating the internet gateway, you then attach it to a VPC. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 internet gateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-internetgateway.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that internet gateway exists. - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - it { should exist } -end -``` - -## Parameters - -`internet_gateway_id` _(required)_ - -: The ID of the internet gateway. - -## Properties - -`attachments` -: The attachment of the internet gateway. - -`attachments_states` -: The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned. - -`attachments_vpc_ids` -: The ID of the VPC. - -`internet_gateway_id` -: The ID of the internet gateway. - -`owner_id` -: The ID of the Amazon Web Services account that owns the internet gateway. - -`tags` -: The key/value combination of a tag assigned to the resource. - -## Examples - -**Ensure an attachments is available.** - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - its('attachments') { should_not be_empty } -end -``` - -**Ensure that the attachment state is `available`.** - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - its('attachments_states') { should eq 'available' } -end -``` - -**Ensure an internet gateway ID is available.** - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - its('internet_gateway_id') { should eq 'INTERNET_GATEWAY_ID' } -end -``` - -**Ensure an owner ID is available.** - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - its('owner_id') { should eq 'OWNER_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_internet_gateway(internet_gateway_id: 'INTERNET_GATEWAY_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeInternetGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_internet_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_internet_gateways.md deleted file mode 100644 index be6f1321cc..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_internet_gateways.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_ec2_internet_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_internet_gateways" -identifier = "inspec/resources/aws/aws_ec2_internet_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_internet_gateways` InSpec audit resource to test properties of multiple AWS EC2 internet gateways. - -The `AWS::EC2::InternetGateway` resource allocates an internet gateway for use with a VPC. After creating the internet gateway, you then attach it to a VPC. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 internet gateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-internetgateway.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an internet gateway exists. - -```ruby -describe aws_ec2_internet_gateways do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`attachments` -: The attachments of the internet gateways. - -: **Field**: `attachments` - -`attachments_states` -: The current attachment states. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned. - -: **Field**: `attachments (state)` - -`attachments_vpc_ids` -: The IDs of the VPCs. - -: **Field**: `attachments (vpc_id)` - -`internet_gateway_ids` -: The IDs of the internet gateways. - -: **Field**: `internet_gateway_id` - -`owner_ids` -: The IDs of the AWS accounts that own the internet gateways. - -: **Field**: `owner_id` - -`tags` -: The key/value combination of tags assigned to the resources. - -: **Field**: `tags` - -## Examples - -**Ensure an attachment is available.** - -```ruby -describe aws_ec2_internet_gateways do - its('attachments') { should_not be_empty } -end -``` - -**Ensure that an attachment state is `available`.** - -```ruby -describe aws_ec2_internet_gateways do - its('attachments_states') { should include 'available' } -end -``` - -**Ensure an internet gateway ID is available.** - -```ruby -describe aws_ec2_internet_gateways do - its('internet_gateway_ids') { should include 'INTERNET_GATEWAY_ID' } -end -``` - -**Ensure an owner ID is available.** - -```ruby -describe aws_ec2_internet_gateways do - its('owner_ids') { should include 'OWNER_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_internet_gateways do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_internet_gateways do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeInternetGatewaysResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_launch_template.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_launch_template.md deleted file mode 100644 index 56aeed821c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_launch_template.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "aws_ec2_launch_template Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_launch_template" -identifier = "inspec/resources/aws/aws_ec2_launch_template Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_launch_template` InSpec audit resource to test properties of a single AWS Launch Template. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_launch_template` resource block declares the tests for a single AWS Launch Template by either launch_template_name or launch_template_id. - -```ruby -describe aws_ec2_launch_template(launch_template_id: 'lt-01a2349e94458a507') do - it { should exist } -end -``` - -```ruby -describe aws_ec2_launch_template(launch_template_name: 'my-template') do - it { should exist } -end -``` - -## Parameters - -One of either the launch_template_name or launch_template_id must be be provided. - -`launch_template_id` - -: The ID of the EC2 launch_template. This is in the format of `lt-` followed by 8 or 17 hexadecimal characters. - This can be passed either as a string or as an `launch_template_id: 'value'` key-value entry in a hash. - - - -## Properties - -`launch_template_name` -: The name of launch template. - -`launch_template_id` -: The id of the launch template. - -`create_time` -: The create time of the launch resource. - -`created_by` -: The time the instance was launched. - -`default_version_number` -: The availability zone of the instance. - -`latest_version_number` -: A hash containing the security group ids and names associated with the instance. - -`tags` -: A list of hashes with each key-value pair corresponding to an EC2 instance tag, e.g, `[{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}]`. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Instance.html) - -## Examples - -**Test that an launch template should exist.** - -```ruby -describe aws_ec2_launch_template(launch_template_id: 'lt-01a2349e94458a507') do - it { should exist } -end -``` - -**Test that an EC2 instance is using the correct AMI.** - -```ruby -describe aws_ec2_launch_template(launch_template_id: 'lt-01a2349e94458a507') do - its('default_version_number') { should eq 1 } -end -``` - -**Test that an EC2 instance has the correct tag.** - -```ruby -describe aws_ec2_launch_template(launch_template_id: 'lt-01a2349e94458a507') do - its('launch_template_name') { should eq 'test-lt' } -end -``` - diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_launch_templates.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_launch_templates.md deleted file mode 100644 index 697704d347..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_launch_templates.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "aws_ec2_launch_templates Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_launch_templates" -identifier = "inspec/resources/aws/aws_ec2_launch_templates Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_launch_templates` InSpec audit resource to test properties of a all the AWS Launch templates. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_launch_templates` resource block declares the tests for a all the AWS Launch templates. - -describe aws_ec2_launch_templates do -it { should exist } -end - -## Parameters - -`launch_templates_id` - -: The ID of the EC2 launch_templates. This is in the format of `lt-` followed by 8 or 17 hexadecimal characters. - This can be passed either as a string or as an `launch_templates_id: 'value'` key-value entry in a hash. - -## Properties - -`launch_template_name` -: The name of launch template. - -`launch_template_id` -: The id of the launch template. - -`create_time` -: The create time of the launch template. - -`created_by` -: The name by whom the launch template is created. - -`default_version_number` -: The default_version_number of the launch template. - -`latest_version_number` -: The latest_version_number of the launch template. - -`tags` -: A list of hashes with each key-value pair corresponding to an EC2 Launch template tag, e.g, `[{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}]`. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Instance.html) - -## Examples - -**Test that an launch templates should exist.** - - describe aws_ec2_launch_templates do - it { should exist } - end - -**Test that an EC2 instance is using the correct AMI.** - - describe aws_ec2_launch_templates do - its('launch_template_ids.count') { should cmp 3 } - end - -**Test that an EC2 instance has the correct tag.** - - describe aws_ec2_launch_templates do - its('launch_templates_names') { should include 'test-lt' } - end - - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_analysis.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_analysis.md deleted file mode 100644 index 4110ecb1ff..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_analysis.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "aws_ec2_network_insights_analysis Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_insights_analysis" -identifier = "inspec/resources/aws/aws_ec2_network_insights_analysis Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_insights_analysis` InSpec audit resource to test properties of a single specific AWS EC2 network insights analysis. - -The `AWS::EC2::NetworkInsightsAnalysis` resource specifies a network insights analysis. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Network Insights Analysis](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinsightsanalysis.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network insights analysis ID exists. - -```ruby -describe aws_ec2_network_insights_analysis(network_insights_analysis_id: 'NETWORK_INSIGHTS_ANALYSIS_ID') do - it { should exist } -end -``` - -## Parameters - -`network_insights_analysis_id` _(required)_ - -: The ID of the network insights analysis. - -## Properties - -`network_insights_analysis_id` -: The ID of the network insights analysis. - -`network_insights_analysis_arn` -: The Amazon Resource Name (ARN) of the network insights analysis. - -`network_insights_path_id` -: The ID of the path. - -`filter_in_arns` -: The Amazon Resource Names (ARN) of the Amazon Web Services resources that the path must traverse. - -`start_date` -: The time the analysis started. - -`status` -: The status of the network insights analysis. - -`status_message` -: The status message, if the status is failed. - -`network_path_found` -: Indicates whether the destination is reachable from the source. - -`forward_path_components` -: The components in the path from source to destination. - -`return_path_components` -: The components in the path from destination to source. - -`explanations` -: The explanations. - -`alternate_path_hints` -: Potential intermediate components. - -`tags` -: The tags of the insights analysis. - -## Examples - -**Ensure a Network Insights Analysis Id is available.** - -```ruby -describe aws_ec2_network_insights_analysis(network_insights_analysis_id: 'NETWORK_INSIGHTS_ANALYSIS_ID') do - its('network_insights_analysis_id') { should eq 'NETWORK_INSIGHTS_ANALYSIS_ID' } -end -``` - -**Ensure that the Network Insights Path Id is available.** - -```ruby -describe aws_ec2_network_insights_analysis(network_insights_analysis_id: 'NETWORK_INSIGHTS_ANALYSIS_ID') do - its('network_insights_path_id') { should eq 'NETWORK_INSIGHTS_PATH_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_insights_analysis(network_insights_analysis_id: 'NETWORK_INSIGHTS_ANALYSIS_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_insights_analysis(network_insights_analysis_id: 'NETWORK_INSIGHTS_ANALYSIS_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_network_insights_analysis(network_insights_analysis_id: 'NETWORK_INSIGHTS_ANALYSIS_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInsightsAnalysesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_analysis_plural.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_analysis_plural.md deleted file mode 100644 index 40c8eddb90..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_analysis_plural.md +++ /dev/null @@ -1,148 +0,0 @@ -+++ -title = "aws_ec2_network_insights_analysis_plural Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_insights_analysis_plural" -identifier = "inspec/resources/aws/aws_ec2_network_insights_analysis_plural Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_insights_analysis_plural` InSpec audit resource to test properties of multiple AWS EC2 network insights analyses. - -The `AWS::EC2::NetworkInsightsAnalysis` resource specifies a network insights analysis. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Network Insights Analysis](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinsightsanalysis.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network insights analysis ID exists. - -```ruby -describe aws_ec2_network_insights_analysis_plural do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`network_insights_analysis_ids` -: The ID of the network insights analysis. - -: **Field**: `network_insights_analysis_id` - -`network_insights_analysis_arns` -: The Amazon Resource Name (ARN) of the network insights analysis. - -: **Field**: `network_insights_analysis_arn` - -`network_insights_path_ids` -: The ID of the path. - -: **Field**: `network_insights_path_id` - -`filter_in_arns` -: The Amazon Resource Names (ARN) of the Amazon Web Services resources that the path must traverse. - -: **Field**: `filter_in_arns` - -`start_dates` -: The time the analysis started. - -: **Field**: `start_date` - -`statuses` -: The status of the network insights analysis. - -: **Field**: `status` - -`status_messages` -: The status message, if the status is failed. - -: **Field**: `status_message` - -`network_path_found` -: Indicates whether the destination is reachable from the source. - -: **Field**: `network_path_found` - -`forward_path_components` -: The components in the path from source to destination. - -: **Field**: `forward_path_components` - -`return_path_components` -: The components in the path from destination to source. - -: **Field**: `return_path_components` - -`explanations` -: The explanations. - -: **Field**: `explanations` - -`alternate_path_hints` -: Potential intermediate components. - -: **Field**: `alternate_path_hints` - -`tags` -: The tags of the insights analysis. - -: **Field**: `tags` - -## Examples - -**Ensure a network insights analysis ID is available.** - -```ruby -describe aws_ec2_network_insights_analysis_plural do - its('network_insights_analysis_ids') { should include 'NETWORK_INSIGHTS_ANALYSIS_ID' } -end -``` - -**Ensure that the network insights path ID is available.** - -```ruby -describe aws_ec2_network_insights_analysis_plural do - its('network_insights_path_ids') { should include 'NETWORK_INSIGHTS_PATH_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_insights_analysis_plural do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_insights_analysis_plural do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInsightsAnalysesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_path.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_path.md deleted file mode 100644 index e3c2435a04..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_path.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_ec2_network_insights_path Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_insights_path" -identifier = "inspec/resources/aws/aws_ec2_network_insights_path Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_insights_path` InSpec audit resource to test properties of a single specific AWS EC2 path to analyze for reachability. - -The `AWS::EC2::NetworkInsightsPath` resource specifies a path to analyze for reachability. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 network insights path](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinsightspath.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network insights path ID exists. - -```ruby -describe aws_ec2_network_insights_path(network_insights_path_id: 'NETWORK_INSIGHTS_PATH_ID') do - it { should exist } -end -``` - -## Parameters - -`network_insights_path_id` _(required)_ - -: The ID of the path. - -## Properties - -`network_insights_path_id` -: The ID of the path. - -`network_insights_path_arn` -: The Amazon Resource Name (ARN) of the path. - -`created_date` -: The timestamp when the path was created. - -`source` -: The Amazon Web Services resource that is the source of the path. - -`destination` -: The Amazon Web Services resource that is the destination of the path. - -`source_ip` -: The IP address of the Amazon Web Services resource that is the source of the path. - -`destination_ip` -: The IP address of the Amazon Web Services resource that is the destination of the path. - -`protocol` -: The protocol. - -`destination_port` -: The destination port. - -`tags` -: The tags associated with the path. - -## Examples - -**Ensure a network insights path ID is available.** - -```ruby -describe aws_ec2_network_insights_path(network_insights_path_id: 'NETWORK_INSIGHTS_PATH_ID') do - its('network_insights_path_id') { should eq 'NETWORK_INSIGHTS_PATH_ID' } -end -``` - -**Ensure a network insights path ARN is available.** - -```ruby -describe aws_ec2_network_insights_path(network_insights_path_id: 'NETWORK_INSIGHTS_PATH_ID') do - its('network_insights_path_arn') { should eq 'NETWORK_INSIGHTS_PATH_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_insights_path(network_insights_path_id: 'NETWORK_INSIGHTS_PATH_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_insights_path(network_insights_path_id: 'NETWORK_INSIGHTS_PATH_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_network_insights_path(network_insights_path_id: 'NETWORK_INSIGHTS_PATH_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInsightsPathsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_paths.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_paths.md deleted file mode 100644 index ece8b2f885..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_insights_paths.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_ec2_network_insights_paths Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_insights_paths" -identifier = "inspec/resources/aws/aws_ec2_network_insights_paths Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_insights_paths` InSpec audit resource to test properties of multiple AWS EC2 paths to analyze for reachability. - -The `AWS::EC2::NetworkInsightsPath` resource specifies a path to analyze for reachability. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 network insights path](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinsightspath.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network insights path ID exists. - -```ruby -describe aws_ec2_network_insights_paths do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`network_insights_path_ids` -: The ID of the path. - -: **Field**: `network_insights_path_id` - -`network_insights_path_arns` -: The Amazon Resource Name (ARN) of the path. - -: **Field**: `network_insights_path_arn` - -`created_dates` -: The time stamp when the path was created. - -: **Field**: `created_date` - -`sources` -: The Amazon Web Services resource that is the source of the path. - -: **Field**: `source` - -`destinations` -: The Amazon Web Services resource that is the destination of the path. - -: **Field**: `destination` - -`source_ips` -: The IP address of the Amazon Web Services resource that is the source of the path. - -: **Field**: `source_ip` - -`destination_ips` -: The IP address of the Amazon Web Services resource that is the destination of the path. - -: **Field**: `destination_ip` - -`protocols` -: The protocol. - -: **Field**: `protocol` - -`destination_ports` -: The destination port. - -: **Field**: `destination_port` - -`tags` -: The tags associated with the path. - -: **Field**: `tags` - -## Examples - -**Ensure a network insights path ID is available.** - -```ruby -describe aws_ec2_network_insights_paths do - its('network_insights_path_ids') { should include 'NETWORK_INSIGHTS_PATH_ID' } -end -``` - -**Ensure a network insights path ARN is available.** - -```ruby -describe aws_ec2_network_insights_paths do - its('network_insights_path_arns') { should include 'NETWORK_INSIGHTS_PATH_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_insights_paths do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_insights_paths do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInsightsPathsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface.md deleted file mode 100644 index a5c7c12c00..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface.md +++ /dev/null @@ -1,200 +0,0 @@ -+++ -title = "aws_ec2_network_interface Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_interface" -identifier = "inspec/resources/aws/aws_ec2_network_interface Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_interface` InSpec audit resource to test properties of a single network interface in an Amazon EC2 instance for AWS CloudFormation. - -The `AWS::EC2::NetworkInterface` resource describes a network interface in an Elastic Compute Cloud (EC2) instance for AWS CloudFormation. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 network interface](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network interface ID exists. - -```ruby -describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should exist } -end -``` - -## Parameters - -`network_interface_id` _(required)_ - -: The ID of the network interface. - -## Properties - -`association (allocation_id)` -: The allocation ID. - -`association (association_id)` -: The association ID. - -`association (ip_owner_id)` -: The ID of the Elastic IP address owner. - -`association (public_dns_name)` -: The public DNS name. - -`association (public_ip)` -: The address of the Elastic IP address bound to the network interface. - -`association (customer_owned_ip)` -: The customer-owned IP address associated with the network interface. - -`association (carrier_ip)` -: The carrier IP address associated with the network interface. - -`attachment (attach_time)` -: The timestamp indicating when the attachment initiated. - -`attachment (attachment_id)` -: The ID of the network interface attachment. - -`attachment (delete_on_termination)` -: Indicates whether the network interface is deleted when the instance is terminated. - -`attachment (device_index)` -: The device index of the network interface attachment on the instance. - -`attachment (network_card_index)` -: The index of the network card. - -`attachment (instance_id)` -: The ID of the instance. - -`attachment (instance_owner_id)` -: The Amazon Web Services account ID of the owner of the instance. - -`attachment (status)` -: The attachment state. Valid Values: `attaching`, `attached`, `detaching`, `detached`. - -`availability_zone` -: The availability zone. - -`description` -: A description. - -`groups` -: The security group. - -`interface_type` -: The type of network interface. - -`ipv_6_addresses` -: The IPv6 address. - -`mac_address` -: The MAC address. - -`network_interface_id` -: The ID of the network interface. - -`outpost_arn` -: The Amazon Resource Name (ARN) of the Outpost. - -`owner_id` -: The Amazon Web Services account ID of the owner of the network interface. - -`private_dns_name` -: The private DNS name. - -`private_ip_address` -: The IPv4 address of the network interface within the subnet. - -`ipv_4_prefixes` -: The IPv4 Prefix Delegation prefixes that are assigned to the network interface. - -`ipv_6_prefixes` -: The IPv6 Prefix Delegation prefixes that are assigned to the network interface. The IPv6 Prefix Delegation prefix. - -`requester_id` -: The alias or Amazon Web Services account ID of the principal or service that created the network interface. - -`requester_managed` -: Indicates whether the network interface is being managed by Amazon Web Services. - -`source_dest_check` -: Indicates whether source/destination checking is enabled. - -`status` -: The status of the network interface. - -`subnet_id` -: The ID of the subnet. - -`tag_set` -: Any tags assigned to the network interface. - -`vpc_id` -: The ID of the VPC. - -## Examples - -**Ensure a network interface ID is available.** - -```ruby -describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do - its('network_interface_id') { should eq 'NETWORK_INTERFACE_ID' } -end -``` - -**Ensure that the interface type is 'vpc'.** - -```ruby -describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do - its('interface_type') { should eq 'vpc' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInterfacesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_attachment.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_attachment.md deleted file mode 100644 index 090dfdd4f1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_attachment.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "aws_ec2_network_interface_attachment Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_interface_attachment" -identifier = "inspec/resources/aws/aws_ec2_network_interface_attachment Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_interface_attachment` InSpec audit resource to test properties of a single specific AWS EC2 network interface attachment. - -The `AWS::EC2::NetworkInterfaceAttachment` resource attaches an elastic network interface (ENI) to an Amazon EC2 instance. You can use this resource type to attach additional network interfaces to an instance without interruption. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 network interface attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface-attachment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network interface attachment exists. - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should exist } -end -``` - -## Parameters - -`network_interface_id` _(required)_ - -: The ID of the network interface. - -## Properties - -`attach_time` -: The timestamp indicating when the attachment initiated. - -`attachment_id` -: The ID of the network interface attachment. - -`delete_on_termination` -: Indicates whether the network interface is deleted when the instance is terminated. - -`device_index` -: The device index of the network interface attachment on the instance. - -`network_card_index` -: The index of the network card. - -`instance_id` -: The ID of the instance. - -`instance_owner_id` -: The Amazon Web Services account ID of the owner of the instance. - -`status` -: The attachment state. - -## Examples - -**Ensure aN attachment ID is available.** - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - its('attachment_id') { should eq 'ATTACHMENT_ID' } -end -``` - -**Ensure that the status is `available`.** - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInterfacesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_attachments.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_attachments.md deleted file mode 100644 index 04cde16a9a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_attachments.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_ec2_network_interface_attachments Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_interface_attachments" -identifier = "inspec/resources/aws/aws_ec2_network_interface_attachments Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_interface_attachments` InSpec audit resource to test properties of multiple AWS EC2 network interface attachments. - -The `AWS::EC2::NetworkInterfaceAttachment` resource attaches an elastic network interface (ENI) to an Amazon EC2 instance. You can use this resource type to attach additional network interfaces to an instance without interruption. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda Function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a network interface attachment exists. - -```ruby -describe aws_ec2_network_interface_attachments do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`attach_times` -: The timestamp indicating when the attachment initiated. - -: **Field**: `attach_time` - -`attachment_ids` -: The ID of the network interface attachment. - -: **Field**: `attachment_id` - -`delete_on_terminations` -: Indicates whether the network interface is deleted when the instance is terminated. - -: **Field**: `delete_on_termination` - -`device_indexes` -: The device index of the network interface attachment on the instance. - -: **Field**: `device_index` - -`network_card_indexes` -: The index of the network card. - -: **Field**: `network_card_index` - -`instance_ids` -: The ID of the instance. - -: **Field**: `instance_id` - -`instance_owner_ids` -: The Amazon Web Services account ID of the owner of the instance. - -: **Field**: `instance_owner_id` - -`statuses` -: The attachment state. - -: **Field**: `status` - -## Examples - -**Ensure an attachment ID is available.** - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - its('attachment_ids') { should include 'ATTACHMENT_ID' } -end -``` - -**Ensure that a network interface status is `available`.** - -```ruby -describe aws_ec2_network_interface_attachment(network_interface_id: 'NETWORK_INTERFACE_ID') do - its('statuses') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_interface_attachments do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_interface_attachments do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInterfacesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_permission.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_permission.md deleted file mode 100644 index 8057b0b2ed..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_permission.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_ec2_network_interface_permission Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_interface_permission" -identifier = "inspec/resources/aws/aws_ec2_network_interface_permission Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_interface_permission` InSpec audit resource to test the properties of a single specific AWS EC2 network interface permission. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Network Interface Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinterfacepermission.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network interface permission ID exists. - -```ruby -describe aws_ec2_network_interface_permission(network_interface_permission_id: 'NETWORK_INTERFACE_PERMISSION_ID') do - it { should exist } -end -``` - -## Parameters - -`network_interface_permission_id` _(required)_ - -: The ID of the network interface permission. - -## Properties - -`network_interface_permission_id` -: The ID of the network interface. - -`network_interface_id` -: The Amazon Web Services account ID. - -`aws_account_id` -: The Amazon Web Service. Currently not supported. - -`state` -: The state of the permission. Valid values are: "pending", "granted", "revoking", "revoked". - -`status_message` -: The status message of the permission state. - -## Examples - -**Ensure a network interface permission ID is available.** - -```ruby -describe aws_ec2_network_interface_permission(network_interface_permission_id: 'NETWORK_INTERFACE_PERMISSION_ID') do - its('network_interface_permission_id') { should eq 'NETWORK_INTERFACE_PERMISSION_ID' } -end -``` - -**Ensure that the interface permission state is 'pending'.** - -```ruby -describe aws_ec2_network_interface_permission(network_interface_permission_id: 'NETWORK_INTERFACE_PERMISSION_ID') do - its('state') { should eq 'pending' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_interface_permission(network_interface_permission_id: 'NETWORK_INTERFACE_PERMISSION_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_interface_permission(network_interface_permission_id: 'NETWORK_INTERFACE_PERMISSION_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_network_interface_permission(network_interface_permission_id: 'NETWORK_INTERFACE_PERMISSION_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInterfacePermissionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_permissions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_permissions.md deleted file mode 100644 index e53b8a0494..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interface_permissions.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_ec2_network_interface_permissions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_interface_permissions" -identifier = "inspec/resources/aws/aws_ec2_network_interface_permissions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_interface_permissions` InSpec audit resource to test properties of multiple AWS EC2 network interface permission. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network interface permission ID exists. - -```ruby -describe aws_ec2_network_interface_permissions do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on AWS EC2 Network Interface Permissions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinterfacepermission.html). - -## Parameters - -This resource does not require any parameters. - -## Properties - -`network_interface_permission_ids` -: The ID of the network interface. - -: **Field**: `network_interface_permission_id` - -`network_interface_ids` -: The Amazon Web Services account ID. - -: **Field**: `network_interface_id` - -`aws_account_ids` -: The Amazon Web Service. Currently not supported. - -: **Field**: `aws_account_id` - -`states` -: The state of the permission. String, one of "pending", "granted", "revoking", "revoked". - -: **Field**: `state` - -`status_messages` -: The status message of the permission state. - -: **Field**: `status_message` - -## Examples - -**Ensure a network interface permission ID is available.** - -```ruby -describe aws_ec2_network_interface_permissions do - its('network_interface_permission_ids') { should include 'NETWORK_INTERFACE_PERMISSION_ID' } -end -``` - -**Ensure that the interface permission state is 'pending'.** - -```ruby -describe aws_ec2_network_interface_permissions do - its('states') { should include 'pending' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_interface_permissions do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_interface_permissions do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_network_interface_permissions do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInterfacePermissionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interfaces.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interfaces.md deleted file mode 100644 index c9cb0e14f0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_network_interfaces.md +++ /dev/null @@ -1,188 +0,0 @@ -+++ -title = "aws_ec2_network_interfaces Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_network_interfaces" -identifier = "inspec/resources/aws/aws_ec2_network_interfaces Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_network_interfaces` InSpec audit resource to test properties of multiple network interfaces in an Amazon EC2 instance for AWS CloudFormation. - -The `AWS::EC2::NetworkInterface` resource describes a network interface in an Elastic Compute Cloud (EC2) instance for AWS CloudFormation. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 network interface](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that network interface ID exists. - -```ruby -describe aws_ec2_network_interfaces do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`attachments` -: The attachment. - -: **Field**: `attachment` - -`availability_zones` -: The Availability Zone. - -: **Field**: `availability_zone` - -`descriptions` -: A description. - -: **Field**: `description` - -`groups` -: The security group. - -: **Field**: `groups` - -`interface_types` -: The type of network interface. - -: **Field**: `interface_type` - -`ipv_6_addresses` -: The IPv6 address. - -: **Field**: `ipv_6_addresses` - -`mac_addresses` -: The MAC address. - -: **Field**: `mac_address` - -`network_interface_ids` -: The ID of the network interface. - -: **Field**: `network_interface_id` - -`outpost_arns` -: The Amazon Resource Name (ARN) of the Outpost. - -: **Field**: `outpost_arn` - -`owner_ids` -: The Amazon Web Services account ID of the owner of the network interface. - -: **Field**: `owner_id` - -`private_dns_names` -: The private DNS name. - -: **Field**: `private_dns_name` - -`private_ip_addresses` -: The IPv4 address of the network interface within the subnet. - -: **Field**: `private_ip_address` - -`ipv_4_prefixes` -: The IPv4 Prefix Delegation prefixes that are assigned to the network interface. - -: **Field**: `ipv_4_prefixes` - -`ipv_6_prefixes` -: The IPv6 Prefix Delegation prefixes that are assigned to the network interface. The IPv6 Prefix Delegation prefix. - -: **Field**: `ipv_6_prefixes` - -`requester_ids` -: The alias or Amazon Web Services account ID of the principal or service that created the network interface. - -: **Field**: `requester_id` - -`requester_managed` -: Indicates whether the network interface is being managed by Amazon Web Services. - -: **Field**: `requester_managed` - -`source_dest_checks` -: Indicates whether source/destination checking is enabled. - -: **Field**: `source_dest_check` - -`statuses` -: The status of the network interface. - -: **Field**: `status` - -`subnet_ids` -: The ID of the subnet. - -: **Field**: `subnet_id` - -`tag_sets` -: Any tags assigned to the network interface. - -: **Field**: `tag_set` - -`vpc_ids` -: The ID of the VPC. - -: **Field**: `vpc_id` - -## Examples - -**Ensure a network interface ID is available.** - -```ruby -describe aws_ec2_network_interfaces do - its('network_interface_ids') { should include 'NetworkInterfaceId' } -end -``` - -**Ensure that an availability zone is available.** - -```ruby -describe aws_ec2_network_interfaces do - its('availability_zones') { should include "us-east-2a" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_network_interfaces do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_network_interfaces do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkInterfacesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_placement_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_placement_group.md deleted file mode 100644 index 85b2c1d2b7..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_placement_group.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_ec2_placement_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_placement_group" -identifier = "inspec/resources/aws/aws_ec2_placement_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_placement_group` InSpec audit resource to test properties of a single specific AWS EC2 placement group. - -The `AWS::EC2::PlacementGroup` resource type specifies a placement group in which to launch instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 placement group.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-placementgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the placement group exists. - -```ruby -describe aws_ec2_placement_group(placement_group_name: 'PLACEMENT_GROUP_NAME') do - it { should exist } -end -``` - -## Parameters - -`placement_group_name` _(required)_ - -: The name of the placement group. - -## Properties - -`group_name` -: The name of the placement group. - -`state` -: The state of the placement group. - -`strategy` -: The placement strategy. - -`partition_count` -: The number of partitions. - -`group_id` -: The ID of the placement group. - -`tags` -: Any tags applied to the placement group. - -## Examples - -**Ensure a placement group name is available.** - -```ruby -describe aws_ec2_placement_group(placement_group_name: 'PLACEMENT_GROUP_NAME') do - its('group_name') { should eq 'PLACEMENT_GROUP_NAME' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_placement_group(placement_group_name: 'PLACEMENT_GROUP_NAME') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_placement_group(placement_group_name: 'PLACEMENT_GROUP_NAME') do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_ec2_placement_group(placement_group_name: 'PLACEMENT_GROUP_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_placement_group(placement_group_name: 'PLACEMENT_GROUP_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribePlacementGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_placement_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_placement_groups.md deleted file mode 100644 index e21a0df8bd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_placement_groups.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_ec2_placement_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_placement_groups" -identifier = "inspec/resources/aws/aws_ec2_placement_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_placement_groups` InSpec audit resource to test properties of multiple AWS EC2 placement groups. - -The `AWS::EC2::PlacementGroup` resource type specifies a placement group in which to launch instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 placement group.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-placementgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the placement group exists. - -```ruby -describe aws_ec2_placement_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`group_names` -: The name of the placement group. - -: **Field**: `group_name` - -`states` -: The state of the placement group. - -: **Field**: `state` - -`strategies` -: The placement strategy. - -: **Field**: `strategy` - -`partition_counts` -: The number of partitions. - -: **Field**: `partition_count` - -`group_ids` -: The ID of the placement group. - -: **Field**: `group_id` - -`tags` -: Any tags applied to the placement group. - -: **Field**: `tags` - -## Examples - -**Ensure a placement group name is available.** - -```ruby -describe aws_ec2_placement_groups do - its('group_names') { should include 'PLACEMENT_GROUP_NAME' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_placement_groups do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_placement_groups do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_ec2_placement_groups do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_placement_groups do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribePlacementGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_prefix_list.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_prefix_list.md deleted file mode 100644 index 5be72e377e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_prefix_list.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_ec2_prefix_list Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_prefix_list" -identifier = "inspec/resources/aws/aws_ec2_prefix_list Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_prefix_list` InSpec audit resource to test properties of a single specific AWS EC2 prefix list. - -The `AWS::EC2::PrefixList` resource specifies a managed prefix list. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 prefix lists](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-prefixlist.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a prefix list exists. - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - it { should exist } -end -``` - -## Parameters - -`prefix_list_id` _(required)_ - -: The ID of the prefix list. - -## Properties - -`prefix_list_id` -: The ID of the prefix list. - -`address_family` -: The IP address version. - -`state` -: The state of the prefix list. - -`state_message` -: The state message. - -`prefix_list_arn` -: The Amazon Resource Name (ARN) for the prefix list. - -`prefix_list_name` -: The name of the prefix list. - -`max_entries` -: The maximum number of entries for the prefix list. - -`version` -: The version of the prefix list. - -`tags` -: The tags for the prefix list. - -`owner_id` -: The ID of the owner of the prefix list. - -## Examples - -**Ensure a prefix list ID is available.** - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - its('prefix_list_id') { should eq 'PREFIX_LIST_ID' } -end -``` - -**Ensure an address family is available.** - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - its('address_family') { should eq 'ADDRESS_FAMILY' } -end -``` - -**Ensure that the state is `AVAILABLE`.** - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - its('state') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_prefix_list(prefix_list_id: 'PREFIX_LIST_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeManagedPrefixListsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_prefix_lists.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_prefix_lists.md deleted file mode 100644 index 781db7442c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_prefix_lists.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_ec2_prefix_lists Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_prefix_lists" -identifier = "inspec/resources/aws/aws_ec2_prefix_lists Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_prefix_lists` InSpec audit resource to test properties of multiple AWS EC2 prefix lists. - -The `AWS::EC2::PrefixList` resource specifies a managed prefix list. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 prefix lists](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-prefixlist.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a prefix list exists. - -```ruby -describe aws_ec2_prefix_lists do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`prefix_list_ids` -: prefix_list_id. - -`address_families` -: address_family. - -`states` -: state. - -`state_messages` -: state_message. - -`prefix_list_arns` -: prefix_list_arn. - -`prefix_list_names` -: prefix_list_name. - -`max_entries` -: max_entries. - -`versions` -: version. - -`tags` -: tags. - -`owner_ids` -: owner_id. - -## Examples - -**Ensure a prefix list ID is available.** - -```ruby -describe aws_ec2_prefix_lists do - its('prefix_list_ids') { should include 'PREFIX_LIST_ID' } -end -``` - -**Ensure an address family is available.** - -```ruby -describe aws_ec2_prefix_lists do - its('address_families') { should include 'ADDRESS_FAMILY' } -end -``` - -**Ensure that the state is `AVAILABLE`.** - -```ruby -describe aws_ec2_prefix_lists do - its('states') { should include 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_prefix_lists do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_prefix_lists do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeManagedPrefixListsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_spot_fleet.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_spot_fleet.md deleted file mode 100644 index 865fe92c1d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_spot_fleet.md +++ /dev/null @@ -1,250 +0,0 @@ -+++ -title = "aws_ec2_spot_fleet Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_spot_fleet" -identifier = "inspec/resources/aws/aws_ec2_spot_fleet Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_spot_fleet` InSpec audit resource to test properties of a single specific AWS EC2 Spot Fleet. - -The `AWS::EC2::SpotFleet` resource specifies a Spot Fleet request. A Spot Fleet request contains the configuration information to launch a fleet, or group, of instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Spot Fleet.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-spotfleet.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the spot fleet exists. - -```ruby -describe aws_ec2_spot_fleet(spot_fleet_request_id: "SpotFleetID") do - it { should exist } -end -``` - -## Parameters - -`spot_fleet_request_id` _(required)_ - -: The ID of the Spot Fleet request. - -## Properties - -`activity_status` -: The progress of the Spot Fleet request. - -: **Field**: `activity_status` - -`create_time` -: The creation date and time of the request. - -: **Field**: `create_time` - -`spot_fleet_request_config.allocation_strategy` -: Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request. - -: **Field**: `spot_fleet_request_config.allocation_strategy` - -`spot_fleet_request_config.on_demand_allocation_strategy` -: The order of the launch template overrides to use in fulfilling On-Demand capacity. - -: **Field**: `spot_fleet_request_config.on_demand_allocation_strategy` - -`spot_fleet_request_config.spot_maintenance_strategies.capacity_rebalance.replacement_strategy` -: The replacement strategy to use. - -: **Field**: `spot_fleet_request_config.spot_maintenance_strategies.capacity_rebalance.replacement_strategy` - -`spot_fleet_request_config.client_token` -: A unique, case-sensitive identifier that you provide to ensure the idempotency of your listings. - -: **Field**: `spot_fleet_request_config.client_token` - -`spot_fleet_request_config.excess_capacity_termination_policy` -: Indicates whether running Spot Instances should be terminated if you decrease the target capacity of the Spot Fleet request below the current size of the Spot Fleet. - -: **Field**: `spot_fleet_request_config.excess_capacity_termination_policy` - -`spot_fleet_request_config.fulfilled_capacity` -: The number of units fulfilled by this request compared to the set target capacity. You cannot set this value. - -: **Field**: `spot_fleet_request_config.fulfilled_capacity` - -`spot_fleet_request_config.on_demand_fulfilled_capacity` -: The number of On-Demand units fulfilled by this request compared to the set target On-Demand capacity. - -: **Field**: `spot_fleet_request_config.on_demand_fulfilled_capacity` - -`spot_fleet_request_config.iam_fleet_role` -: The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. - -: **Field**: `spot_fleet_request_config.iam_fleet_role` - -`spot_fleet_request_config.launch_specifications` -: The launch specifications for the Spot Fleet request. - -: **Field**: `spot_fleet_request_config.launch_specifications` - -`spot_fleet_request_config.launch_template_configs` -: The launch template and overrides. - -: **Field**: `spot_fleet_request_config.launch_template_configs` - -`spot_fleet_request_config.spot_price` -: The maximum price per unit hour that you are willing to pay for a Spot Instance. - -: **Field**: `spot_fleet_request_config.spot_price` - -`spot_fleet_request_config.target_capacity` -: The number of units to request for the Spot Fleet. - -: **Field**: `spot_fleet_request_config.target_capacity` - -`spot_fleet_request_config.on_demand_target_capacity` -: The number of On-Demand units to request. - -: **Field**: `spot_fleet_request_config.on_demand_target_capacity` - -`spot_fleet_request_config.on_demand_max_total_price` -: The maximum amount per hour for On-Demand Instances that you're willing to pay. - -: **Field**: `spot_fleet_request_config.on_demand_max_total_price` - -`spot_fleet_request_config.spot_max_total_price` -: The maximum amount per hour for Spot Instances that you're willing to pay. - -: **Field**: `spot_fleet_request_config.spot_max_total_price` - -`spot_fleet_request_config.terminate_instances_with_expiration` -: Indicates whether running Spot Instances are terminated when the Spot Fleet request expires. - -: **Field**: `spot_fleet_request_config.terminate_instances_with_expiration` - -`spot_fleet_request_config.type` -: The type of request. - -: **Field**: `spot_fleet_request_config.type` - -`spot_fleet_request_config.valid_from` -: The start date and time of the request. - -: **Field**: `spot_fleet_request_config.valid_from` - -`spot_fleet_request_config.valid_until` -: The end date and time of the request. - -: **Field**: `spot_fleet_request_config.valid_until` - -`spot_fleet_request_config.replace_unhealthy_instances` -: Indicates whether Spot Fleet should replace unhealthy instances. - -: **Field**: `spot_fleet_request_config.replace_unhealthy_instances` - -`spot_fleet_request_config.instance_interruption_behavior` -: The behavior when a Spot Instance is interrupted. The default is terminate. - -: **Field**: `spot_fleet_request_config.instance_interruption_behavior` - -`spot_fleet_request_config.load_balancers_config.classic_load_balancers_config.classic_load_balancers` -: One or more Classic Load Balancers. - -: **Field**: `spot_fleet_request_config.load_balancers_config.classic_load_balancers_config.classic_load_balancers` - -`spot_fleet_request_config.load_balancers_config.target_groups_config.target_groups` -: One or more target groups. - -: **Field**: `spot_fleet_request_config.load_balancers_config.target_groups_config.target_groups` - -`spot_fleet_request_config.instance_pools_to_use_count` -: The number of Spot pools across which to allocate your target Spot capacity. - -: **Field**: `spot_fleet_request_config.instance_pools_to_use_count` - -`spot_fleet_request_config.context` -: Reserved. - -: **Field**: `spot_fleet_request_config.context` - -`spot_fleet_request_config.tag_specifications` -: The key-value pair for tagging the Spot Fleet request on creation. - -: **Field**: `spot_fleet_request_config.tag_specifications` - -`spot_fleet_request_id` -: The ID of the Spot Fleet request. - -: **Field**: `spot_fleet_request_id` - -`spot_fleet_request_state` -: The state of the Spot Fleet request. - -: **Field**: `spot_fleet_request_state` - -`tags` -: The tags for a Spot Fleet resource. - -: **Field**: `tags` - -## Examples - -**Ensure a iam fleet role is available.** - -```ruby -describe aws_ec2_spot_fleet(spot_fleet_request_id: "SpotFleetID") do - its('iam_fleet_role') { should eq 'IAMFleetRole' } -end -``` - -**Ensure that the state is `active`.** - -```ruby -describe aws_ec2_spot_fleet(spot_fleet_request_id: "SpotFleetID") do - its('spot_fleet_request_state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_spot_fleet(spot_fleet_request_id: "SpotFleetID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_spot_fleet(spot_fleet_request_id: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_spot_fleet(spot_fleet_request_id: "SpotFleetID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeSpotFleetRequestsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_spot_fleets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_spot_fleets.md deleted file mode 100644 index 7d2aeec81b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_spot_fleets.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_ec2_spot_fleets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_spot_fleets" -identifier = "inspec/resources/aws/aws_ec2_spot_fleets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_spot_fleets` InSpec audit resource to test properties of the plural AWS EC2 Spot Fleet. - -The `AWS::EC2::SpotFleet` resource specifies a Spot Fleet request. A Spot Fleet request contains the configuration information to launch a fleet, or group, of instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Spot Fleet.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-spotfleet.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that spot fleets exists. - -```ruby -describe aws_ec2_spot_fleets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`activity_statuses` -: The progress of the Spot Fleet request. - -: **Field**: `activity_status` - -`create_times` -: The creation date and time of the request. - -: **Field**: `create_time` - -`spot_fleet_request_configs` -: The configs of the Spot Fleet request. - -: **Field**: `spot_fleet_request_config` - -`spot_fleet_request_ids` -: The ID of the Spot Fleet request. - -: **Field**: `spot_fleet_request_id` - -`spot_fleet_request_states` -: The state of the Spot Fleet request. - -: **Field**: `spot_fleet_request_state` - -`tags` -: The tags for a Spot Fleet resource. - -: **Field**: `tags` - -## Examples - -**Ensure an activity status is there.** - -```ruby -describe aws_ec2_spot_fleets do - its('activity_statuses') { should include 'error' } -end -``` - -**Ensure that the state is `active`.** - -```ruby -describe aws_ec2_spot_fleets do - its('spot_fleet_request_states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_spot_fleets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_spot_fleets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeSpotFleetRequestsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_filter.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_filter.md deleted file mode 100644 index 55d5c62ba0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_filter.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_ec2_traffic_mirror_filter Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_traffic_mirror_filter" -identifier = "inspec/resources/aws/aws_ec2_traffic_mirror_filter Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_traffic_mirror_filter` InSpec audit resource to test properties of a single AWS traffic mirror filter. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_traffic_mirror_filter` resource block declares the tests for a single AWS traffic mirror filter. - -```ruby -describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do - it { should exist } -end -``` - -```ruby -describe aws_ec2_traffic_mirror_filter('TRAFFIC_MIRROR_FILTER_ID') do - it { should exist } -end -``` - -## Parameters - -`traffic_mirror_filter_id` _(required)_ - -: The ID of the EC2 traffic mirror. This is in the format of `tmf-` followed by 8 or 17 hexadecimal characters. - This can be passed either as a string or as an `aws_ec2_traffic_mirror_filter_id: 'value'` key-value entry in a hash. - -## Properties - -`traffic_mirror_filter_id` -: The ID of a traffic mirror filter. - -`description` -: The description of a traffic mirror filter. - -`tags` -: A list of hashes with each key-value pair corresponding to a traffic mirror tag, e.g, `[{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}]`. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TrafficMirrorFilter.html) - -## Examples - -**Test that an EC2 traffic mirror should exist.** - -```ruby -describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do - it { should exist } -end -``` - -**Test that an EC2 traffic mirror description is correct.** - -```ruby -describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do - its('description') { should eq "DESCRIPTION_TEXT" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do - it { should_not exist } -end -``` - -### be_available - -Check if the test the entity is available. - -```ruby -describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTrafficMirrorFiltersResult" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_filters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_filters.md deleted file mode 100644 index e5c5c7069c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_filters.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_ec2_traffic_mirror_filters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_traffic_mirror_filters" -identifier = "inspec/resources/aws/aws_ec2_traffic_mirror_filters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_traffic_mirror_filters` InSpec audit resource to test properties of multiple AWS traffic mirror filters. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_traffic_mirror_filters` resource block declares the tests for a set of AWS traffic mirror filters. - -```ruby -describe aws_ec2_traffic_mirror_filters do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`traffic_mirror_filter_ids` -: The ID of a traffic mirror filter. - -`descriptions` -: The description of a traffic mirror filter. - -`tags` -: A list of hashes with each key-value pair corresponding to an traffic mirror filter. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TrafficMirrorFilter.html) - -## Examples - -**Test that an EC2 traffic mirror filter exists.** - -```ruby -describe aws_ec2_traffic_mirror_filters do - it { should exist } -end -``` - -**Test that EC2 traffic mirror filter's description is correct.** - -```ruby -describe aws_ec2_traffic_mirror_filters do - its('descriptions') { should include 'DESCRIPTION_TEXT' } -end -``` - -**Test that an EC2 traffic mirror has the correct tag.** - -```ruby -describe aws_ec2_traffic_mirror_filters do - its('tags') { should include 'TAG' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that an entity exists. - -```ruby -describe aws_ec2_traffic_mirror_filters do - it { should exist } -end -``` - -Use `should_not` to test that an entity does not exist. - -```ruby -describe aws_ec2_traffic_mirror_filters do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTrafficMirrorFiltersResult" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_session.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_session.md deleted file mode 100644 index 21026add89..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_session.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "aws_ec2_traffic_mirror_session Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_traffic_mirror_session" -identifier = "inspec/resources/aws/aws_ec2_traffic_mirror_session Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_traffic_mirror_session` InSpec audit resource to test properties an AWS Traffic Mirror session. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_traffic_mirror_session` resource block declares the tests for a single AWS Traffic Mirror session by session ID. - -```ruby -describe aws_ec2_traffic_mirror_session(traffic_mirror_session_id: 'TRAFFIC_MIRROR_SESSION_ID') do - it { should exist } -end -``` - -## Parameters - -`traffic_mirror_session_id` _(required)_ - -: The ID of the Traffic Mirror session. - -## Properties - -`traffic_mirror_session_id` -: The ID for the Traffic Mirror session. - -`traffic_mirror_target_id` -: The ID of the Traffic Mirror target. - -`traffic_mirror_filter_id` -: The ID of the Traffic Mirror filter. - -`network_interface_id` -: The ID of the Traffic Mirror session's network interface. - -`owner_id` -: The ID of the account that owns the Traffic Mirror session. - -`packet_length` -: The number of bytes in each packet to mirror. - -`virtual_network_id` -: The virtual network ID associated with the Traffic Mirror session. - -`description` -: The description of the Traffic Mirror session. - -`tags` -: The tags assigned to the Traffic Mirror session. - -`session_number` -: The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. - -For additional information, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TrafficMirrorSession.html). - -## Examples - -**Test that a Traffic Mirror session should exist.** - -```ruby -describe aws_ec2_traffic_mirror_session(traffic_mirror_session_id: 'TRAFFIC_MIRROR_SESSION_ID') do - it { should exist } -end -``` - -**Test the packet length of a Traffic Mirror session.** - -```ruby -describe aws_ec2_traffic_mirror_session(traffic_mirror_session_id: 'TRAFFIC_MIRROR_SESSION_ID') do - its('packet_length') { should eq 1 } -end -``` - -**Test that a Traffic Mirror session has the correct ID.** - -```ruby -describe aws_ec2_traffic_mirror_session(traffic_mirror_session_id: 'TRAFFIC_MIRROR_SESSION_ID') do - its('traffic_mirror_session_id') { should eq 'TRAFFIC_MIRROR_SESSION_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_available - -Check if the Traffic Mirror session is available. - -```ruby -describe aws_ec2_traffic_mirror_session(traffic_mirror_session_id: 'TRAFFIC_MIRROR_SESSION_ID') do - it { should be_available } -end -``` - -Use `should_not` to test a Traffic Mirror session that should not exist. - -```ruby -describe aws_ec2_traffic_mirror_session(traffic_mirror_session_id: 'TRAFFIC_MIRROR_SESSION_ID') do - it { should_not be_available } -end -``` - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTrafficMirrorSessionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_sessions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_sessions.md deleted file mode 100644 index 74c9d7a784..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_traffic_mirror_sessions.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_ec2_traffic_mirror_sessions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_traffic_mirror_sessions" -identifier = "inspec/resources/aws/aws_ec2_traffic_mirror_sessions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_traffic_mirror_sessions` InSpec audit resource to test properties of all AWS Traffic Mirror sessions. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ec2_traffic_mirror_sessions` resource block declares the tests for all the AWS Traffic Mirror sessions. - -```ruby -describe aws_ec2_traffic_mirror_sessions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`traffic_mirror_session_ids` -: The ID for the Traffic Mirror session. - -: **Field**: `traffic_mirror_session_id` - -`traffic_mirror_target_ids` -: The ID of the Traffic Mirror target. - -: **Field**: `traffic_mirror_target_id` - -`traffic_mirror_filter_ids` -: The ID of the Traffic Mirror filter. - -: **Field**: `traffic_mirror_filter_id` - -`network_interface_ids` -: The ID of the Traffic Mirror session's network interface. - -: **Field**: `network_interface_id` - -`owner_ids` -: The ID of the account that owns the Traffic Mirror session. - -: **Field**: `owner_id` - -`packet_lengths` -: The number of bytes in each packet to mirror. - -: **Field**: `packet_length` - -`session_numbers` -: The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. - -: **Field**: `session_number` - -`virtual_network_ids` -: The virtual network ID associated with the Traffic Mirror session. - -: **Field**: `virtual_network_id` - -`descriptions` -: The description of the Traffic Mirror session. - -: **Field**: `description` - -`tags` -: The tags assigned to the Traffic Mirror session. - -: **Field**: `tags` - -For additional information, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TrafficMirrorSession.html). - -## Examples - -**Test that an AWS Traffic Mirror session exists.** - - describe aws_ec2_traffic_mirror_sessions do - it { should exist } - end - -**Test that Traffic Mirror target includes a value.** - - describe aws_ec2_traffic_mirror_sessions do - its('traffic_mirror_target_ids') { should include 'TRAFFIC_MIRROR_TARGET_ID' } - end - -**Test the a Traffic Mirror session has a description.** - - describe aws_ec2_traffic_mirror_sessions do - its('description') { should include 'DESCRIPTION_TEXT' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_available - -Check if the Traffic mirror session is available. - - describe aws_ec2_traffic_mirror_sessions do - it { should be_available } - end - -Use `should_not` to test a Traffic mirror session that should not exist. - - describe aws_ec2_traffic_mirror_sessions do - it { should_not be_available } - end - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTrafficMirrorSessionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_attachment.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_attachment.md deleted file mode 100644 index 051bdd7937..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_attachment.md +++ /dev/null @@ -1,144 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_attachment Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_attachment" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_attachment Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_attachment` InSpec audit resource to test properties of a single specific Transit Gateway attachment. - -A Transit Gateway attachment attaches a VPC to a Transit Gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transit Gateway attachments](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -### Ensure that a Transit Gateway attachment ID exists - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id:'tgw-attach-006f2fd0a03d51323') do - it { should exist } -end -``` - -### Ensure that a Transit Gateway attachment ID exists - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'dummy') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_attachment_id` _(required)_ - -## Properties - -`transit_gateway_attachment_id` -: The IDs of the attachments. - -`transit_gateway_id` -: The ID of the Transit Gateway. - -`transit_gateway_owner_id` -: The ID of the AWS account that owns the Transit Gateway. - -`resource_owner_id` -: The ID of the AWS account that owns the resource. - -`resource_type` -: The resource type. Valid values are: `vpc`, `vpn`, `direct-connect-gateway`, `peering`, and `connect`. - -`resource_id` -: The ID of the resource. - -`state` -: The state of the attachment. Valid values are: `available`, `deleted`, `deleting`, `failed`, `failing`, `initiatingRequest`, `modifying`, `pendingAcceptance`, `pending`, `rollingBack`, `rejected`, and `rejecting`. - -`association (transit_gateway_route_table_id)` -: The ID of the route table for the Transit Gateway. - -`association (state)` -: The state of the attachment. Valid values are `associating`, `associated`, `disassociating`, and `disassociated`. - -`creation_time` -: The creation time of the Transit Gateway. - -`tags` -: The tags of the attachments. - -## Examples - -**Ensure a Transit Gateway attachment ID is available.** - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do - its('public_ip') { should eq 'tgw-attach-006f2fd0a03d51323' } -end -``` - -**Ensure that the state is `available` or `deleted`.** - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do - it { should_not exist } -end -``` - -### be_available - -Check if the IP address is available. - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do - it { should be_available } -end -``` - -Use `should_not` to test an IP address that should not exist. - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do - it { should_not be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ec2:DescribeAddresses" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_attachments.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_attachments.md deleted file mode 100644 index 5e8ac2450b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_attachments.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_attachments Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_attachments" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_attachments Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_attachments` InSpec audit resource to test properties of some or all AWS Transit Gateway attachments. - -This resource does not expect any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transit Gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Verify that a Transit Gateway attachment ID exists. - -```ruby -describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id:'tgw-attach-006f2fd0a03d51323') do - it { should exist } -end -``` - -An `aws_ec2_transit_gateway_attachments` resource block uses an optional filter to select a group of Elastic IPs and then test that group. - -## Parameters - -This resource does not require any parameters. - -## Properties - -`transit_gateway_attachment_ids` -: The IDs of the attachments. - -`transit_gateway_ids` -: The ID of the Transit Gateway. - -`transit_gateway_owner_ids` -: The ID of the AWS account that owns the Transit Gateway. - -`resource_owner_ids` -: The ID of the AWS account that owns the resource. - -`resource_types` -: The resource type. Valid values are: `vpc`, `vpn`, `direct-connect-gateway`, `peering`, and `connect`. - -`resource_ids` -: The ID of the resource. - -`states` -: The state of the attachment. Valid values are: `available`, `deleted`, `deleting`, `failed`, `failing`, `initiatingRequest`, `modifying`, `pendingAcceptance`, `pending`, `rollingBack`, `rejected`, and `rejecting`. - -`associations (transit_gateway_route_table_id)` -: The ID of the route table for the Transit Gateway. - -`associations (state)` -: The state of the attachment. Valid values are `associating`, `associated`, `disassociating`, and `disassociated`. - -`creation_times` -: The creation time of the Transit Gateway. - -`tags` -: The tags of the attachments. - -## Examples - -**Ensure a Transit Gateway attachment has transit_gateway_attachment_ids.** - -```ruby -describe aws_ec2_transit_gateway_attachments do - it { should exist } -end -``` - -**Match count of Transit Gateway attachment.** - -```ruby -describe aws_ec2_transit_gateway_attachments do - its('count') { should eq 5 } -end -``` - -**Check State whether it is correct or not.** - -```ruby -describe aws_ec2_transit_gateway_attachments do - its('states') { should include "available" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test the entity exist. - -```ruby -describe aws_ec2_transit_gateway_attachments do - it { should exist } -end -``` - - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ec2_transit_gateway_attachments do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ec2:DescribeVpcEndpoints" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table.md deleted file mode 100644 index df1fe4917d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_route_table Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_route_table" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_route_table Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_route_table` InSpec audit resource to test properties of a single specific Transit Gateway route table association. - -A Transit Gateway route table association associates the specified attachment with the specified Transit Gateway route table. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transit Gateway route table](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetable.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a Transit Gateway route table ID exists. - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_route_table_id` _(required)_ - -: The ID of the Transit Gateway route table. - -## Properties - -`transit_gateway_route_table_id` -: The ID of the Transit Gateway route table. - -`transit_gateway_id` -: The ID of the Transit Gateway. - -`state` -: The state of the route table. Relevant values are: `available`, `deleting`, `deleted`, and `pending`. - -`default_association_route_table` -: Indicates whether this is the default association route table for the Transit Gateway. Default values are `true` and `false`. - -`default_propagation_route_table` -: Indicates whether this is the default propagation route table for the Transit Gateway. Default values are `true` and `false`. - -`creation_time` -: The creation time of the Transit Gateway route table. - -`tags` -: The tags of the Transit Gateway route table. - -## Examples - -**Ensure a Transit Gateway route table ID is available.** - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - its('transit_gateway_route_table_id') { should eq 'tgw-rtb-052d947d91b6bb69f' } -end -``` - -**Ensure that the state is `available` or `deleted`.** - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - it { should_not exist } -end -``` - -### be_available - -Check if the Transit Gateway route table ID is available. - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - it { should be_available } -end -``` - -Use `should_not` to test an Transit Gateway route table ID that should not exist. - -```ruby -describe aws_ec2_transit_gateway_route_table(transit_gateway_route_table_id: 'tgw-rtb-052d947d91b6bb69f') do - it { should_not be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ec2:describe_transit_gateway_route_tables" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_association.md deleted file mode 100644 index c2d389ab5c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_association.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_route_table_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_route_table_association" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_route_table_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_route_table_association` InSpec audit resource to test properties of a single AWS transit gateway route table association. - -A transit gateway route table association associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a transit gateway route table ID exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_route_table_id` _(required)_ - -: For additional information, check out the [AWS documentation on transit gateway route table association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetableassociation.html). - -## Properties - -`transit_gateway_route_table_id` -: The ID of the transit gateway route table. - -`resource_type` -: The resource type. Valid values are: `vpc`, `vpn`, `direct-connect-gateway`, `peering`, and `connect`. - -`resource_id` -: The ID of the resource. - -`state` -: The possible states of the route table are: `available`, `deleting`, `deleted`, and `pending`. - -## Examples - -**Ensure that the transit gateway route table ID is available.** - -```ruby -describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - its('transit_gateway_attachment_id') { should eq ''TRANSIT_GATEWAY_ATTACHMENT_ID'' } -end -``` - -**Ensure that the state is available or deleted.** - -```ruby -describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For the complete list of available matchers, visit [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test whether the entity exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check whether the transit gateway route table ID is available. - -```ruby -describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ec2:client:get_transit_gateway_route_table_associations" %}} - -For addition information, check out the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_associations.md deleted file mode 100644 index 9939f3a27c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_associations.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_route_table_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_route_table_associations" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_route_table_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_route_table_associations` InSpec audit resource to test properties of some or all AWS transit gateway route table associations. - -An AWS transit gateway route table association associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Verify whether a transit gateway route table ID exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_associations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_route_table_id` _(required)_ - -: For addition information, check out the [AWS documentation on transit gateway route table](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetableassociation.html). - -## Properties - -`transit_gateway_route_table_ids` -: The ID of the transit gateway route table. - -`resource_types` -: The resource type. Valid values are: `vpc`, `vpn`, `direct-connect-gateway`, `peering`, and `connect`. - -`resource_ids` -: The ID of the resource. - -`states` -: The possible states of the route table are: `available`, `deleting`, `deleted`, and `pending`. - -## Examples - -**Ensure a transit gateway route table exists.** - -```ruby -describe aws_ec2_transit_gateway_route_table_associations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -**Match count of transit gateway route table.** - -```ruby -describe aws_ec2_transit_gateway_route_table_associations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - its('count') { should eq 5 } -end -``` - -**Check the state of the route table.** - -```ruby -describe aws_ec2_transit_gateway_route_table_associations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - its('states') { should include "available" } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For the complete list of available matchers, visit [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the `describe` returns at least one result. - -Use `should` to test whether the entity exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_associations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_ec2_transit_gateway_route_table_associations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetTransitGatewayRouteTableAssociationsResult" %}} - -For addition information, check out the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_propagation.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_propagation.md deleted file mode 100644 index 86d0b8ac97..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_propagation.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_route_table_propagation Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_route_table_propagation" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_route_table_propagation Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_route_table_propagation` InSpec audit resource to test properties of a propagation route between a Transit Gateway attachment and a Transit Gateway route table. - -The `AWS::EC2::TransitGatewayRouteTablePropagation` resource enables the specified attachment to propagate routes to the specified propagation route table. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayRouteTablePropagation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetablepropagation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a Transit Gateway route table id exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagation(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID', transit_gateway_attachment_id: "TRANSIT_GATEWAY_ATTACHMENT_ID") do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_route_table_id` _(required)_ - -: The ID of the Transit Gateway route table. - -`transit_gateway_attachment_id` _(required)_ - -: The ID of the attachment. - -## Properties - -`transit_gateway_attachment_id` -: The ID of the attachment. - -`resource_id` -: The ID of the resource. - -`resource_type` -: The type of resource. - -`state` -: The state of the resource. - -## Examples - -**Ensure a Transit Gateway attachment ID is available.** - -```ruby -describe aws_ec2_transit_gateway_route_table_propagation(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID', transit_gateway_attachment_id: "TRANSIT_GATEWAY_ATTACHMENT_ID") do - its('transit_gateway_attachment_id') { should eq 'TRANSIT_GATEWAY_ROUTE_TABLE_ID' } -end -``` - -**Ensure that the state is `enabled`.** - -```ruby -describe aws_ec2_transit_gateway_route_table_propagation(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID', transit_gateway_attachment_id: "TRANSIT_GATEWAY_ATTACHMENT_ID") do - its('state') { should eq 'enabled' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagation(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID', transit_gateway_attachment_id: "TRANSIT_GATEWAY_ATTACHMENT_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagation(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagation(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID', transit_gateway_attachment_id: "TRANSIT_GATEWAY_ATTACHMENT_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetTransitGatewayRouteTablePropagationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_propagations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_propagations.md deleted file mode 100644 index e8bfbaebd2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_table_propagations.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_route_table_propagations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_route_table_propagations" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_route_table_propagations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_route_table_propagations` InSpec audit resource to test properties of multiple propagation routes between Transit Gateway attachments and a Transit Gateway route table. - -The `AWS::EC2::TransitGatewayRouteTablePropagation` resource enables the specified attachment to propagate routes to the specified propagation route table. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayRouteTablePropagation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetablepropagation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a Transit Gateway route table id exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_route_table_id` _(required)_ - -: The ID of the Transit Gateway route table. - -## Properties - -`transit_gateway_attachment_ids` -: A list of the attachment IDs. - -: **Field**: `transit_gateway_attachment_id` - -`resource_ids` -: A list of the resource IDs. - -: **Field**: `resource_id` - -`resource_types` -: A list of the resource types. - -: **Field**: `resource_type` - -`states` -: A list of the resource states. - -: **Field**: `state` - -## Examples - -**Ensure that a Transit Gateway attachment ID is available.** - -```ruby -describe aws_ec2_transit_gateway_route_table_propagations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - its('transit_gateway_attachment_ids') { should include 'TRANSIT_GATEWAY_ROUTE_TABLE_ID' } -end -``` - -**Ensure that a propagation route is `enabled`.** - -```ruby -describe aws_ec2_transit_gateway_route_table_propagations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - its('states') { should include 'enabled' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that an entity exists. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should exist } -end -``` - -Use `should_not` to test an entity does not exist. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if an entity is available. - -```ruby -describe aws_ec2_transit_gateway_route_table_propagations(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetTransitGatewayRouteTablePropagationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_tables.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_tables.md deleted file mode 100644 index 566d7a53a4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_transit_gateway_route_tables.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_ec2_transit_gateway_route_tables Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_transit_gateway_route_tables" -identifier = "inspec/resources/aws/aws_ec2_transit_gateway_route_tables Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_transit_gateway_route_tables` InSpec audit resource to test properties of some or all Transit Gateway route tables. - -This resource does not expect any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transit Gateway route tables](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetable.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Verify that a Transit Gateway route table ID exists. - -```ruby -describe aws_ec2_transit_gateway_route_tables do - it { should exist } -end -``` - -An `aws_ec2_transit_gateway_route_tables` resource block uses an optional filter to select a group of Elastic IPs and then test that group. - -## Parameters - -This resource does not require any parameters. - -## Properties - -`transit_gateway_route_table_ids` -: The ID of the Transit Gateway route table. - -`transit_gateway_ids` -: The ID of the Transit Gateway. - -`states` -: The state of the route table. Relevant values are: `available`, `deleting`, `deleted`, and `pending`. - -`default_association_route_tables` -: Indicates whether this is the default association route table for the Transit Gateway. Default values are `true` and `false`. - -`default_propagation_route_tables` -: Indicates whether this is the default propagation route table for the Transit Gateway. Default values are `true` and `false`. - -`creation_times` -: The creation time of the Transit Gateway route table. - -`tags` -: The tags of the Transit Gateway route table. - -## Examples - -**Ensure a Transit Gateway route table has route table ID.** - -```ruby -describe aws_ec2_transit_gateway_route_tables do - it { should exist } -end -``` - -**Match count of Transit Gateway route table.** - -```ruby -describe aws_ec2_transit_gateway_route_tables do - its('count') { should eq 5 } -end -``` - -**Check State whether it is available or not.** - -```ruby -describe aws_ec2_transit_gateway_route_tables do - its('states') { should include "available" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_ec2_transit_gateway_route_tables do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_ec2_transit_gateway_route_tables do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayRouteTablesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_volume_attachment.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_volume_attachment.md deleted file mode 100644 index 2ddd9a77ca..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_volume_attachment.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_ec2_volume_attachment Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_volume_attachment" -identifier = "inspec/resources/aws/aws_ec2_volume_attachment Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_volume_attachment` InSpec audit resource to test properties of a single specific AWS EC2 volume attachment. - -The `AWS::EC2::VolumeAttachment` resource attaches an Amazon EBS volume to a running instance and exposes it to the instance with the specified device name. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Volume Attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that volume attachment exists. - -```ruby -describe aws_ec2_volume_attachment(volume_id: 'VOLUME_ID') do - it { should exist } -end -``` - -## Parameters - -`volume_id` _(required)_ - -: The volume ID. - -## Properties - -`attach_time` -: The time stamp when the attachment initiated. - -`device` -: The device name. - -`instance_id` -: The ID of the instance. - -`state` -: The attachment state of the volume. - -`volume_id` -: The ID of the volume. - -`delete_on_termination` -: Indicates whether the EBS volume is deleted on instance termination. - -## Examples - -**Ensure a device is available.** - -```ruby -describe aws_ec2_volume_attachment(volume_id: 'VOLUME_ID') do - its('device') { should eq '/dev/sdf' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_volume_attachment(volume_id: 'VOLUME_ID') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_volume_attachment(volume_id: 'VOLUME_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_volume_attachment(volume_id: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_volume_attachment(volume_id: 'VOLUME_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVolumesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_volume_attachments.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_volume_attachments.md deleted file mode 100644 index 38922685f8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_volume_attachments.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_ec2_volume_attachments Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_volume_attachments" -identifier = "inspec/resources/aws/aws_ec2_volume_attachments Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_volume_attachments` InSpec audit resource to test properties of multiple AWS EC2 volume attachments. - -The `AWS::EC2::VolumeAttachment` resource attaches an Amazon EBS volume to a running instance and exposes it to the instance with the specified device name. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 Volume Attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that volume attachment exists. - -```ruby -describe aws_ec2_volume_attachments do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`attach_times` -: The time stamp when the attachment initiated. - -: **Field**: `attach_time` - -`devices` -: The device name. - -: **Field**: `device` - -`instance_ids` -: The ID of the instance. - -: **Field**: `instance_id` - -`states` -: The attachment state of the volume. - -: **Field**: `state` - -`volume_ids` -: The ID of the volume. - -: **Field**: `volume_id` - -`delete_on_terminations` -: Indicates whether the EBS volume is deleted on instance termination. - -: **Field**: `delete_on_termination` - -## Examples - -**Ensure a device is available.** - -```ruby -describe aws_ec2_volume_attachments do - its('devices') { should include '/dev/sdf' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_ec2_volume_attachments do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_volume_attachments do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_volume_attachments do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVolumesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpc_peering_connection.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpc_peering_connection.md deleted file mode 100644 index 1916d9fd33..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpc_peering_connection.md +++ /dev/null @@ -1,230 +0,0 @@ -+++ -title = "aws_ec2_vpc_peering_connection Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_vpc_peering_connection" -identifier = "inspec/resources/aws/aws_ec2_vpc_peering_connection Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_vpc_peering_connection` InSpec audit resource to test properties of a single specific AWS EC2 VPC Peering Connection. - -The AWS::EC2::VPCPeeringConnection resource requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 VPC Peering Connection.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcpeeringconnection.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that VPC Peering Connection ID exists. - -```ruby -describe aws_ec2_vpc_peering_connection(vpc_peering_connection_id: 'VPCPeeringConnectionID') do - it { should exist } -end -``` - -## Parameters - -`vpc_peering_connection_id` _(required)_ - -: The ID of the VPC peering connection. - -## Properties - -`accepter_vpc_info.cidr_block` -: The IPv4 CIDR block for the VPC. - -: **Field**: `accepter_vpc_info.cidr_block` - -`accepter_vpc_info.ipv_6_cidr_block_set` -: The IPv6 CIDR block for the VPC. - -: **Field**: `accepter_vpc_info.ipv_6_cidr_block_set` - -`accepter_vpc_info.ipv_6_cidr_block_set.first.ipv_6_cidr_block` -: The IPv6 CIDR block. - -: **Field**: `accepter_vpc_info.ipv_6_cidr_block_set[0].ipv_6_cidr_block` - -`accepter_vpc_info.cidr_block_set` -: The IPv4 CIDR block for the VPC. - -: **Field**: `accepter_vpc_info.cidr_block_set` - -`accepter_vpc_info.cidr_block_set.first.cidr_block` -: The IPv4 CIDR block. - -: **Field**: `accepter_vpc_info.cidr_block_set[0].cidr_block` - -`accepter_vpc_info.owner_id` -: The ID of the Amazon Web Services account that owns the VPC. - -: **Field**: `accepter_vpc_info.owner_id` - -`accepter_vpc_info.peering_options.allow_dns_resolution_from_remote_vpc` -: Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. - -: **Field**: `accepter_vpc_info.peering_options.allow_dns_resolution_from_remote_vpc` - -`accepter_vpc_info.peering_options.allow_egress_from_local_classic_link_to_remote_vpc` -: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. - -: **Field**: `accepter_vpc_info.peering_options.allow_egress_from_local_classic_link_to_remote_vpc` - -`accepter_vpc_info.peering_options.allow_egress_from_local_vpc_to_remote_classic_link` -: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. - -: **Field**: `accepter_vpc_info.peering_options.allow_egress_from_local_vpc_to_remote_classic_link` - -`accepter_vpc_info.vpc_id` -: The ID of the VPC. - -: **Field**: `accepter_vpc_info.vpc_id` - -`accepter_vpc_info.region` -: The Region in which the VPC is located. - -: **Field**: `accepter_vpc_info.region` - -`expiration_time` -: The time that an unaccepted VPC peering connection will expire. - -: **Field**: `expiration_time` - -`requester_vpc_info.cidr_block` -: The IPv4 CIDR block for the VPC. - -: **Field**: `requester_vpc_info.cidr_block` - -`requester_vpc_info.ipv_6_cidr_block_set` -: The IPv6 CIDR block for the VPC. - -: **Field**: `requester_vpc_info.ipv_6_cidr_block_set` - -`requester_vpc_info.ipv_6_cidr_block_set.first.ipv_6_cidr_block` -: The IPv6 CIDR block. - -: **Field**: `requester_vpc_info.ipv_6_cidr_block_set[0].ipv_6_cidr_block` - -`requester_vpc_info.cidr_block_set` -: The IPv4 CIDR block for the VPC. - -: **Field**: `requester_vpc_info.cidr_block_set` - -`requester_vpc_info.cidr_block_set.first.cidr_block` -: The IPv4 CIDR block. - -: **Field**: `requester_vpc_info.cidr_block_set[0].cidr_block` - -`requester_vpc_info.owner_id` -: The ID of the Amazon Web Services account that owns the VPC. - -: **Field**: `requester_vpc_info.owner_id` - -`requester_vpc_info.peering_options.allow_dns_resolution_from_remote_vpc` -: Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. - -: **Field**: `requester_vpc_info.peering_options.allow_dns_resolution_from_remote_vpc` - -`requester_vpc_info.peering_options.allow_egress_from_local_classic_link_to_remote_vpc` -: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. - -: **Field**: `requester_vpc_info.peering_options.allow_egress_from_local_classic_link_to_remote_vpc` - -`requester_vpc_info.peering_options.allow_egress_from_local_vpc_to_remote_classic_link` -: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. - -: **Field**: `requester_vpc_info.peering_options.allow_egress_from_local_vpc_to_remote_classic_link` - -`requester_vpc_info.vpc_id` -: The ID of the VPC. - -: **Field**: `requester_vpc_info.vpc_id` - -`requester_vpc_info.region` -: The Region in which the VPC is located. - -: **Field**: `requester_vpc_info.region` - -`status.code` -: The status of the VPC peering connection. - -: **Field**: `status.code` - -`status.message` -: A message that provides more information about the status, if applicable. - -: **Field**: `status.message` - -`tags` -: Any tags assigned to the resource. - -: **Field**: `tags` - -`vpc_peering_connection_id` -: The ID of the VPC peering connection. - -: **Field**: `vpc_peering_connection_id` - -## Examples - -**Ensure a VPC Peering Connection ID is available.** - -```ruby -describe aws_ec2_vpc_peering_connection(vpc_peering_connection_id: 'VPCPeeringConnectionID') do - its('vpc_peering_connection_id') { should eq 'VPCPeeringConnectionID' } -end -``` - -**Ensure that the status is `available`.** - -```ruby -describe aws_ec2_vpc_peering_connection(vpc_peering_connection_id: 'VPCPeeringConnectionID') do - its('status.code') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_vpc_peering_connection(vpc_peering_connection_id: 'VPCPeeringConnectionID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_vpc_peering_connection(vpc_peering_connection_id: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_vpc_peering_connection(vpc_peering_connection_id: 'VPCPeeringConnectionID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcPeeringConnectionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpc_peering_connections.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpc_peering_connections.md deleted file mode 100644 index d246e0257c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpc_peering_connections.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_ec2_vpc_peering_connections Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_vpc_peering_connections" -identifier = "inspec/resources/aws/aws_ec2_vpc_peering_connections Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_vpc_peering_connections` InSpec audit resource to test properties of a plural AWS EC2 Network Interface Attachment. - -The AWS::EC2::VPCPeeringConnection resource requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 VPC Peering Connection.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcpeeringconnection.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that VPC Peering Connection ID exists. - -```ruby -describe aws_ec2_vpc_peering_connections do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`accepter_vpc_infos` -: Information about the accepter VPC. CIDR block information is only returned when describing an active VPC peering connection. - -: **Field**: `accepter_vpc_info` - -`expiration_times` -: The time that an unaccepted VPC peering connection will expire. - -: **Field**: `expiration_time` - -`requester_vpc_infos` -: Information about the requester VPC. CIDR block information is only returned when describing an active VPC peering connection. - -: **Field**: `requester_vpc_info` - -`statuses` -: The status of the VPC peering connection. - -: **Field**: `status` - -`tags` -: Any tags assigned to the resource. - -: **Field**: `tags` - -`vpc_peering_connection_ids` -: The ID of the VPC peering connection. - -: **Field**: `vpc_peering_connection_id` - -## Examples - -**Ensure a VPC Peering Connection ID is available.** - -```ruby -describe aws_ec2_vpc_peering_connections do - its('vpc_peering_connection_ids') { should include 'VPCPeeringConnectionID' } -end -``` - -**Ensure that the status is `available`.** - -```ruby -describe aws_ec2_vpc_peering_connections do - its('statuses') { should_not be_empty } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_vpc_peering_connections do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_vpc_peering_connections do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcPeeringConnectionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_connection_routes.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_connection_routes.md deleted file mode 100644 index fde726812e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_connection_routes.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_ec2_vpn_connection_routes Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_vpn_connection_routes" -identifier = "inspec/resources/aws/aws_ec2_vpn_connection_routes Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_vpn_connection_routes` InSpec audit resource to test properties of multiple AWS EC2 VPN connection routes. - -The `AWS::EC2::VPNConnectionRoute` resource specifies a static route for a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 VPN Connection Route.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that VPN Connection ID exists. - -```ruby -describe aws_ec2_vpn_connection_routes(vpn_connection_id: 'VPN_CONNECTION_ID') do - it { should exist } -end -``` - -## Parameters - -`vpn_connection_id` _(required)_ - -: The ID of the VPN Connection. - -## Properties - -`destination_cidr_blocks` -: The CIDR block associated with the local subnet of the customer data center. - -: **Field**: `destination_cidr_block` - -`sources` -: Indicates how the routes were provided. - -: **Field**: `source` - -`states` -: The current state of the static route. - -: **Field**: `state` - -## Examples - -**Ensure a destination CIDR block is available.** - -```ruby -describe aws_ec2_vpn_connection_routes(vpn_connection_id: 'VPN_CONNECTION_ID') do - its('destination_cidr_blocks') { should eq [['CIDR_BLOCK']] } -end -``` - -**Ensure that a VPN connection route is `available`.** - -```ruby -describe aws_ec2_vpn_connection_routes(vpn_connection_id: 'VPN_CONNECTION_ID') do - its('states') { should eq [['available']] } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_vpn_connection_routes(vpn_connection_id: 'VPN_CONNECTION_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_vpn_connection_routes(vpn_connection_id: 'VPN_CONNECTION_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpnConnectionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_gateway_route_propagation.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_gateway_route_propagation.md deleted file mode 100644 index 8483b0a235..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_gateway_route_propagation.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_ec2_vpn_gateway_route_propagation Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_vpn_gateway_route_propagation" -identifier = "inspec/resources/aws/aws_ec2_vpn_gateway_route_propagation Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_vpn_gateway_route_propagation` InSpec audit resource to test if a virtual private gateway can propagate routes to a single AWS EC2 route table. - -The `AWS::EC2::TransitGatewayRouteTablePropagation` resource enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 VPNGatewayRoutePropagation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-gatewayrouteprop.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a route table ID exists. - -```ruby -describe aws_ec2_vpn_gateway_route_propagation(route_table_id: 'ROUTE_TABLE_ID') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_route_table_id` _(required)_ - -: The ID of the route table. - -## Properties - -`vpn_gateway_id` -: The ID of the virtual private gateway. - -`route_table_id` -: The ID of the route table. - -## Examples - -**Ensure a VPN gateway ID is available.** - -```ruby -describe aws_ec2_vpn_gateway_route_propagation(route_table_id: 'ROUTE_TABLE_ID') do - its('vpn_gateway_id') { should eq 'VPN_GATEWAY_ID' } -end -``` - -**Ensure a route table ID is available.** - -```ruby -describe aws_ec2_vpn_gateway_route_propagation(route_table_id: 'ROUTE_TABLE_ID') do - its('route_table_id') { should eq 'ROUTE_TABLE_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_vpn_gateway_route_propagation(route_table_id: 'ROUTE_TABLE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_vpn_gateway_route_propagation(route_table_id: 'ROUTE_TABLE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_vpn_gateway_route_propagation(route_table_id: 'ROUTE_TABLE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeRouteTablesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_gateway_route_propagations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_gateway_route_propagations.md deleted file mode 100644 index 3f469a92bf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ec2_vpn_gateway_route_propagations.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "aws_ec2_vpn_gateway_route_propagations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ec2_vpn_gateway_route_propagations" -identifier = "inspec/resources/aws/aws_ec2_vpn_gateway_route_propagations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ec2_vpn_gateway_route_propagations` InSpec audit resource to test if virtual private gateways can propagate routes to multiple AWS EC2 route tables. - -The `AWS::EC2::VPNGatewayRoutePropagation` resource enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 VPNGatewayRoutePropagation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-gatewayrouteprop.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a route table exists. - -```ruby -describe aws_ec2_vpn_gateway_route_propagations do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`route_table_ids` -: The ID of the route table. - -: **Field**: `route_table_id` - -`propagating_vgws_gateway_ids` -: The ID of the virtual private gateway. - -: **Field**: `propagating_vgws_gateway_ids` - -## Examples - -**Ensure a VPN gateway ID is available.** - -```ruby -describe aws_ec2_vpn_gateway_route_propagations do - its('propagating_vgws_gateway_ids') { should include 'VPN_GATEWAY_ID' } -end -``` - -**Ensure a route table ID is available.** - -```ruby -describe aws_ec2_vpn_gateway_route_propagations do - its('route_table_ids') { should include 'ROUTE_TABLE_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ec2_vpn_gateway_route_propagations do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ec2_vpn_gateway_route_propagations do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ec2_vpn_gateway_route_propagations do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeRouteTablesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr.md deleted file mode 100644 index eee83404eb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_ecr Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecr" -identifier = "inspec/resources/aws/aws_ecr Resource" -parent = "inspec/resources/aws" -+++ - -> WARNING: **This resource is deprecated. Please use one of the following resources instead.** - -- `aws_ecr_image` -- `aws_ecr_images` -- `aws_ecr_repository` -- `aws_ecr_repositories` - -Use the `aws_ecr` InSpec audit resource to test properties of a single AWS Elastic Container Registry. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecr` resource block declares the tests for a single AWS ECR by repository name. - -```ruby -describe aws_ecr(repository_name: aws_ecr_name) do - it { should exist } - its ('repository_name') { should eq aws_ecr_name } -end -``` - -## Parameters - -The ECR repository_name must be provided. - -`repository_name` _(required)_ - -: The name of the repository - This can be passed either as a string or as an `repository_name: 'value'` key-value entry in a hash. - - -## Properties - -`registry_id` -: The AWS account ID associated with the registry. - -`repository_arn` -: The Amazon Resource Name of the repository. - -`repository_name` -: The name of the repository. - -`repository_uri` -: The uri of the repository. - -`image_tags` -: The tags associated with the image. - -`image_digest` -: A sha256 hash of the image. - -`image_size_in_bytes` -: The size of the image in bytes. - -`image_pushed_at` -: The datetime as a string when the image was uploaded. 'yyyy-mm-dd hh:mm:ss tz'. - -`image_uploaded_date` -: The date as a string when the image was uploaded. 'yyyy-mm-dd'. - -## Examples - -**Test that an ECR has the correct image properties.** - -```ruby -describe aws_ecr(repository_name: aws_ecr_name).images do - its ('image_tags') { should include 'latest'} - its ('image_digest') { should eq 'sha256:6dce4a9c1635c4c9b6a2b645e6613fa0238182fe13929808ee2258370d0f3497'} - its ('image_size_in_bytes') { should eq 764234} - its ('image_uploaded_date') { should eq '2019-06-11'} - its ('image_pushed_at') { should eq '2019-06-11 15:08:29 +0100'} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -it { should_not exist } -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ECR:Client:DescribeRepositoriesResponse` and `ECR:Client:DescribeImagesResponse` actions set to allow.. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticcontainerregistry.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_image.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_image.md deleted file mode 100644 index 11ed419322..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_image.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_ecr_image Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecr_image" -identifier = "inspec/resources/aws/aws_ecr_image Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecr_image` InSpec audit resource to test the properties of a single image in an AWS Elastic Container Registry (ECR) repository. -This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecr_image` resource block declares the tests for a single image in an AWS ECR repository by repository name and image identifier. - -```ruby -describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do - it { should exist } -end -``` - -## Parameters - -The repository name and the image identifier (either `image_tag` or `image_digest`) must be provided. The ID of the registry is optional. - -`repository_name` _(required)_ - -: The name of the ECR repository must satisfy the following constraints: - - Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`. - - Minimum 2 and maximum of 256 characters long. - -`image_tag` _(required if `image_digest` not provided)_ - -: The tag used for the image. It can not be longer than 300 characters. - -`image_digest` _(required if `image_tag` not provided)_ - -: The `sha256` digest of the image manifest. It must satisfy this regex pattern: `[a-zA-Z0-9-_+.]+:[a-fA-F0-9]+`. - -`registry_id` _(optional)_ - -: The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed. - -## Properties - -`repository_name` -: The name of the repository. - -`registry_id` -: The AWS account ID associated with the registry that contains the repository. - -`tags` -: The list of tags associated with this image. - -`vulnerability_severity_counts` -: The image vulnerability counts, sorted by severity, e.g. `{:high=>1}`. - -`vulnerabilities` -: A list of hashes with each key-value pair corresponding to an image [scan findings](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ImageScanFinding.html). E.g. `{:name=>"CVE-2019-14697", :uri=>"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697", :severity=>"HIGH", :package_version=>"1.1.18-r3", :package_name=>"musl", :CVSS2_VECTOR=>"AV:N/AC:L/Au:N/C:P/I:P/A:P", :CVSS2_SCORE=>"7.5"}`. - -`cve_ids` -: The list of [CVE IDs](https://cve.mitre.org/cve/identifiers/) of the vulnerabilities in the image. - -`highest_vulnerability_severity` -: The [CVSS v2](https://www.first.org/cvss/v2/guide) score of the most severe vulnerability in the image. - - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ImageDetail.html) - -## Examples - -**Test the scan status of an image.** - -```ruby -describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do - its('image_scan_status.status') { should eq 'COMPLETE' } -end -``` - -**Test that an image has a certain tag.** - -```ruby -describe aws_ecr_image(repository_name: 'my-repo', image_digest: 'sha256:687fba9b76554c8dea4c40fed4144011f29b8e1d5db5f2fc976c64ed31894967') do - its('tags') { should include('latest') } -end -``` - -**Test that an image does not contain the [Heartbleed](https://heartbleed.com/) vulnerability.** - -```ruby -describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do - its('cve_ids') { should_not include('CVE-2014-0160') } -end -``` - -**Test that an image does not contain a vulnerability more severe than CVSS v2 score 8.** - -```ruby -describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do - its('highest_vulnerability_severity') { should be <= 8 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do - it { should exist } -end -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ECR:Client:DescribeImagesResponse` and `ECR:Client:DescribeImageScanFindingsResponse` actions set to allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_images.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_images.md deleted file mode 100644 index 15b1581479..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_images.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "aws_ecr_images Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecr_images" -identifier = "inspec/resources/aws/aws_ecr_images Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecr_images` InSpec audit resource to test the properties of all images in an AWS Elastic Container Registry (ECR) repository. -This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecr_images` resource block declares the tests for all images in an AWS ECR repository by the repository name. - -```ruby -describe aws_ecr_images(repository_name: 'my-repo') do - it { should exist } -end -``` - -## Parameters - -The repository name must be provided. The ID of the registry is optional. - -`repository_name` _(required)_ - -: The name of the ECR repository must satisfy the following constraints: - - Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`. - - Minimum 2 and maximum of 256 characters long. - -`registry_id` _(optional)_ - -: The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed. - -## Properties - -`digests` -: The sha256 digest of the image manifest. - -: **Field**: `digest` - -`size_in_bytes` -: The size, in bytes, of the image in the repository. - -: **Field**: `digest` - -`tags` -: The list of tags associated with an image. - -: **Field**: `tags` - -`vulnerability_severity_counts` -: The image vulnerability counts, sorted by severity. - -: **Field**: `tags` - -`vulnerability_scan_status` -: The current state of the scan. It returns an [image scan status object](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ImageScanStatus.html). - -: **Field**: `tags` - -`pushed_at_dates` -: The date and time at which an image was pushed to the repository. - -: **Field**: `pushed_at_date` - -## Examples - -**Ensure that there are exactly 3 images.** - -```ruby -describe aws_ecr_images(repository_name: 'my-repo') do - its('count') { should cmp 3 } -end -``` - -**Use this InSpec resource to request the digests of all images, then test in-depth using `aws_ecr_image`.** - -```ruby -aws_ecr_images(repository_name: 'my-repo').digests.each do |image_digest| - describe aws_ecr_image(repository_name: 'my-repo', image_digest: image_digest) do - its('tags') { should include('latest') } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ecr_images(repository_name: 'my-repo').where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ecr_images(repository_name: 'my-repo').where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECR:Client:DescribeImagesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repositories.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repositories.md deleted file mode 100644 index 6acd29c1c2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repositories.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_ecr_repositories Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecr_repositories" -identifier = "inspec/resources/aws/aws_ecr_repositories Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecr_repositories` InSpec audit resource to test the properties of all repositories in an AWS Elastic Container Registry (ECR). -This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecr_repositories` resource block declares the tests for all AWS ECR repositories in the default registry unless the registry ID is provided. - -```ruby -describe aws_ecr_repositories do - it { should exist } -end -``` - -Repositories in a non-default registry can be tested by supplying the registry ID if the AWS user has necessary permissions on it. - -```ruby -describe aws_ecr_repositories(registry_id: '123456789012') do - it { should exist } -end -``` - -## Parameters - -The registry id is optional. - -`registry_id` _(optional)_ - -: The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed. - -## Properties - -`arns` -: The Amazon Resource Name (ARN) that identifies the repository. - -`names` -: The name of the repository. - -`uris` -: The URI for the repository. - -`created_at_dates` -: The date and time, in JavaScript date format, when the repository was created. - -`image_tag_mutability_status` -: The tag mutability setting for the repository. - -`image_scanning_on_push_status` -: The setting that determines whether images are scanned after being pushed to a repository. - -## Examples - -**Ensure that there are exactly 3 repositories in the default registry.** - -```ruby -describe aws_ecr_repositories do - its("count") { should cmp 3 } -end -``` - -**Use this InSpec resource to request the names of all repositories, then test in-depth using `aws_ecr_repository`.** - -```ruby -aws_ecr_repositories.names.each do |repository_name| - describe aws_ecr_repository(repository_name) do - its('image_tag_mutability') { should eq 'MUTABLE' } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ecr_repositories.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ecr_repositories.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECR:Client:DescribeRepositoriesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repository.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repository.md deleted file mode 100644 index 2f063da118..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repository.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "aws_ecr_repository Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecr_repository" -identifier = "inspec/resources/aws/aws_ecr_repository Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecr_repository` InSpec audit resource to test the properties of a single AWS Elastic Container Registry (ECR) repository. -This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecr_repository` resource block declares the tests for a single AWS ECR repository by repository name. - -```ruby -describe aws_ecr_repository(repository_name: 'my-repo') do - it { should exist } -end -``` - -The value of the `repository_name` can be provided as a string. - -```ruby -describe aws_ecr_repository('my-repo') do - it { should exist } -end -``` - -## Parameters - -The repository name must be provided. The registry id is optional. - -`repository_name` _(required)_ - -: The name of the ECR repository must satisfy the following constraints: - - Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`. - - Minimum 2 and maximum of 256 characters long. - -: This can be passed either as a string or as a `repository_name: 'value'` key-value entry in a hash. - -`registry_id` _(optional)_ - -: The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed. - -## Properties - -`repository_name` -: The name of the repository. - -`image_tag_mutability` -: The tag mutability settings for the repository. Valid values are `MUTABLE` or `IMMUTABLE`. - -`registry_id` -: The AWS account ID associated with the registry that contains the repository. - -`tags` -: An hash with each key-value pair corresponding to a tag associated with the entity. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html) - -## Examples - -**Test that image tags are `IMMUTABLE` in an ECR repository.** - -```ruby -describe aws_ecr_repository('my-repo') do - its('image_tag_mutability') { should eq 'IMMUTABLE' } -end -``` - -**Test that images are scanned for vulnerabilities at a push to repository.** - -```ruby -describe aws_ecr_repository(repository_name: 'my-repo') do - its('image_scanning_configuration.scan_on_push') { should eq true} -end -``` - -**Test that an ECR repository has a certain tag.** - -```ruby -describe aws_ecr_repository('my-repo') do - its('tags') { should include('environment' => 'dev') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_ecr_repository(repository_name: 'my-repo') do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECR:Client:DescribeRepositoriesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repository_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repository_policy.md deleted file mode 100644 index 1737dcd446..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecr_repository_policy.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_ecr_repository_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecr_repository_policy" -identifier = "inspec/resources/aws/aws_ecr_repository_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecr_repository_policy` InSpec audit resource to test the policy configured for a single AWS Elastic Container Registry (ECR) repository. - -New in InSpec AWS resource pack [1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecr_repository_policy` resource block declares the tests for a single AWS ECR repository by repository name. - -```ruby -describe aws_ecr_repository_policy(repository_name: 'my-repo') do - it { should exist } -end -``` - -The value of the `repository_name` can be provided as a string. - -```ruby -describe aws_ecr_repository_policy('my-repo') do - it { should exist } -end -``` - -## Parameters - -The repository name must be provided. - -`repository_name` _(required)_ - -: The name of the ECR repository must satisfy the following constraints: - - Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`. - - Minimum 2 and maximum of 256 characters long. - -: This can be passed either as a string or as a `repository_name: 'value'` key-value entry in a hash. - -`have_statement` - -: The `have_statement` examines the list of statements contained in the policy and passes if at least one of the statements matches. - This matcher does _not_ interpret the policy in a request authorization context as AWS does when a request is processed. Rather, the `have_statement` examines the literal contents of the IAM policy and reports on what is present (or absent, when used with `should_not`). - -: **Criteria** - -: The `have_statement` accepts the following criteria to search for matching statements. A test is successful if any statement matches all the criteria. Criteria can be formatted in title case or lowercase, and as a string or symbol. - -: `Action` - : Expresses the requested operation. Acceptable literal values are any AWS operation name, including the '\*' wildcard character. - `Action` may also use a list of AWS operation names. - -: `Effect` - : Expresses if the operation is permitted. Acceptable values are `'Deny'` and `'Allow'`. - -: `Sid` - : A user-provided string identifier for the statement. - -: `Principal` - : Expresses the operation's target. Acceptable values are Amazon Resource Names (ARNs), including the '\*' wildcard. - `Principal` may also use a list of ARN values. - -: Please note the following about the behavior of the `have_statement`: - -: - The `Action`, `Sid`, and `Resource` criteria will allow a regular expression instead of a string literal. - - The `have_statement` does not support wildcard expansion; to check for a wildcard value, check for it explicitly. For example, if the policy includes a statement with `"Action": "s3:*"` and the test checks for `Action: "s3:PutObject"`, the test _will not match_. You must write an additional test checking for the wildcard case. - - The `have_statement` supports searching for list values. For example, if a statement contains a list of three resources and a `have_statement` test specifies _one_ of those resources, it will match. - -## Examples - -```ruby -describe aws_ecr_repository_policy('repo_name') do - it { should exist } - it { should have_statement(Action: "ecr:GetDownloadUrlForLayer", Effect: "Allow", Principal: "*", Sid: "new policy")} - it { should_not have_statement(Action: /^rds:.+$/)} -end -``` - -Symbols, title case, and lowercase are all allowed as criteria. -The following four statements will return the same results: - -```ruby -describe aws_ecr_repository_policy('repo_name') do - it { should_not have_statement('Effect' => 'Allow', 'Principal' => '*', 'Action' => '*')} - it { should_not have_statement('effect' => 'Allow', 'Principal' => '*', 'action' => '*')} - it { should_not have_statement(Effect: 'Allow', Principal: '*', Action: '*')} - it { should_not have_statement(effect: 'Allow', Principal: '*', action: '*')} -end -``` - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECR:Client:GetRepositoryPolicyResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecrpublic_repositories.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecrpublic_repositories.md deleted file mode 100644 index 00a8c3eeae..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecrpublic_repositories.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "aws_ecrpublic_repositories Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecrpublic_repositories" -identifier = "inspec/resources/aws/aws_ecrpublic_repositories Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecrpublic_repositories` InSpec audit resource to test the properties of all public repositories in an AWS Elastic Container Registry (ECR). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecrpublic_repositories` resource block declares the tests for all AWS ECR repositories in the default registry unless the registry ID is provided. - -```ruby -describe aws_ecrpublic_repositories do - it { should exist } -end -``` - -Repositories in a non-default registry can be tested by supplying the registry ID if the AWS user has necessary permissions on it. - -```ruby -describe aws_ecrpublic_repositories(registry_id: '123456789012') do - it { should exist } -end -``` - -## Parameters - -The registry id is optional. - -`registry_id` _(optional)_ - -: The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_DescribeRepositories.html) registry is assumed. - -## Properties - -`arns` -: The Amazon Resource Name (ARN) that identifies the repository. - -`names` -: The name of the repository. - -`uris` -: The URI for the repository. - -`created_at_dates` -: The date and time, in JavaScript date format, when the repository was created. - -## Examples - -**Ensure that there are exactly four public repositories in the default registry.** - -```ruby -describe aws_ecrpublic_repositories do - its("count") { should cmp 4 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the `describe` method returns at least one result. - -```ruby -describe aws_ecrpublic_repositories.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test for entities that should not exist. - -```ruby -describe aws_ecrpublic_repositories.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECRPublic:Client:DescribeRepositoriesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR Public](https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_Repository.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecrpublic_repository.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecrpublic_repository.md deleted file mode 100644 index 34c21b651f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecrpublic_repository.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "aws_ecrpublic_repository Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecrpublic_repository" -identifier = "inspec/resources/aws/aws_ecrpublic_repository Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecrpublic_repository` InSpec audit resource to test the properties of a single AWS Elastic Container Registry (ECR) public repository. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecrpublic_repository` resource block declares the tests for a single AWS ECR repository by repository name. - -```ruby -describe aws_ecrpublic_repository(repository_name: 'my-repo') do - it { should exist } -end -``` - -The value of the `repository_name` can be provided as a string. - -```ruby -describe aws_ecrpublic_repository('my-repo') do - it { should exist } -end -``` - -## Parameters - -The repository name must be provided. The registry id is optional. - -`repository_name` _(required)_ - -: The name of the ECR repository must satisfy the following constraints: - -: - It must match the following regular expression: `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`. - - It must be between 2 and 256 characters long. - -: The `repository_name` can be passed as a string or as a `repository_name: 'value'` key-value entry in a hash. - -`registry_id` _(optional)_ - -: The 12-digit ID of the AWS Elastic Container Registry. If not provided, this resource will use the [default public registry](https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_DescribeRepositories.html). - -## Properties - -`repository_name` -: The name of the repository. - -`registry_id` -: The AWS account ID associated with the registry that contains the repository. - - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_Repository.html) - -## Examples - -**Test that ecr public repository 'public-repo' exists.** - -```ruby -describe aws_ecrpublic_repository('public-repo') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECRPublic:Client:DescribeRepositoriesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR Public](https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_Repository.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_cluster.md deleted file mode 100644 index 2317f0a876..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_cluster.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_ecs_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecs_cluster" -identifier = "inspec/resources/aws/aws_ecs_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecs_cluster` InSpec audit resource to test properties of a single AWS ECS Cluster. - -For additional information, including details on parameters and properties, see the [AWS documentation on ECS Clusters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_clusters.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecs_cluster` resource block declares the tests for a single AWS ECS Cluster by cluster name. - -```ruby -describe aws_ecs_cluser(cluster_name: 'cluster-8') do - it { should exist } -end -``` - -## Parameters - -If no parameters are passed, the resource will attempt to retrieve the `default` ECS Cluster. - -`cluster_name` _(optional)_ - -: This resource accepts a single parameter, the Cluster Name. - This can be passed either as a string or as a `cluster_name: 'value'` key-value entry in a hash. - -## Properties - -`cluster_arn` -: The Amazon Resource Name (ARN) that identifies the cluster. - -`cluster_name` -: A user-generated string that you use to identify your cluster. - -`status` -: The status of the cluster. - -`running_tasks_count` -: The number of tasks in the cluster that are in the RUNNING state. - -`pending_tasks_count` -: The number of tasks in the cluster that are in the PENDING state. - -`active_services_count` -: The number of services that are running on the cluster in an ACTIVE state. - -`registered_container_instances_count` -: The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status. - -`statistics` -: Additional information about your clusters that are separated by launch type. - -## Examples - - -**Test that an ECS Cluster does not exist.** - -```ruby -describe aws_ecs_cluster(cluster_name: 'invalid-cluster') do - it { should_not exist } -end -``` - -**Test that an ECS Cluster is active.** - -```ruby -describe aws_ecs_cluster('cluster-8') do - its ('status') { should eq 'ACTIVE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ecs_cluster('cluster-8') do - it { should exist } -end -``` - -```ruby -describe aws_ecs_cluster('cluster-9') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECS:Client:DescribeClustersResponse" %}} - diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_clusters.md deleted file mode 100644 index fc887aa727..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_clusters.md +++ /dev/null @@ -1,102 +0,0 @@ -+++ -title = "aws_ecs_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecs_clusters" -identifier = "inspec/resources/aws/aws_ecs_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecs_clusters` InSpec audit resource to test properties of some or all AWS ECS Clusters. - -For additional information, including details on parameters and properties, see the [AWS documentation on ECS Clusters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_clusters.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_ecs_clusters` resource block returns all ECS Clusters and allows the testing of that group of Clusters. - -```ruby -describe aws_ecs_clusters do - its('cluster_names') { should include 'cluster-root' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`cluster_arn` -: The Amazon Resource Name (ARN) that identifies the cluster. - -`cluster_name` -: A user-generated string that you use to identify your cluster. - -`status` -: The status of the cluster. - -`running_tasks_count` -: The number of tasks in the cluster that are in the RUNNING state. - -`pending_tasks_count` -: The number of tasks in the cluster that are in the PENDING state. - -`active_services_count` -: The number of services that are running on the cluster in an ACTIVE state. - -`registered_container_instances_count` -: The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status. - -`statistics` -: Additional information about your clusters that are separated by launch type. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - - -**Ensure there are no Clusters in an undesired state.** - -```ruby -describe aws_ecs_clusters do - it { should exist } - its('statuses') { should_not include 'UNDESIRED-STATUS'} - its('cluster_names') { should include 'SQL-cluster' } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ecs_clusters.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ecs_clusters.where( : ) do - it { should_not exist } -end -``` - - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ECS:Client:ListClustersResponse` & `ECS:Client:DescribeClustersResponse` action set to allow. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_service.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_service.md deleted file mode 100644 index cd9b5826e6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_service.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "aws_ecs_service Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecs_service" -identifier = "inspec/resources/aws/aws_ecs_service Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecs_service` InSpec audit resource to test properties of a single AWS ECS Service. - -The AWS ECS Service resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers. - -For additional information, including details on parameters and properties, see the [AWS documentation on ECS Service](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a services exists. - -```ruby -describe aws_ecs_service(cluster: "default", service: "SERVICE_ARN") do - it { should exist } -end -``` - -## Parameters - -`cluster` - -: The short name or full Amazon Resource Name (ARN) of the cluster on which your service is running. - -`service` _(required)_ - -: The ECS service ARN or service name. - -## Properties - -`service_arn` -: The ARN of the service. - -`service_name` -: The name of the service. - -`cluster_arn` -: The Amazon Resource Name (ARN) of the cluster that hosts the service. - -`status` -: The status of the service. The valid values are `ACTIVE`, `DRAINING`, or `INACTIVE`. - -`desired_count` -: The desired number of instantiations of the task definition to keep running on the service. - -`running_count` -: The number of tasks in the cluster that are in the `RUNNING` state. - -`pending_count` -: The number of tasks in the cluster that are in the `PENDING` state. - -`launch_type` -: The infrastructure on which your service is running. - -`task_definition` -: The task definition to use for tasks in the service. - -`platform_version` -: The AWS Fargate platform version on which the tasks in the task set are running. - - -For additional information, see the [AWS documentation on ECS describe services method](https://docs.aws.amazon.com/sdk-for-ruby/v2/api/Aws/ECS/Client.html#describe_services-instance_method). - -## Examples - -**Ensure a work group name is available.** - -```ruby -describe aws_ecs_service(cluster: "default", service: "SERVICE_ARN") do - its('service_name') { should eq 'service_name' } -end -``` - -**Ensure that the status is `ACTIVE` or not.** - -```ruby -describe aws_ecs_service(cluster: "default", service: "SERVICE_ARN") do - its('status') { should eq 'ACTIVE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ecs_service(cluster: "CLUSTER_NAME", service: "SERVICE_ARN") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ecs_service(cluster: "CLUSTER_NAME", service: "SERVICE_NAME") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the services is available. - -```ruby -describe aws_ecs_service(cluster: "default", service: "SERVICE_ARN") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECS:Client:DeleteServiceResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_services.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_services.md deleted file mode 100644 index 5239ea91b0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_services.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_ecs_services Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecs_services" -identifier = "inspec/resources/aws/aws_ecs_services Resource" -parent = "inspec/resources/aws" -+++ -Use the `aws_ecs_services` InSpec audit resource to test properties of multiple AWS ECS Services. - -The AWS ECS Service resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers. - -For additional information, including details on parameters and properties, see the [AWS documentation on ECS Service](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a service exists. - -```ruby -describe aws_ecs_services(cluster: "CLUSTER_NAME") do - it { should exist } -end -``` - -## Parameters - -`cluster` _(required)_ - -: The short name or full Amazon Resource Name (ARN) of the cluster on which your service is running. - -## Properties - -`service_arns` -: The ARNs of the services. - -`service_names` -: The names of the services. - -`cluster_arns` -: The Amazon Resource Name (ARN) of the cluster that hosts the services. - -`status` -: The status of the service. The valid values are `ACTIVE`, `DRAINING`, or `INACTIVE`. - -`desired_count` -: The desired number of instantiations of the task definition to keep running on the service. - -`running_count` -: The number of tasks in the cluster that are in the `RUNNING` state. - -`pending_count` -: The number of tasks in the cluster that are in the `PENDING` state. - -`launch_types` -: The infrastructure on which your service is running. - -`task_definitions` -: The task definitions to use for tasks in the service. - -`platform_versions` -: The AWS Fargate platform versions on which the tasks in the task set are running. - -For additional information, see the [AWS documentation on ECS describe services method](https://docs.aws.amazon.com/sdk-for-ruby/v2/api/Aws/ECS/Client.html#describe_services-instance_method). - -## Examples - -**Ensure a specific service is available on a cluster.** - -```ruby -describe aws_ecs_services(cluster: "CLUSTER_NAME") do - its('service_arns') { should include 'SERVICE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ecs_services(cluster: "CLUSTER_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ecs_services(cluster: "CLUSTER_NAME") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the service is available. - -```ruby -describe aws_ecs_services(cluster: "CLUSTER_NAME") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECS:Client:ListServicesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_task_definition.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_task_definition.md deleted file mode 100644 index b2b4374ff5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_task_definition.md +++ /dev/null @@ -1,850 +0,0 @@ -+++ -title = "aws_ecs_task_definition Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecs_task_definition" -identifier = "inspec/resources/aws/aws_ecs_task_definition Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecs_task_definition` InSpec audit resource to test the properties of a single ECS task definition. - -For additional information, including details on parameters and properties, see the [AWS ECS task definition documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a task definition exists. - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - it { should exist } -end -``` - -## Parameters - -`task_definition` _(required)_ - -: The full task definition description. - Specified as just the `family`, which targets the latest active revision, or `family:revision` for a specific revision number of a family, or the full Amazon Resource Name (ARN) of the task definition. - -## Properties - -`task_definition_arn` -: The full Amazon Resource Name (ARN) of the task definition. - -: **Field**: `task_definition_arn` - -`container_definitions` -: A list of container definitions in JSON format that describe the different containers that make up your task. - -: **Field**: `container_definitions` - -`container_definitions (name)` -: The name of a container. - -: **Field**: `container_definitions_names` - -`container_definitions (image)` -: The image used to start a container. - -: **Field**: `container_definitions_images` - -`container_definitions (repository_credentials)` -: The private repository authentication credentials to use. - -: **Field**: `container_definitions_repository_credentials` - -`container_definitions (repository_credentials (credentials_parameter))` -: The Amazon Resource Name (ARN) of the secret containing the private repository credentials. - -: **Field**: `container_definitions_repository_credentials_credentials_parameters` - -`container_definitions (cpu)` -: The number of CPU units reserved for the container. - -: **Field**: `container_definitions_cpus` - -`container_definitions (memory)` -: The amount (in MiB) of memory to present to the container. - -: **Field**: `container_definitions_memories` - -`container_definitions (memory_reservation)` -: The soft limit (in MiB) of memory to reserve for the container. - -: **Field**: `container_definitions_memory_reservations` - -`container_definitions (links)` -: The links parameter allows containers to communicate with each other without the need for port mappings. - -: **Field**: `container_definitions_links` - -`container_definitions (port_mappings)` -: The list of port mappings for the container. - -: **Field**: `container_definitions_port_mappings` - -`container_definitions (port_mappings (container_port))` -: The port number on the container that is bound to the user-specified or automatically assigned host port. - -: **Field**: `container_definitions_port_mappings_container_ports` - -`container_definitions (port_mappings (host_port))` -: The port number on the container instance to reserve for your container. - -: **Field**: `container_definitions_port_mappings_host_ports` - -`container_definitions (port_mappings (protocol))` -: The protocol used for the port mapping. Valid values are `tcp` and `udp`. Default value: `tcp`. - -: **Field**: `container_definitions_port_mappings_protocols` - -`container_definitions (essential)` -: If the essential parameter of a container is marked as `true`, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as `false`, then its failure does not affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential. - -: **Field**: `container_definitions_essentials` - -`container_definitions (entry_point)` -: The entry point that is passed to the container. - -: **Field**: `container_definitions_entry_points` - -`container_definitions (command)` -: The command that is passed to the container. - -: **Field**: `container_definitions_commands` - -`container_definitions (environment)` -: The environment variables to pass to a container. - -: **Field**: `container_definitions_environments` - -`container_definitions (environment (name))` -: The name of the key-value pair. - -: **Field**: `container_definitions_environments_names` - -`container_definitions (environment (value))` -: The value of the key-value pair. - -: **Field**: `container_definitions_environments_values` - -`container_definitions (environment_files)` -: A list of files containing the environment variables to pass to a container. - -: **Field**: `container_definitions_environment_files` - -`container_definitions (environment_files (value)` -: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. - -: **Field**: `container_definitions_environment_files_values` - -`container_definitions (environment_files (type)` -: The file type to use. The only supported value is `s3`. - -: **Field**: `container_definitions_environment_files_types` - -`container_definitions (mount_points)` -: The mount points for data volumes in your container. - -: **Field**: `container_definitions_mount_points` - -`container_definitions (mount_points (source_volume))` -: The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume. - -: **Field**: `container_definitions_mount_points_source_volumes` - -`container_definitions (mount_points (container_path))` -: The path on the container to mount the host volume at. - -: **Field**: `container_definitions_mount_points_container_paths` - -`container_definitions (mount_points (read_only))` -: If this value is `true`, the container has read-only access to the volume. If this value is `false`, then the container can write to the volume. The default value is `false`. - -: **Field**: `container_definitions_mount_points_read_only` - -`container_definitions (volumes_from)` -: Data volumes to mount from another container. - -: **Field**: `container_definitions_volumes_froms` - -`container_definitions (volumes_from (source_container))` -: The name of another container within the same task definition from which to mount volumes. - -: **Field**: `container_definitions_volumes_froms_source_containers` - -`container_definitions (volumes_from (read_only))` -: If this value is `true`, the container has read-only access to the volume. If this value is `false`, then the container can write to the volume. The default value is `false`. - -: **Field**: `container_definitions_volumes_froms_read_only` - -`container_definitions (linux_parameters)` -: Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. - -: **Field**: `container_definitions_linux_parameters` - -`container_definitions (linux_parameters (capabilities))` -: The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. - -: **Field**: `container_definitions_linux_parameters_capabilities` - -`container_definitions (linux_parameters (capabilities (add)))` -: The Linux capabilities for the container that have been added to the default configuration provided by Docker. - -: **Field**: `container_definitions_linux_parameters_capabilities_adds` - -`container_definitions (linux_parameters (capabilities (drop)))` -: The Linux capabilities for the container that have been removed from the default configuration provided by Docker. - -: **Field**: `container_definitions_linux_parameters_capabilities_drops` - -`container_definitions (linux_parameters (devices))` -: Any host devices to expose to the container. - -: **Field**: `container_definitions_linux_parameters_capabilities_devices` - -`container_definitions (linux_parameters (devices (host_path)))` -: The path for the device on the host container instance. - -: **Field**: `container_definitions_linux_parameters_capabilities_devices_host_paths` - -`container_definitions (linux_parameters (devices (container_path)))` -: The path inside the container at which to expose the host device. - -: **Field**: `container_definitions_linux_parameters_capabilities_devices_container_paths` - -`container_definitions (linux_parameters (devices (permissions)))` -: The explicit permissions to provide to the container for the device. By default, the container has permissions for `read`, `write`, and `mknod` for the device. - -: **Field**: `container_definitions_linux_parameters_capabilities_devices_permissions` - -`container_definitions (linux_parameters (init_process_enabled))` -: Run an `init` process inside the container that forwards signals and reaps processes. This parameter maps to the `--init` option to docker run. - -: **Field**: `container_definitions_linux_parameters_init_process_enabled` - -`container_definitions (linux_parameters (shared_memory_size)` -: The value for the size (in MiB) of the /dev/shm volume. This parameter maps to the `--shm-size` option to docker run. - -: **Field**: `container_definitions_linux_parameters_shared_memory_sizes` - -`container_definitions (linux_parameters (tmpfs)` -: The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the `--tmpfs` option to docker run. - -: **Field**: `container_definitions_linux_parameters_tmpfs` - -`container_definitions (linux_parameters (tmpfs (container_path))` -: The absolute file path where the tmpfs volume is to be mounted. - -: **Field**: `container_definitions_linux_parameters_tmpfs_container_paths` - -`container_definitions (linux_parameters (tmpfs (size))` -: The maximum size (in MiB) of the tmpfs volume. - -: **Field**: `container_definitions_linux_parameters_tmpfs_sizes` - -`container_definitions (linux_parameters (tmpfs (mount_options))` -: The list of tmpfs volume mount options. - -: **Field**: `container_definitions_linux_parameters_tmpfs_mount_options` - -`container_definitions (linux_parameters (max_swap))` -: The total amount of swap memory (in MiB) a container can use. - -: **Field**: `container_definitions_linux_parameters_max_swaps` - -`container_definitions (linux_parameters (swappiness))` -: This allows you to tune a container's memory swappiness behavior. - -: **Field**: `container_definitions_linux_parameters_swappiness` - -`container_definitions (secrets)` -: The secrets to pass to the container. - -: **Field**: `container_definitions_secrets` - -`container_definitions (secrets (name))` -: The name of the secret. - -: **Field**: `container_definitions_secrets_names` - -`container_definitions (secrets (value_from))` -: The secret to expose to the container. - -: **Field**: `container_definitions_secrets_value_froms` - -`container_definitions (depends_on)` -: The dependencies defined for container startup and shutdown. - -: **Field**: `container_definitions_depends_on` - -`container_definitions (depends_on (container_name))` -: The name of a container. - -: **Field**: `container_definitions_depends_on_container_names` - -`container_definitions (depends_on (condition))` -: The dependency condition of the container. - -: **Field**: `container_definitions_depends_on_conditions` - -`container_definitions (start_timeout)` -: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. - -: **Field**: `container_definitions_start_timeouts` - -`container_definitions (stop_timeout)` -: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. - -: **Field**: `container_definitions_stop_timeouts` - -`container_definitions (hostname)` -: The hostname to use for your container. - -: **Field**: `container_definitions_hostnames` - -`container_definitions (user)` -: The user to use inside the container. - -: **Field**: `container_definitions_users` - -`container_definitions (working_directory)` -: The working directory in which to run commands inside the container. - -: **Field**: `container_definitions_working_directories` - -`container_definitions (disable_networking)` -: When this parameter is `true`, networking is disabled within the container. - -: **Field**: `container_definitions_disable_networkings` - -`container_definitions (privileged)` -: When this parameter is `true`, the container is given elevated privileges on the host container instance (similar to the root user). - -: **Field**: `container_definitions_privilegeds` - -`container_definitions (readonly_root_filesystem)` -: When this parameter is `true`, the container is given read-only access to its root file system. This parameter maps to `ReadonlyRootfs` in the Create a container section of the Docker Remote API and the `--read-only` option to docker run. - -: **Field**: `container_definitions_readonly_root_filesystems` - -`container_definitions (dns_servers)` -: A list of DNS servers that are presented to the container. - -: **Field**: `container_definitions_dns_servers` - -`container_definitions (dns_search_domains)` -: A list of DNS search domains that are presented to the container. - -: **Field**: `container_definitions_dns_search_domains` - -`container_definitions (extra_hosts)` -: A list of hostnames and IP address mappings to append to the `/etc/hosts` file on the container. - -: **Field**: `container_definitions_extra_hosts` - -`container_definitions (extra_hosts (hostname))` -: The hostname to use in the `/etc/hosts` entry. - -: **Field**: `container_definitions_extra_hosts_hostnames` - -`container_definitions (extra_hosts (ip_address))` -: The IP address to use in the `/etc/hosts` entry. - -: **Field**: `container_definitions_extra_hosts_ip_addresses` - -`container_definitions (docker_security_options)` -: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field is not valid for containers in tasks using the Fargate launch type. - -: **Field**: `container_definitions_docker_security_options` - -`container_definitions (interactive)` -: When this parameter is `true`, this allows you to deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the Create a container section of the Docker Remote API and the --interactive option to docker run. - -: **Field**: `container_definitions_interactives` - -`container_definitions (pseudo_terminal)` -: When this parameter is `true`, a TTY is allocated. This parameter maps to Tty in the Create a container section of the Docker Remote API and the --tty option to docker run. - -: **Field**: `container_definitions_pseudo_terminals` - -`container_definitions (docker_labels)` -: A key/value map of labels to add to the container. - -: **Field**: `container_definitions_docker_labels` - -`container_definitions (ulimits)` -: The ulimit settings to pass to the container. - -: **Field**: `container_definitions_ulimits` - -`container_definitions (ulimits (name))` -: The type of the ulimit. - -: **Field**: `container_definitions_ulimits_names` - -`container_definitions (ulimits (soft_limit))` -: The soft limit for the ulimit type. - -: **Field**: `container_definitions_ulimits_soft_limits` - -`container_definitions (ulimits (hard_limit))` -: The hard limit for the ulimit type. - -: **Field**: `container_definitions_ulimits_hard_limits` - -`container_definitions (log_configuration)` -: The log configuration specification for the container. - -: **Field**: `container_definitions_log_configurations` - -`container_definitions (log_configuration (log_driver))` -: The log driver to use for the container. - -: **Field**: `container_definitions_log_configurations_log_drivers` - -`container_definitions (log_configuration (options))` -: The configuration options to send to the log driver. - -: **Field**: `container_definitions_log_configurations_options` - -`container_definitions (log_configuration (secret_options))` -: The secrets to pass to the log configuration. - -: **Field**: `container_definitions_log_configurations_secret_options` - -`container_definitions (log_configuration (secret_options (name)))` -: The name of the secret. - -: **Field**: `container_definitions_log_configurations_secret_options_names` - -`container_definitions (log_configuration (secret_options (value_from)))` -: The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the AWS Systems Manager Parameter Store. - -: **Field**: `container_definitions_log_configurations_secret_value_froms` - -`container_definitions (health_check)` -: The container health check command and associated configuration parameters for the container. - -: **Field**: `container_definitions_health_checks` - -`container_definitions (health_check (command))` -: A string array representing the command that the container runs to determine if it is healthy. - -: **Field**: `container_definitions_health_checks_commands` - -`container_definitions (health_check (interval))` -: The time period in seconds between each health check execution. - -: **Field**: `container_definitions_health_checks_intervals` - -`container_definitions (health_check (timeout))` -: The time period in seconds to wait for a health check to succeed before it is considered a failure. - -: **Field**: `container_definitions_health_checks_timeouts` - -`container_definitions (health_check (retries))` -: The number of times to retry a failed health check before the container is considered unhealthy. - -: **Field**: `container_definitions_health_checks_retries` - -`container_definitions (health_check (start_period))` -: The optional grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. - -: **Field**: `container_definitions_health_checks_start_periods` - -`container_definitions (system_controls)` -: A list of namespaced kernel parameters to set in the container. - -: **Field**: `container_definitions_system_controls` - -`container_definitions (system_controls (namespace))` -: The namespaced kernel parameter for which to set a value. - -: **Field**: `container_definitions_system_controls_namespaces` - -`container_definitions (system_controls (value))` -: The value for the namespaced kernel parameter specified in namespace. - -: **Field**: `container_definitions_system_controls_values` - -`container_definitions (resource_requirements)` -: The type and amount of a resource to assign to a container. - -: **Field**: `container_definitions_resource_requirements` - -`container_definitions (resource_requirements (value))` -: The value for the specified resource type. - -: **Field**: `container_definitions_resource_requirements_values` - -`container_definitions (resource_requirements (type))` -: The type of resource to assign to a container. - -: **Field**: `container_definitions_resource_requirements_types` - -`container_definitions (firelens_configuration)` -: The FireLens configuration for the container. - -: **Field**: `container_definitions_firelens_configurations` - -`container_definitions (firelens_configuration (type))` -: The log router to use. The valid values are `fluentd` or `fluentbit`. - -: **Field**: `container_definitions_firelens_configurations_types` - -`container_definitions (firelens_configuration (options))` -: The options to use when configuring the log router. - -: **Field**: `container_definitions_firelens_configurations_options` - -`family` -: The name of a family that this task definition is registered to. - -: **Field**: `family` - -`task_role_arn` -: The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role. - -: **Field**: `task_role_arn` - -`execution_role_arn` -: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container. - -: **Field**: `execution_role_arn` - -`network_mode` -: The Docker networking mode to use for the containers in the task. The valid values are `none`, `bridge`, `awsvpc`, and `host`. - -: **Field**: `network_mode` - -`revision` -: The revision of the task in a particular family. - -: **Field**: `revision` - -`volumes` -: The list of data volume definitions for the task. - -: **Field**: `volumes` - -`volumes (name)` -: The name of the volume. - -: **Field**: `volumes_names` - -`volumes (host)` -: The host of the volume. - -: **Field**: `volumes_hosts` - -`volumes (host (source_path))` -: The source path of the volume. - -: **Field**: `volumes_source_paths` - -`volumes (docker_volume_configuration)` -: This parameter is specified when you are using Docker volumes. - -: **Field**: `volumes_docker_volume_configurations` - -`volumes (docker_volume_configuration (scope))` -: The scope for the Docker volume that determines its lifecycle. - -: **Field**: `volumes_docker_volume_configuration_scopes` - -`volumes (docker_volume_configuration (autoprovision))` -: If this value is `true`, the Docker volume is created if it does not already exist. - -: **Field**: `volumes_docker_volume_configuration_autoprovisions` - -`volumes (docker_volume_configuration (driver))` -: The Docker volume driver to use. - -: **Field**: `volumes_docker_volume_configuration_drivers` - -`volumes (docker_volume_configuration (driver_opts))` -: A map of Docker driver-specific options passed through. - -: **Field**: `volumes_docker_volume_configuration_driver_opts` - -`volumes (docker_volume_configuration (labels))` -: Custom metadata to add to your Docker volume. - -: **Field**: `volumes_docker_volume_configuration_labels` - -`volumes (efs_volume_configuration)` -: This parameter is specified when you are using an Amazon Elastic File System file system for task storage. - -: **Field**: `volumes_efs_volume_configurations` - -`volumes (efs_volume_configuration (file_system_id))` -: The Amazon EFS file system ID to use. - -: **Field**: `volumes_efs_volume_configuration_file_system_ids` - -`volumes (efs_volume_configuration (root_directory))` -: The directory within the Amazon EFS file system to mount as the root directory inside the host. - -: **Field**: `volumes_efs_volume_configuration_root_directories` - -`volumes (efs_volume_configuration (transit_encryption))` -: Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. - -: **Field**: `volumes_efs_volume_configuration_transit_encryptions` - -`volumes (efs_volume_configuration (transit_encryption_port))` -: The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. - -: **Field**: `volumes_efs_volume_configuration_transit_encryption_ports` - -`volumes (efs_volume_configuration (authorization_config)` -: The authorization configuration details for the Amazon EFS file system. - -: **Field**: `volumes_efs_volume_configuration_authorization_configs` - -`volumes (efs_volume_configuration (authorization_config (access_point_id))` -: The Amazon EFS access point ID to use. - -: **Field**: `volumes_efs_volume_configuration_authorization_config_access_point_ids` - -`volumes (efs_volume_configuration (authorization_config (iam))` -: The Amazon EFS IAM to use. - -: **Field**: `volumes_efs_volume_configuration_authorization_config_iams` - -`volumes (fsx_windows_file_server_volume_configuration)` -: This parameter is specified when you are using Amazon FSx for Windows File Server file system for task storage. - -: **Field**: `volumes_fsx_windows_file_server_volume_configurations` - -`volumes (fsx_windows_file_server_volume_configuration (file_system_id))` -: The Amazon FSx for Windows File Server file system ID to use. - -: **Field**: `volumes_fsx_windows_file_server_volume_configurations_file_system_ids` - -`volumes (fsx_windows_file_server_volume_configuration (root_directory))` -: The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host. - -: **Field**: `volumes_fsx_windows_file_server_volume_configurations_root_directories` - -`volumes (fsx_windows_file_server_volume_configuration (authorization_config))` -: The authorization configuration details for the Amazon FSx for Windows File Server file system. - -: **Field**: `volumes_fsx_windows_file_server_volume_configurations_authorization_configs` - -`volumes (fsx_windows_file_server_volume_configuration (authorization_config (credentials_parameter)))` -: The authorization credential option to use. - -: **Field**: `volumes_fsx_windows_file_server_volume_configurations_authorization_configs_credentials_parameters` - -`volumes (fsx_windows_file_server_volume_configuration (authorization_config (domain)))` -: A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2. - -: **Field**: `volumes_fsx_windows_file_server_volume_configurations_authorization_configs_domains` - -`status` -: The status of the task definition. - -: **Field**: `status` - -`requires_attributes` -: The container instance attributes required by your task. - -: **Field**: `requires_attributes` - -`requires_attributes (name)` -: The name of the attribute. - -: **Field**: `requires_attributes_names` - -`requires_attributes (value)` -: The value of the attribute. - -: **Field**: `requires_attributes_values` - -`requires_attributes (target_type)` -: The type of the target with which to attach the attribute. - -: **Field**: `requires_attributes_target_types` - -`requires_attributes (target_id)` -: The ID of the target. - -: **Field**: `requires_attributes_targets` - -`placement_constraints` -: An array of placement constraint objects to use for tasks. - -: **Field**: `placement_constraints` - -`placement_constraints (type)` -: The type of constraint. - -: **Field**: `placement_constraints_types` - -`placement_constraints (expression)` -: The expression of constraint. - -: **Field**: `placement_constraints_expressions` - -`compatibilities` -: The task launch types the task definition validated against during task definition registration. - -: **Field**: `compatibilities` - -`requires_compatibilities` -: The task launch types the task definition was validated against. - -: **Field**: `FieldName` - -`cpu` -: The number of CPU units used by the task. - -: **Field**: `cpu` - -`memory` -: The amount (in MiB) of memory used by the task. - -: **Field**: `memory` - -`inference_accelerators` -: The Elastic Inference accelerator associated with the task. - -: **Field**: `inference_accelerators` - -`inference_accelerators (device_name)` -: The Elastic Inference accelerator device name. - -: **Field**: `inference_accelerators_device_names` - -`inference_accelerators (device_type)` -: The Elastic Inference accelerator type to use. - -: **Field**: `inference_accelerators_device_types` - -`pid_mode` -: The process namespace to use for the containers in the task. The valid values are `host` or `task`. - -: **Field**: `pid_mode` - -`ipc_mode` -: The IPC resource namespace to use for the containers in the task. The valid values are `host`, `task`, or `none`. - -: **Field**: `ipc_mode` - -`proxy_configuration` -: The configuration details for the App Mesh proxy. - -: **Field**: `proxy_configuration` - -`proxy_configuration (type)` -: The proxy type. The only supported value is `APPMESH`. - -: **Field**: `proxy_configuration_types` - -`proxy_configuration (container_name)` -: The name of the container that will serve as the App Mesh proxy. - -: **Field**: `proxy_configuration_container_names` - -`proxy_configuration (properties)` -: The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs. - -: **Field**: `proxy_configuration_properties` - -`proxy_configuration (properties (name))` -: The name of the key-value pair. - -: **Field**: `proxy_configuration_properties_names` - -`proxy_configuration (properties (value))` -: The value of the key-value pair. - -: **Field**: `proxy_configuration_properties_values` - -`tags` -: The tags of the task definition. - -: **Field**: `tags` - -## Examples - -**Ensure a task definition ARN is available.** - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - its('task_definition_arn') { should eq 'arn:aws:ecs:REGION:AWS_ACCOUNT_ID:task-definition/TASK_DEFINITION_ID' } -end -``` - -**Verify the amount of memory for a task definition.** - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - its('memory') { should eq 500 } -end -``` - -**Verify the name of a task definition.** - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - its('container_definitions_names') { should include 'Task_Definition_Container_Name' } -end -``` - -**Verify the cpu of a task definition.** - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - its('container_definitions_cpus') { should include 10 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the task definition is available. - -```ruby -describe aws_ecs_task_definition(task_definition: 'TASK_DEFINITION') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECS:Client:DescribeTaskDefinitionResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_task_definitions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_task_definitions.md deleted file mode 100644 index 7e753b8889..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ecs_task_definitions.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "aws_ecs_task_definitions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ecs_task_definitions" -identifier = "inspec/resources/aws/aws_ecs_task_definitions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ecs_task_definitions` InSpec audit resource to test the properties of multiple ECS task definitions. - -For additional information, including details on parameters and properties, see the [AWS ECS task definition documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a task definition ARNs exists. - -```ruby -describe aws_ecs_task_definitions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`task_definition_arns` -: A list of ARNs to describe the task definition. - -## Examples - -**Ensure a task definition ARN is available.** - -```ruby -describe aws_ecs_task_definitions do - its('task_definition_arns') { should include 'arn:aws:ecs:REGION:AWS_ACCOUNT_ID:task-definition/TASK_DEFINITION_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list_task_definitions` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ecs_task_definitions do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ecs_task_definitions do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the task definition arns is available. - -```ruby -describe aws_ecs_task_definitions do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ECS:Client:ListTaskDefinitionsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_file_system.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_file_system.md deleted file mode 100644 index d370a41684..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_file_system.md +++ /dev/null @@ -1,142 +0,0 @@ -+++ -title = "aws_efs_file_system Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_efs_file_system" -identifier = "inspec/resources/aws/aws_efs_file_system Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_efs_file_system` InSpec audit resource to test the properties of a single AWS EFS file system. -This resource is added to InSpec AWS resource pack in version **[1.10.0](https://github.com/inspec/inspec-aws/releases/tag/v1.10.0)** and it is available with InSpec **[4.18.108](https://github.com/inspec/inspec/releases/tag/v4.18.108)** and later versions. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_efs_file_system` resource block declares the tests for a single AWS EFS file system by either file system id or creation token. - -```ruby -describe aws_efs_file_system(file_system_id: 'fs-12345678') do - it { should be_encrypted } - its('size_in_bytes.value') { should cmp 6144 } -end -``` - -```ruby -describe aws_efs_file_system(creation_token: 'my-token') do - its('encrypted') { should cmp true } - its('throughput_mode') { should eq 'bursting' } -end -``` - -The value of the `file_system_id` can be provided as a string. - -```ruby -describe aws_efs_file_system('fs-12345678') do - it { should exist } -end -``` - -## Parameters - -Either the EFS file system id or creation token must be provided. - -`file_system_id` _(required if `creation_token` not provided)_ - -: The ID of the EFS file system. This is in the format of `fs-` followed by 8 or 17 hexadecimal characters. - This can be passed either as a string or as a `file_system_id: 'value'` key-value entry in a hash. - -`creation_token` _(required if `file_system_id` not provided)_ - -: The creation token is automatically assigned by AWS if not provided by the user at creation. - This is a string with minimum 1 and maximum 64-character long. - This must be passed as a `creation_token: 'value'` key-value entry in a hash. - -## Properties - -`creation_token` -: The value of the creation token. - -`file_system_id` -: The id of the file system which is auto-assigned by the AWS. - -`encrypted` -: Indicates whether the file system is encrypted or not. - -`life_cycle_state` -: The lifecycle phase of the file system, e.g. 'creating'. - -`owner_id` -: The AWS account that created the file system. - -`performance_mode` -: The performance mode of the file system, e.g. 'maxIO'. - -`throughput_mode` -: The throughput mode for a file system, e.g. 'bursting'. - -`tags` -: An hash with each key-value pair corresponding to a tag associated with the entity. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/efs/latest/ug/API_FileSystemDescription.html) - -## Examples - -**Test that an EFS file system is available.** - -```ruby -describe aws_efs_file_system("fs-12345678") do - its("life_cycle_state") { should eq 'available' } -end -``` - - -**Test that an EFS file system is in 'maxIO' performance mode.** - -```ruby -describe aws_efs_file_system(creation_token: "My Token") do - its("performance_mode") { should eq "maxIO" } -end -``` - -**Test that an EFS file system has a certain tag.** - -```ruby -describe aws_efs_file_system(creation_token: "My Token") do - its("tags") { should include("companyName" => "My Company") } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_efs_file_system(file_system_id: "fs-12345678") do - it { should exist } -end -``` - -### be_encrypted - -```ruby -describe aws_efs_file_system(creation_token: "My Token") do - it { should be_encrypted } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EFS:Client:DescribeFileSystemsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EFS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticfilesystem.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_file_systems.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_file_systems.md deleted file mode 100644 index 05851ed33b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_file_systems.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_efs_file_systems Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_efs_file_systems" -identifier = "inspec/resources/aws/aws_efs_file_systems Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_efs_file_systems` InSpec audit resource to test the properties of some or all AWS EFS file systems. To audit a single EFS file system, use `aws_efs_file_ststem` (singular). - -This resource is added to InSpec AWS resource pack in version **[1.10.0](https://github.com/inspec/inspec-aws/releases/tag/v1.10.0)** and it is available with InSpec **[4.18.108](https://github.com/inspec/inspec/releases/tag/v4.18.108)** and later versions. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_efs_file_systems` resource block collects a group of EFS file system descriptions and then tests that group. - -```ruby -describe aws_efs_file_systems - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`tags` -: The list of tags that the EFS file system has. - -`names` -: The value of the `Name` (case sensitive) tag if it is defined. - -`file_system_ids` -: The ID of the EFS file system. - -`creation_tokens` -: The creation token that the EFS file system is associated. - -`owner_ids` -: The owner id of the EFS file system. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -`creation_times` -: The creation time of the EFS file system. - -`performance_modes` -: The performance mode of the EFS file system, e.g. 'maxIO'. - -`encryption_status` -: This indicates whether the EFS file system is encrypted or not. - -`throughput_modes` -: The throughput mode of the EFS file system. - -`kms_key_ids` -: The ID of an AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the encrypted EFS file system. - -`size_in_bytes` -: The latest known metered size (in bytes) of data stored in the file system, in its `value` field. - -`life_cycle_states` -: The life cycle phase of the EFS file system, e.g. 'deleting'. - -## Examples - -**Ensure you have exactly 3 file systems.** - -```ruby -describe aws_efs_file_systems do - its("entries.count") { should cmp 3 } -end -``` - -**Use this InSpec resource to request the IDs of all EFS file systems, then test in-depth using `aws_efs_file_system`.** - -```ruby -aws_efs_file_systems.file_system_ids.each do |file_system_id| - describe aws_efs_file_system(file_system_id) do - its("tags") { should include("companyName" => "My Company Name") } - it { should be_encrypted } - its("throughput_mode") { should eq "bursting" } - its("performance_mode") { should eq "generalPurpose" } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_efs_file_systems.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_efs_file_systems.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EFS:Client:DescribeFileSystemsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EFS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticfilesystem.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_mount_target.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_mount_target.md deleted file mode 100644 index 0649e91106..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_mount_target.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_efs_mount_target Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_efs_mount_target" -identifier = "inspec/resources/aws/aws_efs_mount_target Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_efs_mount_target` InSpec audit resource to test properties of a single specific EFS Mount Target. - -The AWS::EFS::MountTarget resource is an Amazon EFS resource that creates a mount target for an EFS file system. You can then mount the file system on Amazon EC2 instances or other resources by using the mount target. - -For additional information, including details on parameters and properties, see the [AWS documentation on EFS Mount Target](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a mount target id exists. - -```ruby -describe aws_efs_mount_target(mount_target_id: 'MOUNT_TARGET_ID') do - it { should exist } -end -``` - -## Parameters - -`mount_target_id` _(required)_ - -## Properties - -`owner_id` -: The owner ID of the mount targets. - -`mount_target_id` -: ID of the file system whose mount targets you want to list (String). - -`file_system_id` -: The ID of the file system for which to create the mount target. - -`life_cycle_state` -: The life cycle state of the mount targets. - -`ip_address` -: Valid IPv4 address within the address range of the specified subnet. - -`network_interface_id` -: The network interface ID of the mount targets. - -`availability_zone_id` -: The availability zone ID of the mount targets. - -`availability_zone_name` -: The availability zone name of the mount targets. - -`vpc_id` -: The VPC ID of the mount targets. - -## Examples - -**Ensure a owner ID is available.** - -```ruby -describe aws_efs_mount_target(mount_target_id: 'MOUNT_TARGET_ID') do - its('owner_id') { should eq '012345678912' } -end -``` - -**Ensure that the life cycle state is available.** - -```ruby -describe aws_efs_mount_target(mount_target_id: 'MOUNT_TARGET_ID') do - its('life_cycle_state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_efs_mount_target(mount_target_id: 'MOUNT_TARGET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_efs_mount_target(mount_target_id: 'MOUNT_TARGET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the mount target id is available. - -```ruby -describe aws_efs_mount_target(mount_target_id: 'MOUNT_TARGET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EFS:Client:DescribeMountTargetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_mount_targets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_mount_targets.md deleted file mode 100644 index e41161cf5c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_efs_mount_targets.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_efs_mount_targets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_efs_mount_targets" -identifier = "inspec/resources/aws/aws_efs_mount_targets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_efs_mount_targets` InSpec audit resource to test properties of a plural EFS Mount Targets. - -The AWS::EFS::MountTarget resource is an Amazon EFS resource that creates a mount target for an EFS file system. You can then mount the file system on Amazon EC2 instances or other resources by using the mount target. - -For additional information, including details on parameters and properties, see the [AWS documentation on EFS Mount Target](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a file system exists. - -```ruby -describe aws_efs_mount_targets(file_system_id: "FILE_SYSTEM_ID") do - it { should exist } -end -``` - -## Parameters - -`file_system_ids` _(required)_ - -## Properties - -`owner_ids` -: The owner IDs of the mount targets. - -`mount_target_ids` -: IDs of the file system whose mount targets you want to list (String). - -`file_system_ids` -: The IDs of the file system for which to create the mount target. - -`life_cycle_states` -: The life cycle states of the mount targets. - -`ip_addresses` -: Valid IPv4 addresses within the address range of the specified subnet. - -`network_interface_ids` -: The network interface IDs of the mount targets. - -`availability_zone_ids` -: The availability zone IDs of the mount targets. - -`availability_zone_names` -: The availability zone names of the mount targets. - -`vpc_ids` -: The vpc IDs of the mount targets. - -## Examples - -**Ensure a owner ID is available.** - -```ruby -describe aws_efs_mount_targets(file_system_id: "FILE_SYSTEM_ID") do - its('owner_ids') { should include 'OWNER_ID' } -end -``` - -**Ensure that the IP address is available.** - -```ruby -describe aws_efs_mount_targets(file_system_id: "FILE_SYSTEM_ID") do - its('ip_addresses') { should include 'IP_ADDRESS' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. -```ruby -describe aws_efs_mount_targets(file_system_id: "FILE_SYSTEM_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. -```ruby -describe aws_efs_mount_targets(file_system_id: "FILE_SYSTEM_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the file system is available. -```ruby -describe aws_efs_mount_targets(file_system_id: "FILE_SYSTEM_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EFS:Client:DescribeMountTargetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eks_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eks_cluster.md deleted file mode 100644 index 5eaa6d67b4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eks_cluster.md +++ /dev/null @@ -1,201 +0,0 @@ -+++ -title = "aws_eks_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_eks_cluster" -identifier = "inspec/resources/aws/aws_eks_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_eks_cluster` InSpec audit resource to test properties of a single AWS Elastic Container Service for Kubernetes. - -For additional information, including details on parameters and properties, see the [AWS documentation on EKS Clusters](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_eks_cluster` resource block declares the tests for a single EKS Cluster by Cluster name. - -```ruby -describe aws_eks_cluster('my-eks') do - it { should exist } -end -``` - -```ruby -describe aws_eks_cluster(cluster_name: 'my-eks') do - it { should exist } -end -``` - -## Parameters - -`cluster_name` _(required if resource_data not provided)_ - -: The name of the EKS cluster. - This can be passed either as a string or as a `cluster_name: 'value'` key-value entry in a hash. - -`resource_data` _(required if cluster_name not provided)_ - -: A hash or the cached AWS response passed from the `aws_eks_clusters` resource. - -## Properties - -`arn` -: The Amazon Resource Name (ARN) of the cluster. - -`name` -: The name of the cluster. - -`endpoint` -: The endpoint for your Kubernetes API server. - -`status` -: The current status of the cluster. - -`version` -: The Kubernetes server version for the cluster. - -`certificate_authority` -: The certificate-authority-data for your cluster. - -`subnets_count` -: The number of subnets associated with your cluster. - -`subnet_ids` -: The subnets associated with your cluster. - -`security_groups_count` -: The count of security groups associated with your cluster. - -`security_group_ids` -: The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane. - -`role_arn` -: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. - -`vpc_id` -: The VPC associated with your cluster. - -`created_at` -: The Unix epoch timestamp in seconds for when the cluster was created. - -`creating` -: Boolean indicating whether or not the state of the cluster is CREATING. - -`active` -: Boolean indicating whether or not the state of the cluster is ACTIVE. - -`failed` -: Boolean indicating whether or not the state of the cluster is FAILED. - -`deleting` -: Boolean indicating whether or not the state of the cluster is DELETING. - -`tags` -: Cluster tags. - -`enabled_logging_types` -: Return list of enabled logging types. - -`disabled_logging_types` -: Return list of disabled logging types. - -## Examples - -**Test that an EKS Cluster has at least 2 subnets.** - -```ruby -describe aws_eks_cluster('my-cluster') do - its('subnets_count') { should be > 1 } -end -``` - -**Ensure a Cluster has the correct status.** - -```ruby -describe aws_eks_cluster(cluster_name: 'my-eks') do - its('status') { should eq 'ACTIVE' } -end -``` - -**Ensure that the EKS Cluster is on the correct VPC.** - -```ruby -describe aws_eks_cluster('my-cluster') do - its('vpc_id') { should eq 'vpc-12345678' } -end -``` - -**Ensure the EKS Cluster is using the correct IAM Role.** - -```ruby -describe aws_eks_cluster('my-cluster') do - its('role_arn') { should cmp 'rn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI' } -end -``` - -**Ensure that the EKS Cluster is on the correct VPC from cached resources.** - -```ruby -resource = aws_eks_clusters.where(cluster_name: 'my-eks') -describe aws_eks_cluster(resource_data: resource) do - its('vpc_id') { should eq 'vpc-12345678' } -end -``` - -**Integrate with other resources.** - -Use a combination of InSpec AWS resources to ensure your EKS Cluster does not use the Default VPC. - -**Find the default Security Group for our VPC.** - -```ruby -cluster_vpc = aws_eks_cluster(cluster_name: 'my-cluster').vpc_id -default_sg = aws_security_group(group_name: 'default', vpc_id: cluster_vpc) -``` - -**Ensure we are not using the default Security Group.** - -```ruby -describe aws_eks_cluster(cluster_name: 'my-cluster') do - its('security_group_ids') { should_not include default_security_group.group_id } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_eks_cluster('AnExistingCluster') do - it { should exist } -end -``` - -```ruby -describe aws_eks_cluster('ANonExistentCluster') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EKS:Client:DescribeClusterResponse" %}} - -You can find detailed documentation at [Amazon EKS IAM Policies, Roles, and Permissions](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html) -The documentation for EKS actions is at [Policy Structure](https://docs.aws.amazon.com/eks/latest/userguide/iam-policy-structure.html#UsingWithEKS_Actions) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eks_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eks_clusters.md deleted file mode 100644 index 6049c9e32d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eks_clusters.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "aws_eks_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_eks_clusters" -identifier = "inspec/resources/aws/aws_eks_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_eks_clusters` resource to test the configuration of a collection of AWS Elastic Container Service for Kubernetes. - -For additional information, including details on parameters and properties, see the [AWS documentation on EKS Clusters](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_eks_clusters do - its('names.count') { should cmp 10 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arn` -: The Amazon Resource Name (ARN) of the cluster. - -`name` -: The name of the cluster. - -`endpoint` -: The endpoint for your Kubernetes API server. - -`status` -: The current status of the cluster. - -`version` -: The Kubernetes server version for the cluster. - -`certificate_authority` -: The certificate-authority-data for your cluster. - -`subnets_count` -: The number of subnets associated with your cluster. - -`subnet_ids` -: The subnets associated with your cluster. - -`security_groups_count` -: The count of security groups associated with your cluster. - -`security_group_ids` -: The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane. - -`role_arn` -: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. - -`vpc_id` -: The VPC associated with your cluster. - -`created_at` -: The Unix epoch timestamp in seconds for when the cluster was created. - -`creating` -: Boolean indicating whether or not the state of the cluster is CREATING. - -`active` -: Boolean indicating whether or not the state of the cluster is ACTIVE. - -`failed` -: Boolean indicating whether or not the state of the cluster is FAILED. - -`deleting` -: Boolean indicating whether or not the state of the cluster is DELETING. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Allow at most 100 EKS Clusters on the account.** - -```ruby -describe aws_eks_clusters do - its('entries.count') { should be <= 100} -end -``` - -**Ensure a specific Cluster exists, by name.** - -```ruby -describe aws_eks_clusters do - its('names') { should include('cluster-1') } -end -``` - -**Ensure no Clusters are in a failed state.** - -```ruby -describe aws_eks_clusters.where( failed: true ) do - it { should_not exist ) -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_eks_clusters.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_eks_clusters.where( : ) do - it { should_not exist } -end -``` - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EKS:Client:DescribeClusterResponse" %}} - -You can find detailed documentation at [Amazon EKS IAM Policies, Roles, and Permissions](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html) -The documentation for EKS actions is at [Policy Structure](https://docs.aws.amazon.com/eks/latest/userguide/iam-policy-structure.html#UsingWithEKS_Actions) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_cluster.md deleted file mode 100644 index 6bb3e9338b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_cluster.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "aws_elasticache_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticache_cluster" -identifier = "inspec/resources/aws/aws_elasticache_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticache_cluster` InSpec audit resource to test the properties of a single AWS ElastiCache cluster. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elasticache_cluster` resource block declares the tests for a single AWS ElastiCache cluster by `cache_cluster_id`. - -```ruby -describe aws_elasticache_cluster(cache_cluster_id: 'my-cluster-123') do - it { should exist } -end -``` - -The value of the `cache_cluster_id` can be provided as a string. - -```ruby -describe aws_elasticache_cluster('my-cluster-123') do - its('engine') { should cmp 'redis' } -end -``` - -## Parameters - -The ElastiCache cluster ID must be provided. - -`cache_cluster_id` _(required)_ - -: The ID of the ElastiCache cluster: - - contains between 1 and 50 alphanumeric characters or hyphens, - - should start with a letter, - - cannot end with a hyphen or contain two consecutive hyphens. - -: It can be passed either as a string or as a `cache_cluster_id: 'value'` key-value entry in a hash. - -## Properties - -`cache_cluster_id` -: The user-supplied identifier of the cluster. This identifier is a unique key that identifies a cluster. - -`engine` -: The name of the cache engine, e.g. `redis`. - -`node_ids` -: The id list of all cluster nodes. - -`ports` -: A hash of the node ID and port number pairs. - -`status` -: The current state of the cluster, e.g. `creating`, `available`. - -`encrypted_at_rest` -: Indicates whether the content is encrypted at rest or not. - -`encrypted_at_transit` -: Indicates whether the content is encrypted at transit or not. - - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CacheCluster.html). - -## Examples - -**Test that an ElastiCache cluster is available.** - -```ruby -describe aws_elasticache_cluster("my-cluster-123") do - its("status") { should eq 'available' } -end -``` - -**Test that an Elasticache cluster engine is listening on port `11211`.** - -```ruby -describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do - its("port") { should cmp 11211 } -end -``` - -**Test that an Elasticache cluster's engine version is `1.5.16`.** - -```ruby -describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do - its("engine_version") { should cmp 1.5.16 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do - it { should exist } -end -``` - -### be_encrypted_at_rest - -```ruby -describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do - it { should be_encrypted_at_rest } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElastiCache:Client:CacheClusterMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_cluster_node.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_cluster_node.md deleted file mode 100644 index 3b946a19d8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_cluster_node.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "aws_elasticache_cluster_node Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticache_cluster_node" -identifier = "inspec/resources/aws/aws_elasticache_cluster_node Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticache_cluster_node` InSpec audit resource to test the properties of a single AWS ElastiCache cluster node. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elasticache_cluster_node` resource block declares the tests for a single AWS ElastiCache cluster node by `cache_cluster_id` and `node_id`. - -```ruby -describe aws_elasticache_cluster_node(cache_cluster_id: 'my-cluster-123', node_id: '0001') do - it { should exist } -end -``` - -## Parameters - -The ElastiCache cluster ID and node ID must be provided. - -`cache_cluster_id` _(required)_ - -: The ID of the ElastiCache cluster: - - contains between 1 and 50 alphanumeric characters or hyphens, - - should start with a letter, - - cannot end with a hyphen or contain two consecutive hyphens. - -: It can be passed either as a string or as a `cache_cluster_id: 'value'` key-value entry in a hash. - -`node_id` _(required)_ - -: The ID of the node must be a string containing 4 digits. It can be passed as a `node_id: 'value'` key-value entry in a hash. - -## Properties - -`id` -: The cache node identifier, e.g. `0001`. - -`port` -: The port number that the cache engine is listening on. - -`address` -: The DNS hostname of the cache node. - -`status` -: The current state of the cache node. One of the following values: `available`, `creating`, `rebooting`, or `deleting`. - -`create_time` -: The date and time when the cache node was created. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CacheNode.html). - -## Examples - -**Test that an ElastiCache cluster node is available.** - -```ruby -describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do - its("status") { should eq 'available' } -end -``` - -**Test that an Elasticache cluster engine is listening on port `11211`.** - -```ruby -describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do - its("port") { should cmp 11211 } -end -``` - -**Test that an Elasticache cluster node's customer availability zone is `us-east-2b`.** - -```ruby -describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do - its("customer_availability_zone") { should cmp "us-east-2b" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElastiCache:Client:CacheClusterMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_clusters.md deleted file mode 100644 index 6f5b0295cb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_clusters.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_elasticache_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticache_clusters" -identifier = "inspec/resources/aws/aws_elasticache_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticache_clusters` InSpec audit resource to test the properties of all AWS ElastiCache clusters. To audit a single ElastiCache cluster, use `aws_elasticache_cluster` (singular). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elasticache_clusters` resource block collects a group of ElastiCache cluster descriptions and then tests that group. - -```ruby -describe aws_elasticache_clusters - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The user-supplied identifier of the cluster. This identifier is a unique key that identifies a cluster. - -`node_types` -: The name of the compute and memory capacity node type for the cluster, e.g. `cache.m5.large`. - -`engines` -: The name of the cache engine, e.g. `redis`. - -`status` -: The current state of the cluster, e.g. `creating`, `available`. - -`zones` -: The name of the availability zone in which the cluster is located or "Multiple" if the cache nodes are located in different availability zones. - -`subnet_group_names` -: The name of the cache subnet group. - -`encrypted_at_rest` -: Indicates whether the content is encrypted at rest or not. - -`encrypted_at_transit` -: Indicates whether the content is encrypted at transit or not. - -## Examples - -**Ensure that exactly 3 ElastiCache clusters exist.** - -```ruby -describe aws_elasticache_clusters do - its("entries.count") { should cmp 3 } -end -``` - -**Use this InSpec resource to request the IDs of all ElastiCache clusters, then test in-depth using `aws_elasticache_cluster` and `aws_elasticache_cluster_node`.** - -```ruby -aws_elasticache_clusters.ids.each do |id| - aws_elasticache_cluster(id).node_ids.each do |node_id| - describe aws_elasticache_cluster_node(cache_cluster_id: id, node_id: node_id) do - it { should exist } - end - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_elasticache_clusters.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_elasticache_clusters.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElastiCache:Client:CacheClusterMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_replication_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_replication_group.md deleted file mode 100644 index 5150c039c2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_replication_group.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "aws_elasticache_replication_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticache_replication_group" -identifier = "inspec/resources/aws/aws_elasticache_replication_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticache_replication_group` InSpec audit resource to test the properties of a single Amazon ElastiCache replication group. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elasticache_replication_group` resource block declares the tests for a single Amazon ElastiCache replication group by `replication_group_id`. - -```ruby -describe aws_elasticache_replication_group(replication_group_id: 'my-replication-group-123') do - it { should exist } -end -``` - -The value of the `replication_group_id` can be provided as a string. - -```ruby -describe aws_elasticache_replication_group('my-replication-group-123') do - it { should exist } -end -``` - -## Parameters - -The ElastiCache replication group ID is required. - -`replication_group_id` _(required)_ - -: The ID of the ElastiCache replication group: - -: - must contain between 1 and 50 alphanumeric characters or hyphens - - should start with a letter - - cannot end with a hyphen or contain two consecutive hyphens - -: It can be passed either as a string or as a `replication_group_id: 'value'` key-value entry in a hash. - -## Properties - -`replication_group_id` -: The user-supplied identifier of the replication group. This identifier is a unique key that identifies a replication group. - -`status` -: The current state of the replication group, e.g. `creating`, `available`. - -`encrypted_at_rest` -: Indicates whether the content is encrypted at rest or not. - -`encrypted_at_transit` -: Indicates whether the content is encrypted at transit or not. - - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ElastiCache/Types/ReplicationGroup.html). - -## Examples - -**Test that an ElastiCache replication group is available.** - -```ruby -describe aws_elasticache_replication_group('my-replication-group-123') do - its("status") { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_elasticache_replication_group('my-replication-group-123') do - it { should exist } -end -``` - -### be_encrypted_at_rest - -```ruby -describe aws_elasticache_replication_group('my-replication-group-123') do - it { should be_encrypted_at_rest } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElastiCache:Client:ReplicationGroupMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_replication_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_replication_groups.md deleted file mode 100644 index fe6765c80e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticache_replication_groups.md +++ /dev/null @@ -1,98 +0,0 @@ -+++ -title = "aws_elasticache_replication_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticache_replication_groups" -identifier = "inspec/resources/aws/aws_elasticache_replication_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticache_replication_groups` InSpec audit resource to test the properties of all Amazon ElastiCache replication groups. To audit a single ElastiCache replication group, use `aws_elasticache_replication_group` (singular). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elasticache_replication_groups` resource block collects a group of ElastiCache replication group descriptions and then tests that group. - -```ruby -describe aws_elasticache_replication_groups - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The user-supplied identifier of the replication group. This identifier is a unique key that identifies a replication group. - -`node_types` -: The name of the compute and memory capacity node type for the replication group, e.g. `cache.m5.large`. - -`status` -: The current state of the replication group, e.g. `creating`, `available`. - -`encrypted_at_rest` -: Indicates whether the content is encrypted at rest or not. - -`encrypted_at_transit` -: Indicates whether the content is encrypted at transit or not. - -## Examples - -**Ensure that exactly three ElastiCache replication groups exist.** - -```ruby -describe aws_elasticache_replication_groups do - its('count') { should eq 3 } -end -``` - -**Request the IDs of all ElastiCache replication groups, then test in-depth using `aws_elasticache_replication_group`.** - -```ruby -aws_elasticache_replication_groups.ids.each do |replication_group_id| - describe aws_elasticache_replication_group(replication_group_id) do - it { should be_encrypted_at_rest } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the 'describe' method returns at least one result. - -```ruby -describe aws_elasticache_replication_groups.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_elasticache_replication_groups.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElastiCache:Client:ReplicationGroupMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener.md deleted file mode 100644 index 0cb6324cba..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener.md +++ /dev/null @@ -1,226 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_listener Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_listener" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_listener Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_listener` InSpec audit resource to test properties of a single Application Load Balancer or Network Load Balancer listener. - -For additional information, including details on parameters and properties, see the [AWS documentation on ElasticLoadBalancingV2 Listener](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a listener arn exist. - -```ruby -describe aws_elasticloadbalancingv2_listener(listener_arn: "LISTENER_ARN") do - it { should exist } -end -``` - -Ensure that the listener has a desired port. - -```ruby -describe aws_elasticloadbalancingv2_listener(listener_arn: "LISTENER_ARN") do - its ('port') { should eq 80 } -end -``` - -## Parameters - -`listener_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the listener. - -## Properties - -`listener_arn` -: The Amazon Resource Name (ARN) of the listener. - -`load_balancer_arn` -: The Amazon Resource Name (ARN) of the load balancer. - -`port` -: The port on which the load balancer is listening. - -`protocol` -: The protocol for connections from clients to the load balancer. - -`certificates (certificate_arn)` -: The Amazon Resource Name (ARN) of the certificate. - -`certificates (is_default)` -: Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates. - -`ssl_policy` -: The security policy (HTTPS or TLS listener) that defines which protocols and ciphers are supported. - -`default_actions (type)` -: The type of action. - -`default_actions (target_group_arn)` -: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead. - -`default_actions (authenticate_oidc_config (issuer))` -: The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`default_actions (authenticate_oidc_config (authorization_endpoint))` -: The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`default_actions (authenticate_oidc_config (token_endpoint))` -: The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`default_actions (authenticate_oidc_config (user_info_endpoint))` -: The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`default_actions (authenticate_oidc_config (client_id))` -: The OAuth 2.0 client identifier. - -`default_actions (authenticate_oidc_config (client_secret))` -: The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set `UseExistingClientSecret` to true. - -`default_actions (authenticate_oidc_config (session_cookie_name))` -: The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie. - -`default_actions (authenticate_oidc_config (scope))` -: The set of user claims to be requested from the IdP. The default is `openid`. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - -`default_actions (authenticate_oidc_config (session_timeout))` -: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days). - -`default_actions (authenticate_oidc_config (authentication_request_extra_params))` -: The query parameters (up to 10) to include in the redirect request to the authorization endpoint. - -`default_actions (authenticate_oidc_config (on_unauthenticated_request))` -: The behavior if the user is not authenticated. The following are possible values are demy or allow or authenticate. - -`default_actions (authenticate_oidc_config (use_existing_client_secret))` -: Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to `false`. - -`default_actions (authenticate_oidc_config (user_pool_arn))` -: The Amazon Resource Name (ARN) of the Amazon Cognito user pool. - -`default_actions (authenticate_oidc_config (user_pool_client_id))` -: The ID of the Amazon Cognito user pool client. - -`default_actions (authenticate_oidc_config (user_pool_domain))` -: The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. - -`default_actions (authenticate_oidc_config (session_cookie_name))` -: The name of the cookie used to maintain session information. The default is `AWSELBAuthSessionCookie`. - -`default_actions (authenticate_oidc_config (scope))` -: The set of user claims to be requested from the IdP. The default is `openid`. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - -`default_actions (authenticate_oidc_config (session_timeout))` -: The maximum duration of the authentication session, in seconds. The default is `604800` seconds (7 days). - -`default_actions (authenticate_oidc_config (authentication_request_extra_params))` -: The query parameters (up to 10) to include in the redirect request to the authorization endpoint. - -`default_actions (authenticate_oidc_config (authentication_request_extra_params))` -: group. - -`default_actions (authenticate_oidc_config (on_unauthenticated_request))` -: The behavior if the user is not authenticated. Possible values: `deny`, `allow`, or `authenticate`. - -`default_actions (order)` -: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. - -`default_actions (redirect_config (protocol))` -: The protocol. You can specify `HTTP`, `HTTPS`, or `#{protocol}`. - -`default_actions (redirect_config (port))` -: The port. You can specify a value from 1 to 65535 or `#{port}`. - -`default_actions (redirect_config (host))` -: The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. - -`default_actions (redirect_config (path))` -: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain `#{host}`, `#{path}`, and `#{port}`. - -`default_actions (redirect_config (query))` -: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords. - -`default_actions (redirect_config (status_code))` -: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302). - -`default_actions (fixed_response_config (message_body))` -: The message. - -`default_actions (fixed_response_config (status_code))` -: The HTTP response code (2XX, 4XX, or 5XX). - -`default_actions (fixed_response_config (content_type))` -: The content type. Valid Values: `text/plain`, `text/css`, `text/html`, `application/javascript`, `application/json`. - -`default_actions (forward_config (target_groups))` -: One or more target groups. For Network Load Balancers, you can specify a single target group. - -`default_actions (forward_config (target_groups (target_group_arn)))` -: The Amazon Resource Name (ARN) of the target group. - -`default_actions (forward_config (target_groups (weight)))` -: The weight. The range is 0 to 999. - -`default_actions (forward_config (target_group_stickiness_config (enabled)))` -: Indicates whether target group stickiness is enabled. - -`default_actions (forward_config (target_group_stickiness_config (duration_seconds)))` -: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). - -`alpn_policy` -: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy. - -## Examples - -**Ensure that a listener arn exists.** - -```ruby -describe aws_elasticloadbalancingv2_listener(listener_arn: "LISTENER_ARN") do - its('listener_arn') { should eq "LISTENER_ARN" } -end -``` - -**Ensure that listener listens to a specific port.** - -```ruby -describe aws_elasticloadbalancingv2_listener(listener_arn: "LISTENER_ARN") do - its('port') { should eq PORT_NUMBER} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_elasticloadbalancingv2_listener(listener_arn: "LISTENER_ARN") do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeListenersOutput" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html). - diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_certificate.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_certificate.md deleted file mode 100644 index 48b47418f9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_certificate.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_listener_certificate Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_listener_certificate" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_listener_certificate Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_listener_certificate` InSpec audit resource to test properties of a single TLS or HTTPS listener certificate. - -For additional information, including details on parameters and properties, see the [AWS documentation on ElasticLoadBalancingV2 Listener Certificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a listener ARN exist. - -```ruby -describe aws_elasticloadbalancingv2_listener_certificate(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -Ensure that the listener has a desired port. - -```ruby -describe aws_elasticloadbalancingv2_listener_certificate(listener_arn: 'LISTENER_ARN') do - its('certificate_arn') { should eq "CERTIFICATE_ARN" } -end -``` - -## Parameters - -`listener_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the listener certificate. - -## Properties - -`certificate_arn` -: The Amazon Resource Name (ARN) of the certificate. - -`is_default` -: Indicates whether the certificate is the default certificate. Valid values: `true` or `false`. - -## Examples - -**Ensure that a listener ARN exists.** - -```ruby -describe aws_elasticloadbalancingv2_listener_certificate(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -**Ensure that listener has a desired certificate ARN attached.** - -```ruby -describe aws_elasticloadbalancingv2_listener_certificate(listener_arn: 'LISTENER_ARN') do - its('certificate_arn') { should eq "CERTIFICATE_ARN" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_elasticloadbalancingv2_listener(listener_arn: "LISTENER_ARN") do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeListenerCertificatesOutput" %}} - diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_certificates.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_certificates.md deleted file mode 100644 index f4a60d26be..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_certificates.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_listener_certificates Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_listener_certificates" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_listener_certificates Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_listener_certificates` InSpec audit resource to test properties of multiple TLS or HTTPS listener certificates. - -For additional information, including details on parameters and properties, see the [AWS documentation on ElasticLoadBalancingV2 Listener Certificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a listener ARN exists. - -```ruby -describe aws_elasticloadbalancingv2_listener_certificates(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -## Parameters - -`listener_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the listener certificate. - -## Properties - -`certificate_arns` -: The Amazon Resource Name (ARN) of the certificate. - -`is_default` -: Indicates whether the certificate is the default certificate. - -## Examples - -**Ensure a listener ARN is available.** - -```ruby -describe aws_elasticloadbalancingv2_listener_certificates(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -**Ensure that listener has a desired certificate ARN attached.** - -```ruby -describe aws_elasticloadbalancingv2_listener_certificates(listener_arn: 'LISTENER_ARN') do - its('certificate_arns') { should include "CERTIFICATE_ARN" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticloadbalancingv2_listener_certificates(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticloadbalancingv2_listener_certificates(listener_arn: 'LISTENER_ARN') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeListenerCertificatesOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_rule.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_rule.md deleted file mode 100644 index cff62c2677..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_rule.md +++ /dev/null @@ -1,240 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_listener_rule Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_listener_rule" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_listener_rule Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_listener_rule` InSpec audit resource to test properties of a single listener rule for an Application Load Balancer. Each rule consists of a priority, one or more actions, and one or more conditions. - -For additional information, including details on parameters and properties, see the [AWS documentation on ELBv2 Listener Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a rule exists. - -```ruby -describe aws_elasticloadbalancingv2_listener_rule(rule_arn: 'RULE_ARN') do - it { should exist } -end -``` - -## Parameters - -`rule_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the rule. - -## Properties - -`rule_arn` -: The Amazon Resource Names (ARN) of the rules. - -`priority` -: The rule priority. - -`conditions (field)` -: The field in the HTTP request. Valid values are `http-header`, `http-request-method`, `host-header`, `path-pattern`, `query-string, and source-ip`. - -`conditions (values)` -: The condition value. Specify only when Field is `host-header` or `path-pattern`. Alternatively, to specify multiple host names or multiple path patterns, use `HostHeaderConfig` or `PathPatternConfig`. - -`conditions (host_header_config (values))` -: One or more host names. - -`conditions (path_pattern_config (values))` -: One or more path patterns to compare against the request URL. - -`conditions (http_header_config (http_header_name))` -: The name of the HTTP header field. - -`conditions (http_header_config (Values))` -: One or more strings to compare against the value of the HTTP header. - -`conditions (query_string_config (values (key)))` -: The key of the query string configuration. You can omit the key. - -`conditions (query_string_config (values (value)))` -: The value of the query string configuration. - -`conditions (http_request_method_config (values))` -: The name of the request method. - -`conditions (source_ip_config (values))` -: One or more source IP addresses, in CIDR format. Either IPv4 or IPv6 address. - -`actions (type)` -: The type of action. Valid values: `authenticate-cognito`, `authenticate-oidc`, `fixed-response`, `forward`, `redirect`. - -`actions (target_group_arn)` -: The ARN of the target group. Specified only when Type is `forward` and you are routing to a single target group. If routing to one or more target groups, `ForwardConfig` is used instead. - -`actions (authenticate_oidc_config (issuer))` -: The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`actions (authenticate_oidc_config (authorization_endpoint))` -: The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`actions (authenticate_oidc_config (token_endpoint))` -: The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`actions (authenticate_oidc_config (user_info_endpoint))` -: The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. - -`actions (authenticate_oidc_config (client_id))` -: The OAuth 2.0 client identifier. - -`actions (authenticate_oidc_config (client_secret))` -: The OAuth 2.0 client secret. - -`actions (authenticate_oidc_config (session_cookie_name))` -: The name of the cookie used to maintain session information. The default is `AWSELBAuthSessionCookie`. - -`actions (authenticate_oidc_config (scope))` -: The set of user claims to be requested from the IdP. The default is `openid`. - -`actions (authenticate_oidc_config (session_timeout))` -: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days). - -`actions (authenticate_oidc_config (authentication_request_extra_params))` -: The query parameters (up to 10) to include in the redirect request to the authorization endpoint. - -`actions (authenticate_oidc_config (on_unauthenticated_request))` -: The behavior if the user is not authenticated. Valid values are `deny`, `allow`, and `autheticate`. - -`actions (authenticate_oidc_config (use_existing_client_secret))` -: Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false. - -`actions (authenticate_cognito_config (user_pool_arn))` -: The ARN of the Amazon Cognito user pool. - -`actions (authenticate_cognito_config (user_pool_client_id))` -: The ID of the Amazon Cognito user pool client. - -`actions (authenticate_cognito_config (user_pool_domain))` -: The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. - -`actions (authenticate_cognito_config (session_cookie_name))` -: The name of the cookie used to maintain session information. The default is `AWSELBAuthSessionCookie`. - -`actions (authenticate_cognito_config (scope))` -: The set of user claims to be requested from the IdP. The default is `openid`. - -`actions (authenticate_cognito_config (session_timeout))` -: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days). - -`actions (authenticate_cognito_config (authentication_request_extra_params))` -: The query parameters (up to 10) to include in the redirect request to the authorization endpoint. - -`actions (authenticate_cognito_config (on_unauthenticated_request))` -: The behavior if the user is not authenticated. The following are possible values are `deny`, `allow`, and `authenticate`. - -`actions (order)` -: The order for the action. This value is required for rules with multiple actions. - -`actions (redirect_config (protocol))` -: The protocol. Valid values are: `HTTP`, `HTTPS`, or `#{protocol}`. - -`actions (redirect_config (port))` -: The port. Values range from 1 to 65535 or #{port}. - -`actions (redirect_config (host))` -: The hostname. This component is not percent-encoded. The hostname can contain #{host}. - -`actions (redirect_config (path))` -: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. - -`actions (redirect_config (query))` -: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords. - -`actions (redirect_config (status_code))` -: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302). - -`actions (fixed_response_config (message_body))` -: The message from a custom HTTP response. Only valid when Type is `fixed-response`. - -`actions (fixed_response_config (status_code))` -: The HTTP response code (2XX, 4XX, or 5XX) from a custom HTTP response. - -`actions (fixed_response_config (content_type))` -: The content type from a custom HTTP response. Valid values: `text/plain`, `text/css`, `text/html`, `application/javascript`, `application/json`. - -`actions (forward_config (target_groups ( target_group_tupple (target_group_arn))))` -: The ARN of the target group. - -`actions (forward_config (target_groups ( target_group_tupple (weight))))` -: The weight of the target group. The range is 0 to 999. - -`actions (fixed_response_config (target_group_stickiness_config (enabled)))` -: Indicates whether target group stickiness is enabled. - -`actions (fixed_response_config (target_group_stickiness_config (duration_seconds)))` -: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). - -`is_default` -: Indicates whether this is the default rule. - -## Examples - -**Ensure a rule ARN is available.** - -```ruby -describe aws_elasticloadbalancingv2_listener_rule(rule_arn: 'RULE_ARN') do - its('rule_arn') { should eq 'RULE_ARN' } -end -``` - -**Verify the priority of the desired rule ARN.** - -```ruby -describe aws_elasticloadbalancingv2_listener_rule(rule_arn: 'RULE_ARN') do - its('priority') { should eq 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticloadbalancingv2_listener_rule(rule_arn: 'RULE_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticloadbalancingv2_listener_rule(rule_arn: 'RULE_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_elasticloadbalancingv2_listener_rule(rule_arn: 'dummy') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeRulesOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_rules.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_rules.md deleted file mode 100644 index c1e3f84f49..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listener_rules.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_listener_rules Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_listener_rules" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_listener_rules Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_listener_rules` InSpec audit resource to test properties of multiple listener rules associated with an Application Load Balancer. - -Each rule consists of a priority, one or more actions, and one or more conditions. - -For additional information, including details on parameters and properties, see the [AWS documentation on ELBv2 Listener Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a listener ARN exists. - -```ruby -describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -## Parameters - -`listener_arn` _(required)_ - -: The ARN of the listener. - -## Properties - -`rule_arns` -: The Amazon Resource Name (ARN) of the rule. - -: **Field**: `rule_arns` - -`priorities` -: The rule priority. - -: **Field**: `priorities` - -`conditions` -: The conditions for listener rules. Each rule can include zero or one of the following conditions: `http-request-method` , `host-header` , `path-pattern` , and `source-ip`, and zero or more of the following conditions: `http-header` and `query-string`. - -: **Field**: `conditions` - -`actions` -: The actions for listener rules. Each rule includes exactly one of the following types of actions: `forward`, `redirect`, or `fixed-response`. - -: **Field**: `actions` - -`is_defaults` -: Indicates whether this is the default rule. - -: **Field**: `is_defaults` - -## Examples - -**Ensure a listener ARN is available.** - -```ruby -describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do - its('rule_arns') { should include 'RULE_ARN' } -end -``` - -**Verify the priority of the desired rule ARN.** - -```ruby -describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do - its('priorities') { should include 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeRulesOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listeners.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listeners.md deleted file mode 100644 index b114b0fae2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_listeners.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_listeners Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_listeners" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_listeners Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_listeners` InSpec audit resource to test the properties of multiple Application Load Balancer or Network Load Balancer listeners. - -For additional information, including details on parameters and properties, see the [AWS documentation on ElasticLoadBalancingV2 Listener](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elasticloadbalancingv2_listeners` resource block returns all Application Load Balancer or Network Load Balancer listeners. - -```ruby -describe aws_elasticloadbalancingv2_listener(load_balancer_arn: "LOAD_BALANCER_ARN") do - its { should exist } -end -``` - -## Parameters - -`load_balancer_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the load balancer. - -## Properties - -`listener_arns` -: The Amazon Resource Name (ARN) of the listener. - -`load_balancer_arns` -: The Amazon Resource Name (ARN) of the load balancer. - -`ports` -: The port on which the load balancer is listening. - -`protocols` -: The protocol for connections from clients to the load balancer. - -`certificates` -: The certificates of the listener. - -`ssl_policies` -: The SSL policies of the listener. - -`default_actions` -: The default actions of the listener. - -`alpn_policies` -: The name of the Application-Layer Protocol Negotiation (ALPN) policies of the listener. - -## Examples - -**Ensure there are ports attached to the listener.** - -```ruby -describe aws_elasticloadbalancingv2_listener(load_balancer_arn: "LOAD_BALANCER_ARN") do - its('ports') { should include PORT_NUMBER} -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_elasticloadbalancingv2_listener(load_balancer_arn: "LOAD_BALANCER_ARN") do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeListenersOutput" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_target_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_target_group.md deleted file mode 100644 index 1f547c94ad..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_target_group.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_target_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_target_group" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_target_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_target_group` InSpec audit resource to test properties of a single Elastic Load Balancing V2 target group. - -For additional information, including details on parameters and properties, see the [AWS documentation on ElasticLoadBalancingV2 TargetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a target group arn exists. -```ruby -describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do - it { should exist } -end -``` - -## Parameters - -`target_group_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the target group. - -## Properties - -`target_group_arn` -: The Amazon Resource Name (ARN) of the target group. - -`target_group_name` -: The name of the target group. - -`protocol` -: The protocol to use for routing traffic to the targets. Valid values are: `GENEVE`, `HTTP`, `HTTPS`, `TCP`, `TCP_UDP`, `TLS`, or `UDP`. - -`port` -: The port on which the targets are listening. Not used if the target is a Lambda function. - -`vpc_id` -: The ID of the VPC for the targets. - -`health_check_protocol` -: The protocol to use to connect with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks. - -`health_check_port` -: The port to use to connect with the target. - -`health_check_enabled` -: Indicates whether health checks are enabled. - -`health_check_interval_seconds` -: The approximate amount of time, in seconds, between health checks of an individual target. - -`health_check_timeout_seconds` -: The amount of time, in seconds, during which no response means a failed health check. - -`healthy_threshold_count` -: The number of consecutive health check successes required before considering an unhealthy target healthy. - -`unhealthy_threshold_count` -: The number of consecutive health check failures required before considering the target unhealthy. - -`health_check_path` -: The destination for health checks on the targets. - -`matcher (http_code)` -: For Application Load Balancers, you can specify values between 200 and 499, and the default value is 200. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299"). For Network Load Balancers and Gateway Load Balancers, this must be "200–399". - -`matcher (grpc_code)` -: You can specify values between 0 and 99. You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). The default value is 12. - -`load_balancer_arns` -: The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group. - -`target_type` -: The type of target that you must specify when registering targets with this target group. The possible values are instance (register targets by instance ID), ip (register targets by IP address), or lambda (register a single Lambda function as a target). - -`protocol_version` -: For HTTP or HTTPS protocols, the protocol version. Valid values are `GRPC`, `HTTP1`, and `HTTP2`. - -## Examples - -**Ensure a target group ARN is available.** - -```ruby -describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do - its('target_group_arn') { should eq 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID' } -end -``` - -**Ensure that the target group name exists.** - -```ruby -describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do - its('target_group_name') { should eq 'TARGET_GROUP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticloadbalancingv2_target_group( target_group_arn: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeTargetGroupsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_target_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_target_groups.md deleted file mode 100644 index 16127a879d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticloadbalancingv2_target_groups.md +++ /dev/null @@ -1,137 +0,0 @@ -+++ -title = "aws_elasticloadbalancingv2_target_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticloadbalancingv2_target_groups" -identifier = "inspec/resources/aws/aws_elasticloadbalancingv2_target_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticloadbalancingv2_target_groups` InSpec audit resource to test properties of multiple Elastic Load Balancing V2 target groups. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a target group arn exists. -```ruby -describe aws_elasticloadbalancingv2_target_groups do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on ElasticLoadBalancingV2 TargetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html). - -## Properties - -`target_group_arns` -: The Amazon Resource Name (ARN) of the target group. - -`target_group_names` -: The name of the target group. - -`protocols` -: The protocol to use for routing traffic to the targets. Valid values are: `GENEVE`, `HTTP`, `HTTPS`, `TCP`, `TCP_UDP`, `TLS`, or `UDP`. - -`ports` -: The port on which the targets are listening. Not used if the target is a Lambda function. - -`vpc_id s` -: The ID of the VPC for the targets. - -`health_check_protocols` -: The protocol to use to connect with the target. The `GENEVE`, `TLS`, `UDP`, and `TCP_UDP` protocols are not supported for health checks. - -`health_check_ports` -: The port to use to connect with the target. - -`health_check_enableds` -: Indicates whether health checks are enabled. - -`health_check_interval_seconds` -: The approximate amount of time, in seconds, between health checks of an individual target. - -`health_check_timeout_seconds` -: The amount of time, in seconds, during which no response means a failed health check. - -`healthy_threshold_counts` -: The number of consecutive health check successes required before considering an unhealthy target healthy. - -`unhealthy_threshold_counts` -: The number of consecutive health check failures required before considering the target unhealthy. - -`health_check_paths` -: The destination for health checks on the targets. - -`matchers` -: The HTTP or gRPC codes to use when checking for a successful response from a target. - -`load_balancer_arns` -: The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group. - -`target_types` -: The type of target that you must specify when registering targets with this target group. The possible values are instance (register targets by instance ID), ip (register targets by IP address), or lambda (register a single Lambda function as a target). - -`protocol_versions` -: For HTTP or HTTPS protocols, the protocol version. Valid values are `GRPC`, `HTTP1`, and `HTTP2`. - -## Examples - -**Ensure a target group ARN is available.** - -```ruby -describe aws_elasticloadbalancingv2_target_groups do - its('target_group_names') { should include 'TARGET_GROUP_NAME' } -end -``` - -**Ensure that the target group name exists.** - -```ruby -describe aws_elasticloadbalancingv2_target_groups do - its('protocol_versions') { should include 'HTTP1' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticloadbalancingv2_target_groups do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticloadbalancingv2_target_groups do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_elasticloadbalancingv2_target_groups do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancingV2:Client:DescribeTargetGroupsOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticsearchservice_domain.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticsearchservice_domain.md deleted file mode 100644 index 1594557e34..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticsearchservice_domain.md +++ /dev/null @@ -1,279 +0,0 @@ -+++ -title = "aws_elasticsearchservice_domain Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticsearchservice_domain" -identifier = "inspec/resources/aws/aws_elasticsearchservice_domain Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticsearchservice_domain` InSpec audit resource to test properties of a single specific Elasticsearch domain. - -The AWS::Elasticsearch::Domain resource creates an Amazon Elasticsearch Service (Amazon ES) domain. - -For additional information, including details on parameters and properties, see the [AWS documentation on Elasticsearch Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a domain name exists. - -```ruby -describe aws_elasticsearchservice_domain(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ - -: The name of an Elasticsearch domain. - Pass the domain name as a key-value entry in a hash. - -## Properties - -`domain_id` -: The unique identifier for the specified Elasticsearch domain. - -`domain_name` -: The name of an Elasticsearch domain. - -`arn` -: The Amazon resource name (ARN) of an Elasticsearch domain. - -`created` -: The domain creation status. `true` if the creation of an Elasticsearch domain is complete. `false` if domain creation is still in progress. - -`deleted` -: The domain deletion status. `true` if a delete request has been received for the domain but resource cleanup is still in progress. `false` if the domain has not been deleted. Once domain deletion is complete, the status of the domain is no longer returned. - -`endpoint` -: The Elasticsearch domain endpoint that you use to submit index and search requests. - -`endpoints` -: Key-value map containing the Elasticsearch domain endpoints used to submit index and search requests. - -`processing` -: The status of the Elasticsearch domain configuration. `true` if Amazon Elasticsearch Service is processing configuration changes. `false` if the configuration is active. - -`upgrade_processing` -: The status of an Elasticsearch domain version upgrade. `true` if Amazon Elasticsearch Service is undergoing a version upgrade. `false` if the configuration is active. - -`elasticsearch_version` -: The elasticsearch version. - -`elasticsearch_cluster_config (instance_type)` -: The instance type for an Elasticsearch cluster. UltraWarm instance types are not supported for data instances. - -`elasticsearch_cluster_config (instance_count)` -: The number of instances in the specified domain cluster. - -`elasticsearch_cluster_config (dedicated_master_enabled)` -: A boolean value to indicate whether a dedicated master node is enabled. - -`elasticsearch_cluster_config (zone_awareness_enabled)` -: A boolean value to indicate whether zone awareness is enabled. - -`elasticsearch_cluster_config (zone_awareness_config (availability_zone_count))` -: An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled. - -`elasticsearch_cluster_config (dedicated_master_type)` -: The instance type for a dedicated master node. - -`elasticsearch_cluster_config (dedicated_master_count)` -: Total number of dedicated master nodes, active and on standby, for the cluster. - -`elasticsearch_cluster_config (warm_enabled)` -: True to enable warm storage. - -`elasticsearch_cluster_config (warm_type)` -: The instance type for the Elasticsearch cluster's warm nodes. - -`elasticsearch_cluster_config (warm_count)` -: The number of warm nodes in the cluster. - -`ebs_options (ebs_enabled)` -: Specifies whether EBS-based storage is enabled. - -`ebs_options (volume_type)` -: Specifies the volume type for EBS-based storage. - -`ebs_options (volume_size)` -: Integer to specify the size of an EBS volume. - -`ebs_options (iops)` -: Specifies the IOPD for a Provisioned IOPS EBS volume (SSD). - -`access_policies` -: IAM access policy as a JSON-formatted string. - -`snapshot_options (automated_snapshot_start_hour)` -: Specifies the time, in UTC format, when the service takes a daily automated snapshot of the specified Elasticsearch domain. Default value is 0 hours. - -`vpc_options (vpc_id)` -: The VPC Id for the Elasticsearch domain. Exists only if the domain was created with VPCOptions. - -`vpc_options (subnet_ids)` -: Specifies the subnets for VPC endpoint. - -`vpc_options (availability_zones)` -: The availability zones for the Elasticsearch domain. Exists only if the domain was created with VPCOptions. - -`vpc_options (security_group_ids)` -: Specifies the security groups for VPC endpoint. - -`cognito_options (enabled)` -: Specifies the option to enable Cognito for Kibana authentication. - -`cognito_options (user_pool_id)` -: Specifies the Cognito user pool ID for Kibana authentication. - -`cognito_options (identity_pool_id)` -: Specifies the Cognito identity pool ID for Kibana authentication. - -`cognito_options (role_arn)` -: Specifies the role ARN that provides Elasticsearch permissions for accessing Cognito resources. - -`encryption_at_rest_options (enabled)` -: Specifies the option to enable Encryption At Rest. - -`encryption_at_rest_options (kms_key_id)` -: Specifies the KMS Key ID for Encryption At Rest options. - -`node_to_node_encryption_options (enabled)` -: Specify true to enable node-to-node encryption. - -`advanced_options` -: Additional options to specify for the Amazon ES domain. - -`log_publishing_options (cloud_watch_logs_log_group_arn)` -: ARN of the Cloudwatch log group to which log needs to be published. - -`log_publishing_options (enabled)` -: Specifies whether given log publishing option is enabled or not. - -`service_software_options (current_version)` -: The current service software version that is present on the domain. - -`service_software_options (new_version)` -: The new service software version if one is available. - -`service_software_options (update_available)` -: Whether you are able to update your service software version. Valid values: `true` or `false`. - -`service_software_options (cancellable)` -: Whether you are able to cancel your service software version update. Valid values: `true` or `false`. - -`service_software_options (update_status)` -: The status of your service software update. Valid values: `ELIGIBLE`, `PENDING_UPDATE`, `IN_PROGRESS` , `COMPLETED`, and `NOT_ELIGIBLE`. - -`service_software_options (description)` -: The description of the UpdateStatus. - -`service_software_options (automated_update_date)` -: Timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software. - -`service_software_options (optional_deployment)` -: Whether service software is never automatically updated after `AutomatedUpdateDate`. Valid values: `true` or `false`. - -`domain_endpoint_options (enforce_https)` -: Specify if only HTTPS endpoint should be enabled for the Elasticsearch domain. - -`domain_endpoint_options (tls_security_policy)` -: Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain. Valid values are: `Policy-Min-TLS-1-0-2019-07` and `Policy-Min-TLS-1-2-2019-07`. - -`domain_endpoint_options (custom_endpoint_enabled)` -: Specify if custom endpoint should be enabled for the Elasticsearch domain. Valid values: `true` or `false`. - -`domain_endpoint_options (custom_endpoint)` -: Specify the fully qualified domain for your custom endpoint. - -`domain_endpoint_options (custom_endpoint_certificate_arn)` -: Specify ACM certificate ARN for your custom endpoint. - -`advanced_security_options (enabled)` -: `true` if advanced security is enabled. Valid values: `true` or `false`. - -`advanced_security_options (internal_user_database_enabled)` -: `true` if the internal user database is enabled. Valid values: `true` or `false`. - -`advanced_security_options (saml_options (enabled))` -: `true` if SAML is enabled. Valid values: `true` or `false`. - -`advanced_security_options (saml_options (idp (metadata_content)))` -: The metadata of the SAML application in XML format. - -`advanced_security_options (saml_options (idp (entity_id)))` -: The unique entity ID of the application in SAML Identity Provider. - -`advanced_security_options (saml_options (subject_key))` -: The key used for matching the SAML Subject attribute. - -`advanced_security_options (saml_options (roles_key))` -: The key used for matching the SAML Roles attribute. - -`advanced_security_options (saml_options (session_timeout_minutes))` -: The duration, in minutes, after which a user session becomes inactive. - -## Examples - -**Ensure a domain name is available.** - -```ruby -describe aws_elasticsearchservice_domain(domain_name: 'DOMAIN_NAME') do - its('domain_name') { should eq 'DOMAIN_NAME' } -end -``` - -**Verify the ARN of a desired domain.** - -```ruby -describe aws_elasticsearchservice_domain(domain_name: 'DOMAIN_NAME') do - its('arn') { should eq 'ELASTICSEARCH_DOMAIN_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticsearchservice_domain(domain_name: 'DOMAIN_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticsearchservice_domain(domain_name: 'DOMAIN_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the domain name is available. - -```ruby -describe aws_elasticsearchservice_domain(domain_name: 'DOMAIN_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticsearchService:Client:DescribeElasticsearchDomainResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticsearchservice_domains.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticsearchservice_domains.md deleted file mode 100644 index 6689b18f35..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elasticsearchservice_domains.md +++ /dev/null @@ -1,88 +0,0 @@ -+++ -title = "aws_elasticsearchservice_domains Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elasticsearchservice_domains" -identifier = "inspec/resources/aws/aws_elasticsearchservice_domains Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elasticsearchservice_domains` InSpec audit resource to test properties of a plural Elasticsearch Domains. - -The AWS::Elasticsearch::Domain resource creates an Amazon Elasticsearch Service (Amazon ES) domain. - -For additional information, including details on parameters and properties, see the [AWS documentation on Elasticsearch Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a domain name exists. - -```ruby -describe aws_elasticsearchservice_domains do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`domain_name` -: Specifies the domain name. - -## Examples - -**Ensure a domain name is available.** - -```ruby -describe aws_elasticsearchservice_domains do - its('domain_name') { should include 'DOMAIN_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_elasticsearchservice_domains do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_elasticsearchservice_domains do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_elasticsearchservice_domains do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticsearchService:Client:ListDomainNamesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elb.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elb.md deleted file mode 100644 index a47fd718dc..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elb.md +++ /dev/null @@ -1,182 +0,0 @@ -+++ -title = "aws_elb Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elb" -identifier = "inspec/resources/aws/aws_elb Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elb` InSpec audit resource to test properties of a single AWS Elastic Load Balancer (ELB). - -For additional information, including details on parameters and properties, see the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_elb` resource block declares the tests for a single AWS ELB by ELB name. AWS ELB Names are unique per region. - -```ruby -describe aws_elb('my-elb') do - it { should exist } -end -``` - -```ruby -describe aws_elb(load_balancer_name: 'my-elb') do - it { should exist } -end -``` - -## Parameters - -`load_balancer_name` _(required)_ - -: This resource accepts a single parameter, the ELB Name which uniquely identifies the ELB. - This can be passed either as a string or as a `load_balancer_name: 'value'` key-value entry in a hash. - -## Properties - -`load_balancer_name` -: The name of the load balancer. - -`dns_name` -: The DNS name of the load balancer. - -`availability_zones` -: The Availability Zones for the load balancer. - -`instance_ids` -: An array containing all instance ids associated with the ELB. - -`external_ports` -: An array of the external ports exposed on the ELB. - -`internal_ports` -: An array of the internal ports exposed on the ELB. - -`security_group_ids` -: The security groups for the load balancer. Valid only for load balancers in a VPC. - -`vpc_id` -: The ID of the VPC for the load balancer. - -`subnet_ids` -: The IDs of the subnets for the load balancer. - -`listeners` -: A collection of the listeners for the load balancer. - -`ssl_policies` -: A collection of the SSL Policies configured in-use for the load balancer (and their policy attributes). - -`protocols` -: A list of the protocols configured for the listeners of the load balancer. - -`cross_zone_load_balancing_enabled?` -: The cross-zone load balancing status for ELB. - -`access_log_enabled?` -: The access log status for ELB. - -`certificate_id` -: A list of SSL certificate IDs configured for the listeners of the load balancer. - -## Examples - -**Test that cross-zone load balancing for ELB is enabled.** - -```ruby -describe aws_elb('prod_web_app_elb') do - it { should be_cross_zone_load_balancing_enabled } -end -``` - -**Test that access logs for ELB are enabled.** - -```ruby -describe aws_elb('prod_web_app_elb') do - it { should be_access_log_enabled } -end -``` - -**Test that an ELB has its availability zones configured correctly.** - -```ruby -describe aws_elb('prod_web_app_elb') do - its('availability_zones.count') { should be > 1 } - its('availability_zones') { should include 'us-east-2a' } - its('availability_zones') { should include 'us-east-2b' } -end -``` - -**Ensure an ELB has the correct number of EC2 Instances associated with it.** - -```ruby -describe aws_elb('prod_web_app_elb') do - its('instance_ids.count') { should cmp 3 } -end -``` - -**Ensure the correct DNS is set .** - -```ruby -describe aws_elb('prod_web_app_elb') do - its('dns_name') { should cmp 'your-fqdn.com' } -end -``` - -**Ensure we only expose port 80, both to the public and internal.** - -```ruby -describe aws_elb('prod_web_app_elb') do - its('external_ports.count') { should cmp 1 } - its('external_ports') { should include 80 } - its('internal_ports.count') { should cmp 1 } - its('internal_ports') { should include 80 } -end -``` - -**Ensure the correct EC2 Instances are associated.** - -```ruby -describe aws_elb('prod_web_app_elb') do - its('instance_ids') { should include 'i-12345678' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_elb('AnExistingELB') do - it { should exist } -end -``` - -```ruby -describe aws_elb('ANonExistentELB') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancing:Client:DescribeAccessPointsOutput" %}} - -You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elbs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elbs.md deleted file mode 100644 index 0d80a52c24..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_elbs.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_elbs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_elbs" -identifier = "inspec/resources/aws/aws_elbs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_elbs` InSpec audit resource to test the configuration of a collection of AWS Elastic Load Balancers. - -For additional information, including details on parameters and properties, see the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_elbs do - its('load_balancer_names') { should include 'elb-name' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`load_balancer_names` -: The name of the load balancer. - -`dns_names` -: The DNS name of the load balancer. - -`availability_zones` -: The Availability Zones for the load balancer. - -`instance_ids` -: An array containing all instance ids associated with the ELB. - -`external_ports` -: An array of the external ports exposed on the ELB. - -`internal_ports` -: An array of the internal ports exposed on the ELB. - -`security_group_ids` -: The security groups for the load balancer. Valid only for load balancers in a VPC. - -`vpc_ids` -: The ID of the VPC for the load balancer. - -`subnet_id s` -: The IDs of the subnets for the load balancer. - -## Examples - -**Ensure there are no Load Balancers with an undesired zone.** - -```ruby -describe aws_elbs do - it { should exist } - its('availability_zones') { should_not include 'us-east-1a'} -end -``` - -**Ensure all ELBs expose only port 80.** - -```ruby -aws_elbs.each do |elb| - describe elb do - its('external_ports.count') { should cmp 1 } - its('external_ports') { should include 80 } - its('internal_ports.count') { should cmp 1 } - its('internal_ports') { should include 80 } - end -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_elbs.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_elbs.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ElasticLoadBalancing:Client:DescribeAccessPointsOutput" %}} - -You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_cluster.md deleted file mode 100644 index f06f289a1c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_cluster.md +++ /dev/null @@ -1,162 +0,0 @@ -+++ -title = "aws_emr_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_emr_cluster" -identifier = "inspec/resources/aws/aws_emr_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_emr_cluster` InSpec audit resource to test properties of the singular resource of AWS EMR cluster. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EMR clusters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticmapreduce-cluster.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_emr_cluster` resource block declares the tests for a single AWS EMR cluster by cluster ID. - -```ruby -describe aws_emr_cluster(cluster_id: 'CLUSTER_ID') do - it { should exist } -end -``` - -```ruby -describe aws_emr_cluster('CLUSTER_ID') do - it { should exist } -end -``` - -## Parameters - -`cluster_id` _(required)_ - -: This resource requires a single parameter, the EMR cluster ID. - This can be passed either as a string or as a `cluster_id: 'value'` key-value entry in a hash. - -## Properties - -`cluster_id` -: The unique identifier of the cluster. - -`cluster_arn` -: The Amazon Resource Name (ARN) that identifies the cluster. - -`cluster_name` -: A user-generated string that you use to identify your cluster. - -`state` -: The current state of the cluster. - -`status_state_change_reason_code` -: The programmatic code for the state change reason. - -`status_state_change_reason_message` -: The descriptive message for the state change reason. - -`status_timeline_creation_date_time` -: The creation date and time of the cluster. - -`status_timeline_ready_date_time` -: The date and time when the cluster was ready to run steps. - -`status_timeline_end_date_time` -: The date and time when the cluster was terminated. - -`applications` -: The name of applications installed on this cluster. - -`auto_scaling_role` -: An IAM role for automatic scaling policies. - -`custom_ami_id` -: Available only in Amazon EMR version 5.7.0 and later. The ID of a custom Amazon EBS-backed Linux AMI if the cluster uses a custom AMI. - -`ebs_root_volume_size` -: The size, in GiB, of the Amazon EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later. - -`kerberos_attributes_realm` -: The name of the Kerberos realm to which all nodes in a cluster belong. - -`kerberos_attributes_realm_ad_domain_join_user` -: A user with sufficient privileges to join resources to the domain. Required only when establishing a cross-realm trust with an Active Directory domain. - -`log_encryption_kms_key_id` -: The KMS key used for encrypting log files. - -`log_uri` -: The path to the Amazon S3 location where logs for this cluster are stored. - -`release_label` -: The Amazon EMR release label, which determines the version of open-source application packages installed on the cluster. - -`scale_down_behavior` -: The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. Valid values are TERMINATE_AT_INSTANCE_HOUR, TERMINATE_AT_TASK_COMPLETION. - -`service_role` -: The IAM role that Amazon EMR assumes in order to access Amazon Web Services resources on your behalf. - -`step_concurrency_level` -: Specifies the number of steps that can be executed concurrently. - -`visible_to_all_users` -: Indicates whether the cluster is visible to IAM principals in the Amazon Web Services account associated with the cluster. - -`managed_scaling_policy_unit_type` -: The unit type used for specifying a managed scaling policy. Valid values are InstanceFleetUnits, Instances, VCPU. - -`security_configuration_name` -: The name of the security configuration applied to the cluster. - -## Examples - -**Test that an EMR cluster state is `WAITING`.** - -```ruby -describe aws_emr_cluster('CLUSTER_ID') do - its ('state') { should eq 'WAITING' } -end -``` - -**Test that an EMR cluster state is `RUNNING`.** - -```ruby -describe aws_emr_cluster('CLUSTER_ID') do - its ('state') { should eq 'RUNNING' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test an entity that should exist. - -```ruby -describe aws_emr_cluster('CLUSTER_ID') do - it { should exist } -end -``` - -Use `should_not` to test for an entity that should not exist. - -```ruby -describe aws_emr_cluster('CLUSTER_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EMR:Client:DescribeClusterOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_clusters.md deleted file mode 100644 index acee3adecf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_clusters.md +++ /dev/null @@ -1,189 +0,0 @@ -+++ -title = "aws_emr_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_emr_clusters" -identifier = "inspec/resources/aws/aws_emr_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_emr_clusters` resource to test the configuration of a collection of clusters of AWS Elastic MapReduce Service. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EMR clusters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticmapreduce-cluster.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_emr_clusters do - its('cluster_ids') { should include 'CLUSTER_ID'} -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`cluster_ids` -: The unique identifier of the cluster. - -: **Field**: `cluster_id` - -`cluster_arns` -: The Amazon Resource Name (ARN) that identifies the cluster. - -: **Field**: `cluster_arn` - -`cluster_names` -: A user-generated string that you use to identify your cluster. - -: **Field**: `cluster_name` - -`status_states` -: The current state of the cluster. - -: **Field**: `status(state)` - -`status_state_change_reason_code` -: The programmatic code for the state change reason. - -: **Field**: `status(state_change_reason(code))` - -`status_state_change_reason_message` -: The descriptive message for the state change reason. - -: **Field**: `status(state_change_reason(message))` - -`status_timeline_creation_date_time` -: The creation date and time of the cluster. - -: **Field**: `status(timeline(creation_date_time))` - -`status_timeline_ready_date_time` -: The date and time when the cluster was ready to run steps. - -: **Field**: `status(timeline(ready_date_time))` - -`status_timeline_end_date_time` -: The date and time when the cluster was terminated. - -: **Field**: `status(timeline(end_date_time))` - -`applications` -: The name of applications installed on this cluster. - -: **Field**: `applications` - -`auto_scaling_roles` -: An IAM role for automatic scaling policies. - -: **Field**: `auto_scaling_role` - -`custom_ami_ids` -: Available only in Amazon EMR version 5.7.0 and later. The ID of a custom Amazon EBS-backed Linux AMI if the cluster uses a custom AMI. - -: **Field**: `custom_ami_id` - -`ebs_root_volume_sizes` -: The size, in GiB, of the Amazon EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later. - -: **Field**: `ebs_root_volume_size` - -`kerberos_attributes_realms` -: The name of the Kerberos realm to which all nodes in a cluster belong. - -: **Field**: `kerberos_attributes(realm)` - -`kerberos_attributes_realm_ad_domain_join_user` -: A user with sufficient privileges to join resources to the domain. Required only when establishing a cross-realm trust with an Active Directory domain. - -: **Field**: `kerberos_attributes(ad_domain_join_user)` - -`log_encryption_kms_key_ids` -: The KMS key used for encrypting log files. - -: **Field**: `log_encryption_kms_key_id` - -`log_uris` -: The path to the Amazon S3 location where logs for this cluster are stored. - -: **Field**: `log_uri` - -`release_labels` -: The Amazon EMR release label, which determines the version of open-source application packages installed on the cluster. - -: **Field**: `release_label` - -`scale_down_behaviors` -: The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. Valid values are TERMINATE_AT_INSTANCE_HOUR, TERMINATE_AT_TASK_COMPLETION. - -: **Field**: `scale_down_behavior` - -`service_roles` -: The IAM role that Amazon EMR assumes in order to access Amazon Web Services resources on your behalf. - -: **Field**: `service_role` - -`step_concurrency_levels` -: Specifies the number of steps that can be executed concurrently. - -: **Field**: `step_concurrency_level` - -`visible_to_all_users` -: Indicates whether the cluster is visible to IAM principals in the Amazon Web Services account associated with the cluster. - -: **Field**: `visible_to_all_users` - -`security_configuration_names` -: The name of the security configuration applied to the cluster. - -: **Field**: `security_configuration` - -## Examples - -**Ensure there are no EMR clusters in an undesired state.** - -```ruby -describe aws_emr_clusters do - it { should exist } - its('state') { should_not include 'UNDESIRED_STATE'} - its('cluster_ids') { should include 'CLUSTER_ID'} -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://docs.chef.io/inspec/matchers/). - -### exist - -Use `should` to test for an entity that should exist. - -```ruby -describe aws_emr_clusters.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test for an entity that should not exist. - -```ruby -describe aws_emr_clusters.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `EMR:Client:DescribeClusterOutput`, `EMR:Client:ListClustersOutput` actions set to allow. - -You can find detailed documentation at [Amazon EMR IAM Policies, Roles, and Permissions](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html) -The documentation for EMR actions is at [Policy Structure](https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_id-based-policy-examples.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_security_configuration.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_security_configuration.md deleted file mode 100644 index 450c1c6c5f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_security_configuration.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_emr_security_configuration Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_emr_security_configuration" -identifier = "inspec/resources/aws/aws_emr_security_configuration Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_emr_security_configuration` InSpec audit resource to test properties of the singular resource of AWS EMR security configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EMR security configuration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_emr_security_configuration` resource block declares the tests for a single AWS EMR security configuration by `security_configuration_name`. - -```ruby -describe aws_emr_security_configuration(security_configuration_name: 'SECURITY_CONFIGURATION_NAME') do - it { should exist } -end -``` - -```ruby -describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do - it { should exist } -end -``` - -## Parameters - -`security_configuration_name` _(required)_ - -: This resource requires a single parameter, the EMR security configuration name. - This can be passed either as a string or as a `security_configuration_name: 'value'` key-value entry in a hash. - -## Properties - -`encryption_at_rest` -: Specifies whether at-rest encryption is enabled for the cluster. - -`encryption_in_transit` -: Specifies whether in-transit encryption is enabled for the cluster. - -`local_disk_encryption` -: Specifies whether local-disk encryption is enabled for the cluster. - -## Examples - -**Test that an EMR security configuration has at-rest encryption enabled.** - -```ruby -describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do - its ('encryption_at_rest') { should eq true } -end -``` - -**Test that an EMR security configuration has in-transit encryption enabled.** - -```ruby -describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do - its ('encryption_in_transit') { should eq true } -end -``` - -**Test that an EMR security configuration has local-disk encryption enabled.** - -```ruby -describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do - its ('local_disk_encryption') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test the entity should exist. - -```ruby -describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EMR:Client:DescribeSecurityConfigurationOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_security_configurations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_security_configurations.md deleted file mode 100644 index d48e662187..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_emr_security_configurations.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_emr_security_configurationss Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_emr_security_configurationss" -identifier = "inspec/resources/aws/aws_emr_security_configurationss Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_emr_security_configurations` resource to test the properties of collection for AWS EMR security configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EMR security configuration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_emr_security_configurations do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`security_configuration_names` -: The name of the security configuration. - -: **Field**: `name` - -`encryption_at_rest` -: Specifies whether at-rest encryption is enabled for the cluster. - -: **Field**: `security_configuration(EncryptionConfiguration(EnableAtRestEncryption))` - -`encryption_in_transit` -: Specifies whether in-transit encryption is enabled for the cluster. - -: **Field**: `security_configuration(EncryptionConfiguration(EnableInTransitEncryption))` - -`local_disk_encryption` -: Specifies whether local-disk encryption is enabled for the cluster. - -: **Field**: `security_configuration(EncryptionConfiguration(AtRestEncryptionConfiguration(LocalDiskEncryptionConfiguration)))` - -## Examples - -**Ensure AWS EMR security configurations exists.** - -```ruby -describe aws_emr_security_configurations do - it { should exist } - its('encryption_at_rests') { should include encryption_at_rest } - its('encryption_in_transits') { should include encryption_in_transit } - its('local_disk_encryptions') { should include local_disk_encryption } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://docs.chef.io/inspec/matchers/). - -### exist - -Use `should` to test an entity that should exist. - -```ruby -describe aws_emr_security_configurations.where(security_configuration_name: 'SECURITY_CONFIGURATION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_emr_security_configurations.where(security_configuration_name: 'INVALID_SECURITY_CONFIGURATION_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EMR:Client:DescribeSecurityConfigurationOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eventbridge_rule.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eventbridge_rule.md deleted file mode 100644 index e5f6180e13..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eventbridge_rule.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_eventbridge_rule Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_eventbridge_rule" -identifier = "inspec/resources/aws/aws_eventbridge_rule Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_eventbridge_rule` InSpec audit resource to test properties of a single Amazon EventBridge event rule. - -The AWS::Events::Rule resource creates a rule that matches incoming events and routes them to one or more targets for processing. - -For additional information, including details on parameters and properties, see the [AWS documentation on Events Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a rule name exists. - -```ruby -describe aws_eventbridge_rule(name: 'test_rule') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The name of the rule. - Pass the name as a key-value entry in a hash. - -## Properties - -`name` -: The name of the rule. - -`arn` -: The Amazon Resource Name (ARN) of the rule. - -`event_pattern` -: The event pattern. - -`schedule_expression` -: The scheduling expression. For example, "cron(0 20 * * ? *)", "rate(5 minutes)". - -`state` -: Specifies whether the rule is enabled or disabled. - -`description` -: The description of the rule. - -`role_arn` -: The Amazon Resource Name (ARN) of the IAM role associated with the rule. - -`managed_by` -: If this is a managed rule, created by an AWS service on your behalf, this field displays the principal name of the AWS service that created the rule. - -`event_bus_name` -: The name of the event bus associated with the rule. - -## Examples - -**Ensure a rule name is available.** - -```ruby -describe aws_eventbridge_rule(name: 'RULE_NAME') do - its('name') { should eq 'RULE_NAME' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_eventbridge_rule(name: 'RULE_NAME') do - its('state') { should eq 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_eventbridge_rule(name: 'test_rule') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_eventbridge_rule(name: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_eventbridge_rule(name: 'test_rule') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EventBridge:Client:DescribeRuleResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eventbridge_rules.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eventbridge_rules.md deleted file mode 100644 index fa4d288491..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_eventbridge_rules.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_eventbridge_rules Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_eventbridge_rules" -identifier = "inspec/resources/aws/aws_eventbridge_rules Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_eventbridge_rules` InSpec audit resource to test properties of multiple Amazon EventBridge event rules. - -The AWS::Events::Rule resource creates a rule that matches incoming events and routes them to one or more targets for processing. - -For additional information, including details on parameters and properties, see the [AWS documentation on Events Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a rule name exists. - -```ruby -describe aws_eventbridge_rules do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The name of the rule. - -`arns` -: The Amazon Resource Name (ARN) of the rule. - -`event_patterns` -: The event pattern. - -`schedule_expressions` -: The scheduling expression. For example, "cron(0 20 * * ? *)", "rate(5 minutes)". - -`states` -: Specifies whether the rule is enabled or disabled. - -`descriptions` -: The description of the rule. - -`role_arns` -: The Amazon Resource Name (ARN) of the IAM role associated with the rule. - -`managed_bys` -: If this is a managed rule, created by an AWS service on your behalf, this field displays the principal name of the AWS service that created the rule. - -`event_bus_names` -: The name of the event bus associated with the rule. - -## Examples - -**Ensure a rule name is available.** - -```ruby -describe aws_eventbridge_rules do - its('name') { should include 'test_rule' } -end -``` - -**Ensure that the state is `ENABLED` or `DISABLED`.** - -```ruby -describe aws_eventbridge_rules do - its('state') { should include 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_eventbridge_rules do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_eventbridge_rules do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the rule name is available. - -```ruby -describe aws_eventbridge_rules do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EventBridge:Client:ListRulesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_flow_log.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_flow_log.md deleted file mode 100644 index 0828309e60..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_flow_log.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "aws_flow_log Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_flow_log" -identifier = "inspec/resources/aws/aws_flow_log Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_flow_log` InSpec audit resource to test properties of a single Flow Log. - -For additional information, including details on parameters and properties, see the [AWS documentation on Flow Logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_flow_log(flow_log_id: 'fl-9c718cf5') do - it { should exist } -end -``` - -## Parameters - -This resource requires at least one of the following parameters to be provided: `flow_log_id`, `subnet_id`, `vpc_id`. - -`flow_log_id` _(required if no other parameters provided)_ - -: The Flow Log ID which uniquely identifies the Flow Log. - This can be passed either as a string or as a `flow_log_id: 'value'` key-value entry in a hash. - -`subnet_id` _(required if no other parameters provided)_ - -: The subnet associated with the Flow Log, if applicable. - This must be passed as a `subnet_id: 'value'` key-value entry in a hash. - -`vpc_id` _(required if no other parameters provided)_ - -: The VPC associated with the Flow Log, if applicable. - This must be passed as a `vpc_id: 'value'` key-value entry in a hash. - -## Properties - -`flow_log_id` -: The ID of the Flow Log. - -`log_group_name` -: The name of the associated log group. - -`resource_id` -: The ID of the assosiated resource, e.g. VPC, Subnet or Network Interface. - -## Examples - -**Search for a flow log by the associated subnet id.** - -```ruby -describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do - it { should exist } -end -``` - -**Search for a flow log by the associated VPC id.** - -```ruby -describe aws_flow_log(vpc_id: 'vpc-96cabaef') do - it { should exist } -end -``` - -**Ensure the correct Flow Log is associated with a Subnet.** - -```ruby -describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do - its('flow_log_id') { should cmp 'fl-9c718cf5' } -end -``` - - -**Ensure the Flow Log is associated with the correct resource type.** - -```ruby -describe aws_flow_log('fl-9c718cf5') do - its('resource_type') { should cmp 'subnet' } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_flow_log('AnExistingFlowLog') do - it { should exist } -end -``` - -```ruby -describe aws_flow_log('ANonExistentFlowLog') do - it { should_not exist } -end -``` - - -#### be_attached_to_eni - -Indicates that the Flow Log is attached to a ENI resource. - -```ruby -describe aws_flow_log('fl-9c718cf5') do - it { should be_attached_to_eni } -end -``` - -#### be_attached_to_subnet - -Indicates that the Flow Log is attached to a subnet resource. - -```ruby -describe aws_flow_log('fl-9c718cf5') do - it { should be_attached_to_subnet } -end -``` - -#### be_attached_to_vpc - -Indicates that the Flow Log is attached to a vpc resource. - -```ruby -describe aws_flow_log('fl-9c718cf5') do - it { should be_attached_to_vpc } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeFlowLogsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_crawler.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_crawler.md deleted file mode 100644 index d59036311c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_crawler.md +++ /dev/null @@ -1,152 +0,0 @@ -+++ -title = "aws_glue_crawler Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_glue_crawler" -identifier = "inspec/resources/aws/aws_glue_crawler Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_glue_crawler` InSpec audit resource to test properties of a single AWS Glue crawler. - -The AWS::Glue::Crawler resource specifies an AWS Glue crawler. - -For additional information, including details on parameters and properties, see the [AWS documentation on Glue Crawler](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-crawler.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a crawler name exists. - -```ruby -describe aws_glue_crawler(name: 'CRAWLER_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The name of the crawler. - -## Properties - -`name` -: The name of the crawler. - -`role` -: The ARN of an IAM role that's used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data. - -`target` -: A collection of targets to crawl. - -`database_name` -: The name of the database in which the crawler's output is stored. - -`description` -: A description of the crawler. - -`classifier` -: A list of UTF-8 strings that specify the custom classifiers that are associated with the crawler. - -`recrawl_policy` -: A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run. - -`schema_change_policy` -: The policy that specifies update and delete behaviors for the crawler. - -`lineage_configuration` -: A configuration that specifies whether data lineage is enabled for the crawler. - -`state` -: Whether the crawler is running, or whether a run is pending. - -`table_prefix` -: The prefix added to the names of tables that are created. - -`schedule` -: For scheduled crawlers, the schedule when the crawler runs. - -`crawl_elapsed_time` -: If the crawler is running, contains the total time elapsed since the last crawl began. - -`creation_time` -: The time that the crawler was created. - -`last_updated` -: The time that the crawler was last updated. - -`last_crawl` -: The status of the last crawl, and potentially error information if an error occurred. - -`version` -: The version of the crawler. - -`configuration` -: Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. - -`crawler_security_configuration` -: The name of the `SecurityConfiguration` structure to be used by this crawler. - -## Examples - -**Ensure a crawler name is available.** - -```ruby -describe aws_glue_crawler(name: 'CRAWLER_NAME') do - its('name') { should eq 'CRAWLER_NAME' } -end -``` - -**Verify the database name in the crawler.** - -```ruby -describe aws_glue_crawler(name: 'CRAWLER_NAME') do - its('database_name') { should eq 'CRAWLER_DATABASE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_glue_crawler(name: 'crawler_name') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_glue_crawler(name: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_glue_crawler(name: 'crawler_name') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetCrawlerResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_crawlers.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_crawlers.md deleted file mode 100644 index 29b31fa1dd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_crawlers.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_glue_crawlers Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_glue_crawlers" -identifier = "inspec/resources/aws/aws_glue_crawlers Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_glue_crawlers` InSpec audit resource to test properties of a plural Glue Crawlers. - -The AWS::Glue::Crawler resource specifies an AWS Glue crawler. - -For additional information, including details on parameters and properties, see the [AWS documentation on Glue Crawler](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-crawler.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a crawler exists. - -```ruby -describe aws_glue_crawlers do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The name of a crawler. - -`roles` -: The ARNs of IAM roles used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data. - -`targets` -: A collection of targets to crawl. - -`database_names` -: The name of the database in which a crawler's output is stored. - -`descriptions` -: A description of a crawler. - -`classifiers` -: A list of UTF-8 strings that specify the custom classifiers that are associated with a crawler. - -`recrawl_policies` -: A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run. - -`schema_change_policies` -: The policy that specifies update and delete behaviors for a crawler. - -`lineage_configurations` -: A configuration that specifies whether data lineage is enabled for a crawler. - -`states` -: Whether a crawler is running, or whether a run is pending. - -`table_prefixes` -: The prefix added to the names of tables that are created. - -`schedules` -: The schedule of a crawler. - -`crawl_elapsed_times` -: If a crawler is running, contains the total time elapsed since the last crawl began. - -`creation_times` -: The time that a crawler was created. - -`last_updated` -: The time that a crawler was last updated. - -`last_crawls` -: The status of the last crawl, and potentially error information if an error occurred. - -`versions` -: The version of a crawler. - -`configurations` -: Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. - -`crawler_security_configurations` -: The name of the `SecurityConfiguration` structure to be used by a crawler. - -## Examples - -**Ensure a crawler name is available.** - -```ruby -describe aws_glue_crawlers do - its('names') { should include 'CRAWLER_NAME' } -end -``` - -**Ensure a database name is available.** - -```ruby -describe aws_glue_crawlers do - its('database_names') { should include 'CRAWLER_DATABASE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_glue_crawlers do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_glue_crawlers do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if a crawler name is available. - -```ruby -describe aws_glue_crawlers do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetCrawlersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_database.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_database.md deleted file mode 100644 index 50b96de4df..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_database.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_glue_database Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_glue_database" -identifier = "inspec/resources/aws/aws_glue_database Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_glue_database` InSpec audit resource to test properties of a single Glue database. - -The AWS::Glue::Database resource specifies a logical grouping of tables in AWS Glue. - -For additional information, including details on parameters and properties, see the [AWS documentation on Glue Database](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-database.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a database name exists. - -```ruby -describe aws_glue_database(name: 'GLUE_DATABASE_NAME') - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The name of the Glue database. - -## Properties - -`name` -: The name of the database. For Hive compatibility, this is folded to lowercase when it is stored. - -`description` -: A description of the database. - -`location_uri` -: The location of the database (for example, an HDFS path). - -`parameters` -: These key-value pairs define parameters and properties of the database. - -`create_time` -: The time at which the metadata database was created in the catalog. - -`create_table_default_permissions (principal (data_lake_principal_identifier))` -: An identifier for the AWS Lake Formation principal. - -`create_table_default_permissions (permissions)` -: The permissions that are granted to the principal. - -`target_database (catalog_id)` -: The ID of the Data Catalog in which the database resides. - -`target_database (database_name)` -: The name of the catalog database. - -`catalog_id` -: The ID of the Data Catalog in which the database resides. - -## Examples - -**Ensure a database name is available.** - -```ruby -describe aws_glue_database(name: 'GLUE_DATABASE_NAME') do - its('name') { should eq 'GLUE_DATABASE_NAME' } -end -``` - -**Ensure a target database name is available.** - -```ruby -describe aws_glue_database(name: 'GLUE_DATABASE_NAME') do - its('target_database.database_name') { should eq 'CATALOG_DATABASE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_glue_database(name: 'GLUE_DATABASE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_glue_database(name: 'GLUE_DATABASE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the database name is available. - -```ruby -describe aws_glue_database(name: 'GLUE_DATABASE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetDatabaseResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_databases.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_databases.md deleted file mode 100644 index b946899ff1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_glue_databases.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "aws_glue_databases Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_glue_databases" -identifier = "inspec/resources/aws/aws_glue_databases Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_glue_databases` InSpec audit resource to test properties of multiple Glue databases. - -The AWS::Glue::Database resource specifies a logical grouping of tables in AWS Glue. - -For additional information, including details on parameters and properties, see the [AWS documentation on Glue Database](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-database.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a database name exists. - -```ruby -describe aws_glue_databases - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The name of a database. For Hive compatibility, this is folded to lowercase when it is stored. - -`descriptions` -: A description of a database. - -`location_uris` -: The location of a database (for example, an HDFS path). - -`parameters` -: These key-value pairs define parameters and properties of a database. - -`create_times` -: The time at which the metadata database was created in the catalog. - -`create_table_default_permissions` -: Creates a set of default permissions on the table for principals.. - -`target_databases` -: A DatabaseIdentifier structure that describes a target database for resource linking. - -`catalog_ids` -: The ID of the Data Catalog in which a database resides. - -## Examples - -**Ensure a database name is available.** - -```ruby -describe aws_glue_databases - its('names') { should include 'GLUE_DATABASE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_glue_databases - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_glue_databases - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if a database name is available. - -```ruby -describe aws_glue_databases - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetDatabasesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_guardduty_detector.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_guardduty_detector.md deleted file mode 100644 index 8b983f9312..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_guardduty_detector.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_guardduty_detector Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_guardduty_detector" -identifier = "inspec/resources/aws/aws_guardduty_detector Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_guardduty_detector` InSpec audit resource to test properties of a single AWS GuardDuty Detector. - -For additional information, including details on parameters and properties, see the [Actions, Resources, and Condition Keys for Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetDetector.html). - -For additional information, including details on parameters and properties, see the [AWS documentation on GuardDuty Detectors](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html). - -## Requirements - -Train AWS version 0.1.18 or newer is required for this resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_guardduty_detector` resource block declares the tests for a single AWS GuardDuty Detector by detector id. - -```ruby -describe aws_guardduty_detector(detector_id: '12abc34d567e8fa901bc2d34e56789f0') do - it { should exist } -end -``` - -## Parameters - -`detector_id` _(required)_ - -: This resource accepts a single parameter, the GuardDuty Detector ID. - This can be passed either as a string or as a `detector_id: 'value'` key-value entry in a hash. - -## Properties - -`created_at` -: The timestamp of when the detector was created. - -`data_sources` -: An object that describes which data sources are enabled for the detector. - -`finding_publishing_frequency` -: The publishing frequency of the finding. - -`service_role` -: The GuardDuty service role. - -`status` -: The detector status. Status should be either ENABLED or DISABLED. - -`tags` -: The tags of the detector resource. - -`updated_at` -: The last-updated timestamp for the detector. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetDetector.html) - -## Examples - -**Check the publishing frequency of a Detector.** - -```ruby -describe aws_guardduty_detector(detector_id: '12abc34d567e8fa901bc2d34e56789f0') do - its('finding_publishing_frequency') { should eq "SIX_HOURS" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the status of the detector is enabled. - -```ruby -describe aws_guardduty_detector(detector_id: 'detector-id-1234') do - it { should be_enabled } -end -``` - -```ruby -describe aws_guardduty_detector(detector_id: 'detector-id-6789') do - it { should_not be_enabled } -end -``` - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_guardduty_detector(detector_id: '12abc34d567e8fa901bc2d34e56789f0') do - it { should exist } -end -``` - -```ruby -describe aws_guardduty_detector(detector_id: '809abz34d567e8fa91bc2d34e56789f5') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="GuardDuty:Client:GetDetectorResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_guardduty_detectors.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_guardduty_detectors.md deleted file mode 100644 index fd08aaeaef..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_guardduty_detectors.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "aws_guardduty_detectors Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_guardduty_detectors" -identifier = "inspec/resources/aws/aws_guardduty_detectors Resource" -parent = "inspec/resources/aws" -+++ - - - -Use the `aws_guardduty_detectors` InSpec audit resource to test properties of some or all AWS GuardDuty Detectors. - -For additional information, including details on parameters and properties, see the [Actions, Resources, and Condition Keys for Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetDetector.html). - -For additional information, including details on parameters and properties, see the [AWS documentation on GuardDuty Detectors](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html). - -## Requirements - -Train AWS version 0.1.18 or newer is required for this resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 Detectors available to you. - -```ruby -describe aws_guardduty_detectors do - its('detector_ids.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`detector_ids` -: A list of detector IDs. - -## Examples - -**Ensure GuardDuty Detector ID exists.** - -```ruby -describe aws_guardduty_detectors do - its('detector_ids') { should include ['detector-id-43542'] } -end -``` - -**Use the InSpec resource to request the IDs of all Detectors, then test in-depth using `aws_guardduty_detector` to ensure all detectors have a six hour publishing frequency.** - -```ruby -aws_guardduty_detectors.detector_ids.first.each do |detector_id| - describe aws_guardduty_detector(detector_id: detector_id) do - it { should exist } - its('finding_publishing_frequency') { should eq "SIX_HOURS" } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_guardduty_detectors do - it { should exist } -end -``` - -```ruby -describe aws_guardduty_detectors do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="GuardDuty:Client:GetDetectorResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_hosted_zone.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_hosted_zone.md deleted file mode 100644 index 2df49c5422..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_hosted_zone.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_hosted_zone Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_hosted_zone" -identifier = "inspec/resources/aws/aws_hosted_zone Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_hosted_zone` resource to test a specific hosted zone configuration. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_hosted_zone('zone-name') do - it { should exist } - its ('name_servers.count') { should eq 4 } - its ('private_zone') { should be false } - its ('record_names') { should include 'sid-james.carry-on.films.com' } -end -``` - -## Parameters - -`zone_name` - -: This resource takes one parameter, the name of the hosted zone to validate. - -## Properties - -`name` -: The name of the hosted zone. - -`id` -: It's id. - -`name_servers` -: List of the associated name servers. - -`private_zone` -: If the hosted zone if private or public. - -`record_count` -: Number of associated records. - -`records` -: The associated records, flattens the list, so each rule will have multiple records for each type. - -## Examples - -**Ensure a specific hosted zone exists.** - -```ruby -describe aws_hosted_zone('zone-name') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe passes all tests. - -Use `exist` to validate the hosted zone exists - -```ruby -describe aws_hosted_zone('zone-name') do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_hosted_zone('zone-name') do - it { should_not exist } -end -``` - -### should - -The control will pass if the describe passes all tests. - -Use `should` to validate the hosted zone if public or private, the number of name servers is correct or that a specific record exists e.g. - -```ruby -describe aws_hosted_zone('zone-name') do - it { should exist } - its ('name_servers.count') { should eq 4 } - its ('private_zone') { should be false } - its ('record_names') { should include 'sid-james.carry-on.films.com' } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53:Client:GetHostedZoneResponse" %}} - -You can find detailed documentation at [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_hosted_zones.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_hosted_zones.md deleted file mode 100644 index 04b1f4e9e0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_hosted_zones.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_hosted_zones Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_hosted_zones" -identifier = "inspec/resources/aws/aws_hosted_zones Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_hosted_zones` InSpec audit resource to test the properties of multiple AWS Route53 hosted zones. - -The `AWS::Route53::HostedZone` creates a new public or private hosted zone. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::Route53::HostedZone` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-hostedzone.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure the hosted zones are available - -```ruby -describe aws_hosted_zones do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID that Amazon Route 53 assigned to the hosted zone when you created it. - -: **Field**: `id` - -`names` -: The name of the domain. - -: **Field**: `name` - -`caller_references` -: The value that you specified for CallerReference when you created the hosted zone. - -: **Field**: `caller_reference` - -`configs` -: A complex type that includes the Comment and PrivateZone elements. - -: **Field**: `config` - -`resource_record_set_counts` -: The number of resource record sets in the hosted zone. - -: **Field**: `resource_record_set_count` - -`linked_services` -: If the hosted zone was created by another service, the service that created the hosted zone. - -: **Field**: `linked_service` - -## Examples - -**Ensure that there are more than one hosted zone.** - -```ruby -describe aws_hosted_zones do - its('count') { should >= 1 } -end -``` - -**Ensure a hosted zone is available.** - -```ruby -describe aws_hosted_zones do - its('ids') { should include 'HOSTED_ZONE_ID' } -end -``` - -**Ensure a hosted zone name is available.** - -```ruby -describe aws_hosted_zones do - its('names') { should include 'HOSTED_ZONE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_hosted_zones do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_hosted_zones do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53:Client:ListHostedZonesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_access_key.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_access_key.md deleted file mode 100644 index 97b0a142e7..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_access_key.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_iam_access_key Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_access_key" -identifier = "inspec/resources/aws/aws_iam_access_key Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_access_key` InSpec audit resource to test properties of a single AWS IAM Access Key. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_access_key` resource allows the testing of a single AWS IAM Access Key. - -```ruby -describe aws_iam_access_key(access_key_id: 'AKIA1111111111111111') do - it { should exist } -end -``` - -## Parameters - -This resources requires either an `access_key_id` or the IAM `username` associated with the Access Key. - -`access_key_id` _(required if `username` not provided.)_ - -: The Access Key ID which uniquely identifies the Key. Begins with the characters "AKIA". - This can be passed either as a string or as a `access_key_id: 'value'` key-value entry in a hash. - -`username` _(required if `access_key_id` not provided.)_ - -: The IAM Username which is associated with the Access Key. - This can be passed either as a string or as a `username: 'value'` key-value entry in a hash. - -## Properties - -`access_key_id` -: The ID of the Access Key. - -`username` -: The IAM Username which is associated with the Access Key. - -`status` -: The status of the Access Key, e.g. "Active". - -`create_date` -: The creation date of the Access Key. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Test that an IAM Access Key has been used in the last 90 days.** - -```ruby -describe aws_iam_access_key(access_key_id: 'AKIA1111111111111111') do - it { should exist } - its('last_used_date') { should be > Time.now - 90 * 86400 } -end -``` - -**Test that an IAM Access Key for a specific user exists.** - -```ruby -describe aws_iam_access_key(username: 'psmith', id: 'AKIA1111111111111111') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -### active - -The `active` matcher tests if the described IAM Access Key has a status of Active. - -```ruby -it { should be_active } -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetAccessKeyLastUsedResponse" %}} - -You can find detailed documentation at [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html) \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_access_keys.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_access_keys.md deleted file mode 100644 index 292628417d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_access_keys.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_iam_access_keys Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_access_keys" -identifier = "inspec/resources/aws/aws_iam_access_keys Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all AWS IAM Access Keys. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_access_keys` resource block returns all IAM Access Keys and allows the testing of that group of Access Keys. - -```ruby -describe aws_iam_access_keys do - it { should exist } - its('access_key_ids') { should include 'AKIA1111111111111111' } -end -``` - -## Parameters - -This resources accepts a single optional parameter, a Username for which to retrieve all Access Keys. -If not provided, all Access Keys for all Users will be retrieved. - -`username` _(optional)_ - -: The IAM Username for which to retrieve the Access Keys. - This can be passed either as a string or as a `username: 'value'` key-value entry in a hash. - -## Properties - -`access_key_id` -: The ID of the Access Key. - -`username` -: The IAM Username which is associated with the Access Key. - -`active` -: Indicates if the status of the Key is Active. - -`inactive` -: Indicates if the status of the Key is Inactive. - -`ever_used` -: Indicates if the Key has ever been used. - -`never_used` -: Indicates if the Key has never been used. - -`create_date` -: The creation date of the Access Key. - -`created_days_ago` -: How many days ago the Access Key was created. - -`created_hours_ago` -: How many hours ago the Access Key was created. - -`created_with_user` -: Boolean indicating if the Access Key was created with a user. - -`last_used_date` -: The date the Access Key was last used. - -`last_used_hours_ago` -: How many hours ago the Key was last used. - -`last_used_days_ago` -: How many days ago the Key was last used. - -`user_created_date` -: The date on which the associated User was created. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Test all Active keys.** - -```ruby -describe aws_iam_access_keys.where(active: true) do - its('access_key_ids') { should include 'AKIA1111111111111111' } -end -``` - -**Ensure a User has no Access Keys.** - -```ruby -describe aws_iam_access_keys.where(username: 'untrusted-account') do - it { should_not exist } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `IAM:Client:GetAccessKeyLastUsedResponse`, `IAM:Client:ListAccessKeysResponse` and `IAM:Client:ListUsersResponse` action with Effect set to Allow. - -You can find detailed documentation at [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html) \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_account_alias.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_account_alias.md deleted file mode 100644 index 72237b99ac..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_account_alias.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "aws_iam_account_alias Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_account_alias" -identifier = "inspec/resources/aws/aws_iam_account_alias Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_account_alias` InSpec audit resource to test properties of the AWS IAM account alias. - -For additional information, including details on parameters and properties, see the [AWS documentation on Account Aliases](https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_account_alias` resource block may be used to perform tests on details of the AWS account alias. - -```ruby -describe aws_iam_account_alias do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`alias` -: String containing the Alias of the account. - -## Examples - -**Check that the account alias has not be set.** - -```ruby -describe aws_iam_account_alias do - it { should_not exist } -end -``` - -**Test if the account alias starts with expected prefix.** - -```ruby -describe aws_iam_account_alias do - it { should exist } - its('alias') { should match /^chef-/ } -end -``` - -## Matchers - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_account_alias do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListAccountAliasesResponse" %}} - \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_group.md deleted file mode 100644 index b476e5bb2a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_group.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "aws_iam_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_group" -identifier = "inspec/resources/aws/aws_iam_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Groups](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_group` resource block identifies a group by group name. - -```ruby -describe aws_iam_group('mygroup') do - it { should exist } -end -``` - - # Hash syntax for group name -```ruby -describe aws_iam_group(group_name: 'mygroup') do - it { should exist } -end -``` - -## Parameters - -`group_name` _(required)_ - -: This resource accepts a single parameter, the Group Name which uniquely identifies the IAM Group. - This can be passed either as a string or as a `group_name: 'value'` key-value entry in a hash. - -## Properties - -`group_name` -: The group name. - -`group_id` -: The group ID. - -`arn` -: The Amazon Resource Name of the group. - -`users` -: Array of users associated with the group. - -`inline_policy_names` -: A list of inline policy names associated with the group. - -## Examples - -**Ensure group contains a certain user.** - -```ruby -describe aws_iam_group('admin-group') do - its('users') { should include 'deployment-service-account')} -end -``` - -## Matchers - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_group('AnExistingGroup') do - it { should exist } -end -``` - -```ruby -describe aws_iam_group('ANonExistentGroup') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetGroupResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_groups.md deleted file mode 100644 index 7eb78e7bc6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_groups.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_iam_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_groups" -identifier = "inspec/resources/aws/aws_iam_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_groups` InSpec audit resource to test properties of a collection of IAM groups. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Groups](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_groups` resource block identifies a group by group name. - -```ruby -describe aws_iam_groups('mygroup') do - it { should exist } -end -``` - - # Hash syntax for group name -```ruby -describe aws_iam_groups(group_name: 'mygroup') do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`group_names` -: The group name. - -`group_ids` -: The group ID. - -`arns` -: The Amazon Resource Name of the group. - -`users` -: Array of users associated with the group. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -`has_inline_policies` -: Boolean indicating whether or not the group has policies applied to it. - -`inline_policy_names` -: The names of the policies (if any) which are applied to the group. - -## Examples - -**Ensure group contains a certain user.** - -```ruby -describe aws_iam_groups do - it { should exist } - its('group_names') { should include 'prod-access-group' } -end -``` - -**Ensure there are no groups with inline policies.** - -```ruby -describe aws_iam_groups.where(has_inline_policies: true) do - its('group_names') { should be_empty } -end -``` - -## Matchers - -### exist - -The control will pass if a group with the given group name exists. - -```ruby -describe aws_iam_groups do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListGroupsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_inline_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_inline_policy.md deleted file mode 100644 index 8e83ca9d8e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_inline_policy.md +++ /dev/null @@ -1,201 +0,0 @@ -+++ -title = "aws_iam_inline_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_inline_policy" -identifier = "inspec/resources/aws/aws_iam_inline_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_inline_policy` InSpec audit resource to test properties of a single inline AWS IAM Policy embedded with IAM User, IAM Group or IAM Role. For managed policies, use the `aws_iam_policy` resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_inline_policy` resource block identifies an inline policy by policy name and user/group/role by name - - # Find an inline policy by name and role name -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do - it { should exist } -end -``` - - # Find an inline policy by name and group name -```ruby -describe aws_iam_inline_policy(group_name: 'group-x', policy_name: 'policy-1') do - it { should exist } -end -``` - - # Find an inline policy by name and user name -```ruby -describe aws_iam_inline_policy(user_name: 'user-a', policy_name: 'policy-1') do - it { should exist } -end -``` - -## Parameters - -This resource requires `policy_name` and one of the `role_name`, `group_name` or `user_name` to be provided. - -See AWS Documentation on inline policies for more details - -- [get-role-policy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-role-policy.html) -- [get-group-policy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-group-policy.html) -- [get-user-policy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-user-policy.html) - -## Properties - -`policy` -: Returns the default version of the policy document after decoding as a Ruby hash. This hash contains the policy statements and is useful for performing checks that cannot be expressed using higher-level matchers like `have_statement`. - -`statement_count` -: Returns the number of statements present in the `policy`. - -## Examples - -**Test that a policy does exist.** - -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do - it { should exist } -end -``` - -**Examine the policy statements.** - -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do -**Verify that there is at least one statement allowing access to S3.** - - it { should have_statement(Action: 's3:PutObject', Effect: 'allow') } -``` - -```ruby -**have_statement does not expand wildcards. If you want to verify.** -**they are absent, an explicit check is required.** - -it { should_not have_statement(Action: 's3:*') } -``` - -```ruby -**You can also check NotAction.** - -it { should_not have_statement(NotAction: 'iam:*') } - end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -### have_statement - -Examines the list of statements contained in the policy and passes if at least one of the statements matches. This matcher does _not_ interpret the policy in a request authorization context, as AWS does when a request processed. Rather, `have_statement` examines the literal contents of the IAM policy, and reports on what is present (or absent, when used with `should_not`). - -`have_statement` accepts the following criteria to search for matching statements. If any statement matches all the criteria, the test is successful. All criteria may be used as Titlecase (as in the AWS examples) or lowercase, string or symbol. - -- `Action` - Expresses the requested operation. Acceptable literal values are any AWS operation name, including the '\*' wildcard character. `Action` may also use a list of AWS operation names. -- `Effect` - Expresses if the operation is permitted. Acceptable values are 'Deny' and 'Allow'. -- `Sid` - A user-provided string identifier for the statement. -- `Resource` - Expresses the operation's target. Acceptable values are ARNs, including the '\*' wildcard. `Resource` may also use a list of ARN values. - -Please note the following about the behavior of `have_statement`: - -- `Action`, `Sid`, and `Resource` allow using a regular expression as the search critera instead of a string literal. -- it does not support wildcard expansion; to check for a wildcard value, check for it explicitly. For example, if the policy includes a statement with `"Action": "s3:*"` and the test checks for `Action: "s3:PutObject"`, the test _will not match_. You must write an additional test checking for the wildcard case. -- it supports searching list values. For example, if a statement contains a list of 3 resources, and a `have_statement` test specifes _one_ of those resources, it will match. -- `Action` and `Resource` allow using a list of string literals or regular expressions in a test, in which case _all_ must match on the _same_ statement for the test to match. Order is ignored. -- it does not support the `[Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)` or `Conditional` key, or any of `NotAction`, `Not[Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)`, or `NotResource`. - -Examples: - - # Verify there is no full-admin statement -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do - it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')} -end -``` - - # Symbols and lowercase also allowed as criteria -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do - # All 4 the same - it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')} - it { should_not have_statement('effect' => 'Allow', 'resource' => '*', 'action' => '*')} - it { should_not have_statement(Effect: 'Allow', Resource: '*', Action: '*')} - it { should_not have_statement(effect: 'Allow', resource: '*', action: '*')} -end -``` - - # Verify bob is allowed to manage things on S3 buckets that start with bobs-stuff -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do - it { should have_statement(Effect: 'Allow', - # Using the AWS wildcard - this must match exactly - Resource: 'arn:aws:s3:::bobs-stuff*', - # Specify a list of actions - all must match, no others, order isn't important - Action: ['s3:PutObject', 's3:GetObject', 's3:DeleteObject'])} -``` - -```ruby -# Bob would make new buckets constantly if we let him. -it { should_not have_statement(Effect: 'Allow', Action: 's3:CreateBucket')} -it { should_not have_statement(Effect: 'Allow', Action: 's3:*')} -it { should_not have_statement(Effect: 'Allow', Action: '*')} -``` - -```ruby -# An alternative to checking for wildcards is to specify the -# statements you expect, then restrict statement count -its('statement_count') { should cmp 1 } - end -``` - - # Use regular expressions to examine the policy -```ruby -describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do - # Check to see if anything mentions RDS at all. - # This catches `rds:CreateDBinstance` and `rds:*`, but would not catch '*'. - it { should_not have_statement(Action: /^rds:.+$/)} -``` - -```ruby -# This policy should refer to both sally and kim's s3 buckets. -# This will only match if there is a statement that refers to both resources. -it { should have_statement(Resource: [/arn:aws:s3.+:sally/, /arn:aws:s3.+:kim/]) } -# The following also matches on a statement mentioning only one of them -it { should have_statement(Resource: /arn:aws:s3.+:(sally|kim)/) } - end -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `IAM:Client:GetUserPolicyResponse`, `IAM:Client:GetPolicyResponse`, and `IAM:Client:GetRolePolicyResponse` actions set to allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). - -aws_iam_inline_policy.md diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_instance_profile.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_instance_profile.md deleted file mode 100644 index 6def1c4f16..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_instance_profile.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_iam_instance_profile Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_instance_profile" -identifier = "inspec/resources/aws/aws_iam_instance_profile Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_instance_profile` InSpec audit resource to test properties of a single IAM instance profile. - -This resource retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Instance Profile](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a instance profile name exists. - -```ruby -describe aws_iam_instance_profile(instance_profile_name: 'INSTANCE_PROFILE_NAME') do - it { should exist } -end -``` - -## Parameters - -`instance_profile_name` _(required)_ - -## Properties - -`path` -: The path to the instance profile. - -`instance_profile_name` -: The name identifying the instance profile. - -`instance_profile_id` -: The stable and unique string identifying the instance profile. - -`arn` -: The Amazon Resource Name (ARN) specifying the instance profile. - -`create_date` -: The date when the instance profile was created. - -`roles (path)` -: The path to the role. - -`roles (role_name)` -: The friendly name that identifies the role. - -`roles (role_id)` -: The stable and unique string identifying the role. - -`roles (arn)` -: The Amazon Resource Name (ARN) specifying the role. - -`roles (create_date)` -: The date and time, in [ISO 8601 date-time format](https://www.iso.org/iso-8601-date-and-time-format.html), when the role was created. - -`roles (assume_role_policy_document)` -: The policy that grants an entity permission to assume the role. - -`roles (description)` -: A description of the role that you provide. - -`roles (max_session_duration)` -: The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. - -`roles (permissions_boundary (permissions_boundary_type))` -: The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy . - -`roles (permissions_boundary (permissions_boundary_arn))` -: The ARN of the policy used to set the permissions boundary for the user or role. - -`roles (tags (key))` -: The key name that can be used to look up or retrieve the associated value. For example, Department or Cost Center are common choices. - -`roles (tags (value))` -: The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources , Accounting , and Support . Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values. - -`roles (role_last_used (last_used_date))` -: The date and time, in ISO 8601 date-time format that the role was last used. - -`roles (role_last_used (region))` -: The name of the AWS Region in which the role was last used. - -## Examples - -**Ensure a instance profile name is available.** - -```ruby -describe aws_iam_instance_profile(instance_profile_name: 'INSTANCE_PROFILE_NAME') do - its('instance_profile_name') { should eq 'INSTANCE_PROFILE_NAME' } -end -``` - -**Ensure that an arn is available.** - -```ruby -describe aws_iam_instance_profile(instance_profile_name: 'INSTANCE_PROFILE_NAME') do - its('arn') { should eq 'INSTANCE_PROFILE_NAME_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_instance_profile(instance_profile_name: 'INSTANCE_PROFILE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_instance_profile(instance_profile_name: 'INSTANCE_PROFILE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the instance profile name is available. - -```ruby -describe aws_iam_instance_profile(instance_profile_name: 'INSTANCE_PROFILE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetInstanceProfileResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_instance_profiles.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_instance_profiles.md deleted file mode 100644 index e306996c69..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_instance_profiles.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_iam_instance_profiles Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_instance_profiles" -identifier = "inspec/resources/aws/aws_iam_instance_profiles Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_instance_profiles` InSpec audit resource to test properties of multiple IAM instance profiles. - -This resource lists the instance profiles that have the specified path prefix. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Instance Profile](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an instance profile name exists. - -```ruby -describe aws_iam_instance_profiles do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`paths` -: The path to the instance profile. - -`instance_profile_names` -: The name identifying the instance profile. - -`instance_profile_ids` -: The stable and unique string identifying the instance profile. - -`arns` -: The Amazon Resource Name (ARN) specifying the instance profile. - -`create_dates` -: The date when the instance profile was created. - -`roles` -: The role associated with the instance profile. - -## Examples - -**Ensure an instance profile name is available.** - -```ruby -describe aws_iam_instance_profiles do - its('instance_profile_names') { should include 'INSTANCE_PROFILE_NAME' } -end -``` - -**Ensure that an arn is available.** - -```ruby -describe aws_iam_instance_profiles do - its('arns') { should include 'INSTANCE_PROFILE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_instance_profiles do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_instance_profiles do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_iam_instance_profiles do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListInstanceProfilesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_managed_policies.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_managed_policies.md deleted file mode 100644 index 36ef179b71..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_managed_policies.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "aws_iam_managed_policies Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_managed_policies" -identifier = "inspec/resources/aws/aws_iam_managed_policies Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_managed_policies` InSpec audit resource to test the properties of a collection of AWS IAM managed policies. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -The `aws_iam_managed_policies` resource returns a collection of IAM managed policies and allows testing of that collection. - -```ruby -describe aws_iam_managed_policies do - its('policy_names') { should include('POLICY_NAME') } -end -``` - -This resource allows filtering by scope, which are: - -- To list only AWS-managed policies, set `scope` to `AWS`. -- To list only the customer-managed policies in your AWS account, set `scope` to `Local`. -- If a scope is not provided or if `scope` is set to `ALL`, all policies are returned. - -```ruby -describe aws_iam_managed_policies(scope: 'AWS') do - it { should exist } -end -``` - -```ruby -describe aws_iam_managed_policies(scope: 'Local') do - it { should exist } -end -``` - -```ruby -describe aws_iam_managed_policies(scope: 'ALL') do - it { should exist } -end -``` - -See the [AWS documentation on IAM Managed Policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html) for additional information. - -## Parameters - -`scope` _(optional)_ - -`scope` accepts three possible values, `AWS`, `Local`, or `ALL`: - -- `AWS` returns AWS-managed policies. -- `Local` returns customer-managed policies. -- `ALL` returns all policies. - -: Specify a scope by passing a key-value entry in a hash: `scope: 'VALUE'`. - -: If ommitted, all policies are returned. - -## Properties - -`arns` -: A list of the ARN identifiers of the policies. - -: **Field**: `arn` - -`policy_ids` -: A list of the stable and unique strings identifying the policies. - -: **Field**: `policy_id` - -`policy_names` -: A list of the friendly names (not ARN) identifying the policies. - -: **Field**: `policy_name` - -`attachment_counts` -: A list of the counts of attached entities for each policy. - -: **Field**: `attachment_count` - -`attached_groups` -: A list of the list of group names of the groups attached to each policy. - -: **Field**: `attached_group` - -`default_version_ids` -: A list of the identifier for the default version of the policy. - -: **Field**: `default_version_id` - -## Examples - -**Ensure a specific policy exists.** - -```ruby -describe aws_iam_managed_policies do - its('policy_names') { should include('POLICY_NAME') } -end -``` - -**Allow at most 100 IAM Policies on the account.** - -```ruby -describe aws_iam_managed_policies do - its('polict_ids.count') { should be <= 100} -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control passes if the describe returns at least one result. - -Use `should` to test the entity should exist. - -```ruby -describe aws_iam_managed_policies.where( PROPERTY: PROPERTY_VALUE) do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_managed_policies.where( PROPERTY: PROPERTY_VALUE) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="iam:ListPolicies" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_managed_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_managed_policy.md deleted file mode 100644 index 1f2f0f054c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_managed_policy.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "aws_iam_managed_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_managed_policy" -identifier = "inspec/resources/aws/aws_iam_managed_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_managed_policy` InSpec audit resource to test the properties of an AWS IAM managed policy. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -The `aws_iam_managed_policy` resource returns an IAM managed policy and allows testing of that policy. - -```ruby -describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN') do - its('policy_name') { should eq 'POLICY_NAME' } -end -``` - - -See the [AWS documentation on IAM Managed Policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html) for additional information. - -## Parameters - -`policy_arn` _(required)_ - -: The ARN of the AWS IAM managed policy. - -## Properties - -`arn` -: The ARN identifier of the specified policy. - -`policy_id` -: The stable and unique string identifying the policy. - -`policy_name` -: The friendly name (not ARN) identifying the policy. - -`attachment_count` -: The count of attached entities for each policy. - -`attached_group` -: The list of group names of the groups attached to each policy. - -`default_version_id` -: The identifier for the default version of the policy. - -## Examples - -**Test that a specific policy name exists.** - -```ruby -describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN') do - its('policy_name') { should eq 'POLICY_NAME' } -end -``` - -**Test that a specific policy ID exists.** - -```ruby -describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN') do - its('policy_id') { should eq 'POLICY_ID'} -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control passes if the describe method returns at least one result. - -Use `should` to test an entity that should exist. - -```ruby -describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN').where( PROPERTY: PROPERTY_VALUE ) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN').where( PROPERTY: PROPERTY_VALUE ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="iam:ListPolicies" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_oidc_provider.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_oidc_provider.md deleted file mode 100644 index b03b0605e9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_oidc_provider.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "aws_iam_oidc_provider Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_oidc_provider" -identifier = "inspec/resources/aws/aws_iam_oidc_provider Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_oidc_provider` InSpec audit resource to test properties of a single IAM OpenID Connect (OIDC) provider. - -This resource retrieves information about the specified OIDC provider. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM OIDC provider](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an OIDC provider exists. - -```ruby -describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do - it { should exist } -end -``` - -## Parameters - -`open_id_connect_provider_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. - -## Properties - -`url` -: The URL that the IAM OIDC provider resource object is associated with. - -`create_date` -: The date and time when the IAM OIDC provider resource object was created in the account. - -`tags` -: A list of tags that are attached to the specified IAM OIDC provider. - -## Examples - -**Ensure an URL is available.** - -```ruby -describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do - its('url') { should eq 'example.com' } -end -``` - -**Ensure that tags are available.** - -```ruby -describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do - its('tags') { should eq ':TAG => 'TAG_VALUE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetOpenIDConnectProviderResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_oidc_providers.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_oidc_providers.md deleted file mode 100644 index f7d0f186a2..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_oidc_providers.md +++ /dev/null @@ -1,88 +0,0 @@ -+++ -title = "aws_iam_oidc_providers Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_oidc_providers" -identifier = "inspec/resources/aws/aws_iam_oidc_providers Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_oidc_providers` InSpec audit resource to test properties of a set of AWS IAM OpenID Connect (OIDC) providers. - -This resource retrieves information about all OIDC providers. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an OIDC provider exists. - -```ruby -describe aws_iam_oidc_providers do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on IAM OIDC provider](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html). - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arns` -: The Amazon Resource Name (ARN). - -## Examples - -**Ensure a OIDC Provider is available.** - -```ruby -describe aws_iam_oidc_providers do - its('arns') { should include 'OIDC_PROVIDER_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_oidc_providers do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_oidc_providers do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the OIDC Provider is available. - -```ruby -describe aws_iam_oidc_providers do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListOpenIDConnectProviderTagsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_password_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_password_policy.md deleted file mode 100644 index 78477f5b9e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_password_policy.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_iam_password_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_password_policy" -identifier = "inspec/resources/aws/aws_iam_password_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_password_policy` InSpec audit resource to test properties of an AWS IAM Password Policy. - -For additional information, including details on parameters and properties, see the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_password_policy` resource block declares the tests for an AWS IAM Password Policy. - -```ruby -describe aws_iam_password_policy do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`minimum_password_length` -: The minimum character count of the password policy. - -`max_password_age_in_days` -: Integer representing in days how long a password may last before expiring. - -`number_of_passwords_to_remember` -: Number of previous passwords to remember. - -## Examples - -**Test that a Password Policy meets your company's requirements.** - -```ruby -describe aws_iam_password_policy do - it { should require_uppercase_characters } - it { should require_lowercase_characters } - it { should require_numbers } - its('minimum_password_length') { should be > 8 } -end -``` - -**Test that users can change their own passwords .** - -```ruby -describe aws_iam_password_policy do - it { should allow_users_to_change_password } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -it { should exist } -``` - -#### prevent_password_reuse -```ruby -it { should prevent_password_reuse } -``` - -#### expire_passwords -```ruby -it { should expire_passwords } -``` - -#### require_numbers -```ruby -it { should require_numbers } -``` - -#### require_symbols -```ruby -it { should require_symbols } -``` - -#### require_lowercase_characters -```ruby -it { should require_lowercase_characters } -``` - -#### require_uppercase_characters -```ruby -it { should require_uppercase_characters} -``` - -#### allow_users_to_change_passwords -```ruby -it { should allow_users_to_change_password } -``` - -All matchers can use the inverse `should_not` predicate. - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow: `IAM:Client:GetAccountPasswordPolicyResponse` diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_policies.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_policies.md deleted file mode 100644 index c46bf8b2cc..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_policies.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_iam_policies Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_policies" -identifier = "inspec/resources/aws/aws_iam_policies Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_policies` InSpec audit resource to test properties of a collection of AWS IAM Policies. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -`aws_iam_policies` Resource returns a collection of IAM Policies and allows testing of that collection. - -```ruby -describe aws_iam_policies do - its('policy_names') { should include('test-policy-1') } -end -``` - -## Parameters - -`only_attached` _(optional)_ - -: This resource allows filtering by only_attached. - When `OnlyAttached` is `true`, the returned list contains only the policies that are attached to an IAM user, group, or role. When `OnlyAttached` is `false`, or when the parameter is not included, all policies are returned. - - -`scope` _(optional)_ - -: This resource allows filtering by scope. - To list only AWS managed policies, set `Scope` to `AWS`. To list only the customer managed policies in your AWS account, set `Scope` to `Local`. If scope is not supplied `ALL` policies are returned. - -## Properties - -`arns` -: The ARN identifier of the specified policy. - -`policy_ids` -: The policy ids. - -`policy_names` -: The policy names. - -`attachment_counts` -: The count of attached entities for each policy. - -`attached_groups` -: The list of group names of the groups attached to each policy. - -`attached_roles` -: The list of role names of the roles attached to each policy. - -`attached_users` -: The list of usernames of the users attached to each policy. - -`default_version_ids` -: The 'default_version_id' value of each policy. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a policy exists.** - -```ruby -describe aws_iam_policies do - its('policy_names') { should include('test-policy-1') } -end -``` - -**Allow at most 100 IAM Policies on the account.** - -```ruby -describe aws_iam_policies do - its('entries.count') { should be <= 100} -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_policies.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_iam_policies.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListPoliciesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_policy.md deleted file mode 100644 index 83ecd708a3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_policy.md +++ /dev/null @@ -1,264 +0,0 @@ -+++ -title = "aws_iam_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_policy" -identifier = "inspec/resources/aws/aws_iam_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_policy` InSpec audit resource to test properties of a single managed AWS IAM Policy. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_policy` resource block identifies a policy by policy name or arn - - # Find a policy by name -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should exist } -end -``` - - # Hash syntax for policy name -```ruby -describe aws_iam_policy(policy_name: 'AWSSupportAccess') do - it { should exist } -end -``` - -## Parameters - -This resource requires either the `policy_name` or the `policy_arn` to be provided. - -`policy_name` _(required if `policy_arn` not provided)_ - -: The Policy Name which uniquely identifies the Policy. - This must be passed as a `policy_name: 'value'` key-value entry in a hash. - -`policy_arn` _(required if `policy_name` not provided)_ - -: The Policy ARN which uniquely identifies the Policy. - This must be passed as a `policy_arn: 'value'` key-value entry in a hash. - -## Properties - -`arn` -: The ARN identifier of the specified policy. - -`attachment_count` -: The count of attached entities for the specified policy. - -`attached_groups` -: The list of group names of the groups attached to the policy. - -`attached_roles` -: The list of role names of the roles attached to the policy. - -`attached_users` -: The list of usernames of the users attached to the policy. - -`default_version_id` -: The 'default_version_id' value of the specified policy. - -`policy` -: Returns the default version of the policy document after decoding as a Ruby hash. This hash contains the policy statements and is useful for performing checks that cannot be expressed using higher-level matchers like `have_statement`. - -`statement_count` -: Returns the number of statements present in the `policy`. - -## Examples - -**Test that a policy does exist.** - -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should exist } -end -``` - -**Test that a policy is attached to at least one entity.** - -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should be_attached } -end -``` - -**Examine the policy statements.** - -```ruby -describe aws_iam_policy('my-policy') do -**Verify that there is at least one statement allowing access to S3.** - - it { should have_statement(Action: 's3:PutObject', Effect: 'allow') } -``` - -```ruby -**have_statement does not expand wildcards. If you want to verify.** -**they are absent, an explicit check is required.** - -it { should_not have_statement(Action: 's3:*') } -``` - -```ruby -**You can also check NotAction.** - -it { should_not have_statement(NotAction: 'iam:*') } - end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -#### be_attached - -The test will pass if the identified policy is attached to at least one IAM user, group, or role. - -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should be_attached } -end -``` - -#### be_attached_to_group(GROUPNAME) - -The test will pass if the identified policy attached the specified group. - -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should be_attached_to_group(GROUPNAME) } -end -``` - -#### be_attached_to_user(USERNAME) - -The test will pass if the identified policy attached the specified user. - -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should be_attached_to_user(USERNAME) } -end -``` - -#### be_attached_to_role(ROLENAME) - -The test will pass if the identified policy attached the specified role. - -```ruby -describe aws_iam_policy('AWSSupportAccess') do - it { should be_attached_to_role(ROLENAME) } -end -``` - -#### have_statement - -Examines the list of statements contained in the policy and passes if at least one of the statements matches. This matcher does _not_ interpret the policy in a request authorization context, as AWS does when a request processed. Rather, `have_statement` examines the literal contents of the IAM policy, and reports on what is present (or absent, when used with `should_not`). - -`have_statement` accepts the following criteria to search for matching statements. If any statement matches all the criteria, the test is successful. All criteria may be used as Titlecase (as in the AWS examples) or lowercase, string or symbol. - -* `Action` - Expresses the requested operation. Acceptable literal values are any AWS operation name, including the '*' wildcard character. `Action` may also use a list of AWS operation names. -* `Effect` - Expresses if the operation is permitted. Acceptable values are 'Deny' and 'Allow'. -* `Sid` - A user-provided string identifier for the statement. -* `Resource` - Expresses the operation's target. Acceptable values are ARNs, including the '*' wildcard. `Resource` may also use a list of ARN values. - -Please note the following about the behavior of `have_statement`: -* `Action`, `Sid`, and `Resource` allow using a regular expression as the search critera instead of a string literal. -* It does not support wildcard expansion; to check for a wildcard value, check for it explicitly. For example, if the policy includes a statement with `"Action": "s3:*"` and the test checks for `Action: "s3:PutObject"`, the test _will not match_. You must write an additional test checking for the wildcard case. -* It supports searching list values. For example, if a statement contains a list of 3 resources, and a `have_statement` test specifes _one_ of those resources, it will match. -* `Action` and `Resource` allow using a list of string literals or regular expressions in a test, in which case _all_ must match on the _same_ statement for the test to match. Order is ignored. -* It does not support the [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html), [NotPrincipal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html) or [Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html). - -Examples: - - # Verify there is no full-admin statement -```ruby -describe aws_iam_policy('kryptonite') do - it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')} -end -``` - - # Symbols and lowercase also allowed as criteria -```ruby -describe aws_iam_policy('kryptonite') do - # All 4 the same - it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')} - it { should_not have_statement('effect' => 'Allow', 'resource' => '*', 'action' => '*')} - it { should_not have_statement(Effect: 'Allow', Resource: '*', Action: '*')} - it { should_not have_statement(effect: 'Allow', resource: '*', action: '*')} -end -``` - - # Verify bob is allowed to manage things on S3 buckets that start with bobs-stuff -```ruby -describe aws_iam_policy('bob-is-a-packrat') do - it { should have_statement(Effect: 'Allow', - # Using the AWS wildcard - this must match exactly - Resource: 'arn:aws:s3:::bobs-stuff*', - # Specify a list of actions - all must match, no others, order isn't important - Action: ['s3:PutObject', 's3:GetObject', 's3:DeleteObject'])} -``` - -```ruby -# Bob would make new buckets constantly if we let him. -it { should_not have_statement(Effect: 'Allow', Action: 's3:CreateBucket')} -it { should_not have_statement(Effect: 'Allow', Action: 's3:*')} -it { should_not have_statement(Effect: 'Allow', Action: '*')} -``` - -```ruby -# An alternative to checking for wildcards is to specify the -# statements you expect, then restrict statement count -its('statement_count') { should cmp 1 } - end -``` - - # Use regular expressions to examine the policy -```ruby -describe aws_iam_policy('regex-demo') do - # Check to see if anything mentions RDS at all. - # This catches `rds:CreateDBinstance` and `rds:*`, but would not catch '*'. - it { should_not have_statement(Action: /^rds:.+$/)} -``` - -```ruby -# This policy should refer to both sally and kim's s3 buckets. -# This will only match if there is a statement that refers to both resources. -it { should have_statement(Resource: [/arn:aws:s3.+:sally/, /arn:aws:s3.+:kim/]) } -# The following also matches on a statement mentioning only one of them -it { should have_statement(Resource: /arn:aws:s3.+:(sally|kim)/) } - end -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `IAM:Client:GetGroupPolicyResponse`, `IAM:Client:ListPoliciesResponse`, and `IAM:Client:ListEntitiesForPolicyResponse` actions set to allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). -aws_iam_policy.md diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_role.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_role.md deleted file mode 100644 index f873ff7800..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_role.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "aws_iam_role Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_role" -identifier = "inspec/resources/aws/aws_iam_role Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_role` InSpec audit resource to test properties of an AWS IAM Role. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_role` resource block declares the tests for a single AWS IAM Role by Role Name. - -```ruby -describe aws_iam_role(role_name: 'my-role') do - it { should exist } -end -``` - -## Parameters - -`role_name` _(required)_ - -: This resource accepts a single parameter, the Role Name which uniquely identifies the Role. - This can be passed either as a string or as a `role_name: 'value'` key-value entry in a hash. - -## Properties - -`path` -: The path to the role. - -`role_name` -: The name of the role. - -`role_id` -: The id of the role. - -`arn` -: The Amazon Resource Name (ARN) specifying the role. - -`create_date` -: The date and time, in ISO 8601 date-time format , when the role was created. - -`assume_role_policy_document` -: The policy that grants an entity permission to assume the role. - -`description` -: The description of the role. - -`max_session_duration` -: The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. - -`permissions_boundary_type` -: The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy . - -`permissions_boundary_arn` -: The ARN of the policy used to set the permissions boundary for the user or role. - -`inline_policies` -: A list of inline policy names associated with the described role. - -`attached_policy_names` -: A list of attached policy names associated with the described role. - -`attached_policy_arns` -: A list of attached policy ARNs associated with the described role. - -## Examples - -**Test that an IAM Role exists.** - -```ruby -describe aws_iam_role(role_name: aws_iam_role_name) do - it { should exist } - its('role_name') { should eq aws_iam_role_name } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_role('AnExistingRole') do - it { should exist } -end -``` - -```ruby -describe aws_iam_role('ANonExistentRole') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetRoleResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). - diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_roles.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_roles.md deleted file mode 100644 index 91389389ee..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_roles.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_iam_roles Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_roles" -identifier = "inspec/resources/aws/aws_iam_roles Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_roles` InSpec audit resource to test properties of a collection of AWS IAM Roles. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_roles` resource block returns all IAM Roles and allows the testing of that group of Roles. - -```ruby -describe aws_iam_roles do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`paths` -: The path to the role. - -`role_names` -: The name of the role. - -`role_ids` -: The ID of the role. - -`arns` -: The Amazon Resource Name (ARN) specifying the role. - -`create_date` -: The date and time, in ISO 8601 date-time format, when the role was created. - -`assume_role_policy_document` -: The policy that grants an entity permission to assume the role. - -`description` -: The description of the role. - -`max_session_duration` -: The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. - -`permissions_boundary_type` -: The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy. - -`permissions_boundary_arn` -: The ARN of the policy used to set the permissions boundary for the user or role. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure the Role 'RDS-RW' exists.** - -```ruby -describe aws_iam_roles do - its('role_names') { should include 'RDS-RW' } -end -``` - -**Ensure no Roles have `max_session_duration` greater or equal to 2hrs.** - -```ruby -describe aws_iam_roles.where{ max_session_duration >= (60*120) } do - it { should_not exist } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The `exists` matcher tests if the filtered IAM User(s) exists. - -```ruby -describe aws_iam_roles.where( : ) do - it { should exist } -end -``` - -You may also use `it { should_not exist }`. - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListRolesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_root_user.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_root_user.md deleted file mode 100644 index 635585cc80..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_root_user.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_iam_root_user Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_root_user" -identifier = "inspec/resources/aws/aws_iam_root_user Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_root_user` InSpec audit resource to test properties of an AWS IAM Root User. - -For additional information, including details on parameters and properties, see the [AWS documentation on Root Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_root_user` resource block declares the tests for a single AWS IAM Root User by user name. - -```ruby -describe aws_iam_root_user do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`summary_account` -: A hash containing a summary of the Root User's account. Properties within this hash can be accessed and tested against. Please see the [API Documentation](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html) for details on the available properties. - -`virtual_devices` -: A list of the virtual MFA devices in the AWS account. - -## Examples - -**Test that an IAM Root User has MFA enabled.** - -```ruby -describe aws_iam_root_user do - it { should have_mfa_enabled } -end -``` - -**Test that an IAM Root User does not have an access key.** - -```ruby -describe aws_iam_root_user do - it { should_not have_access_key } -end -``` - -**Test the IAM Root User has virtual MFA enabled.** - -```ruby -describe aws_iam_root_user do - it { should have_virtual_mfa_enabled } -end -``` - - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_root_user do - it { should exist } -end -``` - -### have_mfa_enabled - -```ruby -it { should have_mfa_enabled } -``` - -### have_virtual_mfa_enabled - -```ruby -it { should have_virtual_mfa_enabled } -``` - -### have_access_key - -```ruby -it { should have_access_key } -``` - -### have_hardware_mfa_enabled - -```ruby -it { should have_hardware_mfa_enabled } -``` - - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow: -`IAM:Client:GetAccountSummaryResponse` -`IAM:Client:ListVirtualMFADevicesResponse` diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_saml_provider.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_saml_provider.md deleted file mode 100644 index 9cd748e9b9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_saml_provider.md +++ /dev/null @@ -1,90 +0,0 @@ -+++ -title = "aws_iam_saml_provider Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_saml_provider" -identifier = "inspec/resources/aws/aws_iam_saml_provider Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_saml_provider` InSpec audit resource to test properties of an AWS IAM SAML Provider. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_iam_saml_provider('SAML_ARN') do - it { should exist } -end -``` - -## Parameters - -`saml_provider_arn` _(required)_ - -: This resource accepts a single parameter, the ARN of the SAML Provider. - This can be passed either as a string or as a `saml_provider_arn: 'value'` key-value entry in a hash. - -## Properties - -`provider` -: The provider. - -`arn` -: The arn of the provider. - -`saml_metadata_document` -: Metadata document associated with the saml provider. - -`valid_until` -: The expiration date and time for the SAML provider. - -`create_date` -: The date and time, in ISO 8601 date-time format , when the role was created. - -## Syntax - -An `aws_iam_saml_provider` resource block declares the tests for a single AWS IAM SAML Provider by Provider ARN. - -```ruby -describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do - it { should exist } -end -``` - -## Examples - -**Ensure we have at least one provider currently valid.** - -```ruby -describe aws_iam_saml_provider("arn:aws:iam::123456789012:saml-provider/FANCY") do - it { should exist } - its("arn") { should match("arn:aws:iam::.*:saml-provider\/FANCY") } - its("valid_until") { should be > Time.now + 90 * 86400 } - end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The `exists` matcher tests if the filtered IAM SAML Provider(s) exists. - -```ruby -describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do - it { should exist } -end -``` -You may also use `it { should_not exist }`. - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetSAMLProviderResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_saml_providers.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_saml_providers.md deleted file mode 100644 index 56aec31edf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_saml_providers.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "aws_iam_saml_providers Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_saml_providers" -identifier = "inspec/resources/aws/aws_iam_saml_providers Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_saml_providers` InSpec audit resource to test properties of some or all AWS IAM SAML Providers. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_saml_providers` resource block returns all IAM SAML Providers and allows the testing of that group of Providers. - -```ruby -describe aws_iam_saml_providers do - it { should exist } -end -``` - - -## Parameters - -`saml_provider_arn` _(required)_ - -: This resource accepts a single parameter, the ARN of the SAML Provider. - This can be passed either as a string or as a `saml_provider_arn: 'value'` key-value entry in a hash. - -## Properties - -`provider_arns` -: The ARNs of the returned providers. - -`valid_untils` -: The expiration date and time for the SAML provider. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure we have at least one provider currently valid.** - -```ruby -describe.one do - aws_iam_saml_providers.provider_arns.each do |provider_arn| - describe aws_iam_saml_provider(provider_arn) do - it { should exist } - its('arn') { should match("arn:aws:iam::.*:saml-provider\/FANCY") } - its('valid_until') { should be > Time.now + 90 * 86400 } - end - end -end -``` - -**Ensure we have one and only one SAML provider.** - -```ruby -describe aws_iam_saml_providers do - its('entries.count') { should cmp 1 } -end -``` - -**Ensure we have at least one provider that matches.** - -```ruby -describe aws_iam_saml_providers.where{ arn =~ /arn:aws:iam::.*:saml-provider\/FANCY/ } do - it { should exist } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The `exists` matcher tests if the filtered IAM SAML Provider(s) exists. - -```ruby -describe aws_iam_saml_providers.where( : ) do - it { should exist } -end -``` -You may also use `it { should_not exist }`. - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow: -`IAM:Client:ListSAMLProvidersResponse` -`IAM:Client:etSAMLProviderResponse` diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_server_certificate.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_server_certificate.md deleted file mode 100644 index 3e180a5fbe..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_server_certificate.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_iam_server_certificate Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_server_certificate" -identifier = "inspec/resources/aws/aws_iam_server_certificate Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_server_certificate` InSpec audit resource to test the properties of a single IAM server certificate. - -This resource retrieves information about the specified server certificate, including the server certificate's path, GUID, ARN, and role. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Instance Profile](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a server certificate name exists. - -```ruby -describe aws_iam_server_certificate(server_certificate_name: 'CERTIFICATE_NAME') do - it { should exist } -end -``` - -## Parameters - -`server_certificate_name` _(required)_ - -## Properties - -`path` -: The path to the server certificate. - -`server_certificate_name` -: The name that identifies the server certificate. - -`server_certificate_id` -: The stable and unique string identifying the server certificate. - -`arn` -: The Amazon Resource Name (ARN) specifying the server certificate. - -`upload_date` -: The date when the server certificate is uploaded. - -`expiration` -: The date on which the certificate is set to expire. - -## Examples - -**Ensure a server certificate name is available.** - -```ruby -describe aws_iam_server_certificate(server_certificate_name: 'CERTIFICATE_NAME') do - its('server_certificate_name') { should eq 'PROFILE_NAME' } -end -``` - -**Ensure that an arn is available.** - -```ruby -describe aws_iam_server_certificate(server_certificate_name: 'CERTIFICATE_NAME') do - its('arn') { should eq 'INSTANCE_PROFILE_NAME_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_server_certificate(server_certificate_name: 'CERTIFICATE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_server_certificate(server_certificate_name: 'CERTIFICATE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the server certificate is available. - -```ruby -describe aws_iam_server_certificate(server_certificate_name: 'CERTIFICATE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetServerCertificateResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_server_certificates.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_server_certificates.md deleted file mode 100644 index cc677fb20e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_server_certificates.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_iam_server_certificates Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_server_certificates" -identifier = "inspec/resources/aws/aws_iam_server_certificates Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_server_certificates` InSpec audit resource to test the properties of all IAM server certificates. - -This resource retrieves information about the server certificate, including the server certificate's path, GUID, ARN, and role. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a server certificate name exists. - -```ruby -describe aws_iam_server_certificates do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on IAM Instance Profile](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html). - -## Properties - -`paths` -: The path to the server certificate. - -`server_certificate_names` -: The name that identifies the server certificate. - -`server_certificate_ids` -: The stable and unique string identifying the server certificate. - -`arns` -: The Amazon Resource Name (ARN) specifying the server certificate. - -`upload_date` -: The date when the server certificate is uploaded. - -`expiration_date` -: The date on which the certificate is set to expire. - -## Examples - -**Ensure a server certificate name is available.** - -```ruby -describe aws_iam_server_certificates do - its('server_certificate_name') { should include 'PROFILE_NAME' } -end -``` - -**Ensure that an arn is available.** - -```ruby -describe aws_iam_server_certificates do - its('arn') { should include 'INSTANCE_PROFILE_NAME_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_server_certificates do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_server_certificates do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the server certificate is available. - -```ruby -describe aws_iam_server_certificates do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListServerCertificateResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_service_linked_role_deletion_status.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_service_linked_role_deletion_status.md deleted file mode 100644 index 6e2ceba5ad..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_service_linked_role_deletion_status.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_iam_service_linked_role_deletion_status Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_service_linked_role_deletion_status" -identifier = "inspec/resources/aws/aws_iam_service_linked_role_deletion_status Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_service_linked_role_deletion_status` InSpec audit resource to test the deletion status of a single AWS IAM service-linked role. - -`deletion_task_id` _(required)_ - -The deletion task identifier. - -For additional information, including details on parameters and properties, see the [AWS documentation on Service linked role deletion status](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a service-linked role deletion task exists. - -```ruby -describe aws_iam_service_linked_role_deletion_status(deletion_task_id: 'DELETION_TASK_ID') do - it { should exist } -end -``` - -## Parameters - -`deletion_task_id` _(required)_ - -: The deletion task identifier. - -## Properties - -`status` -: The status of the deletion. Valid Values: `SUCCEEDED`, `IN_PROGRESS`, `FAILED`, `NOT_STARTED`. - -## Examples - -**Ensure a service-linked role is deleted.** - -```ruby -describe aws_iam_service_linked_role_deletion_status(deletion_task_id: 'DELETION_TASK_ID') do - its('status') { should eq 'SUCCEEDED' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a complete list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - - - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_service_linked_role_deletion_status(deletion_task_id: 'DELETION_TASK_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_service_linked_role_deletion_status(deletion_task_id: 'DELETION_TASK_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the Service Linked Role deletion task is available. - -```ruby -describe aws_iam_service_linked_role_deletion_status(deletion_task_id: 'DELETION_TASK_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetServiceLinkedRoleDeletionStatusResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_ssh_public_key.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_ssh_public_key.md deleted file mode 100644 index 650bdc4d4b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_ssh_public_key.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_iam_ssh_public_key Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_ssh_public_key" -identifier = "inspec/resources/aws/aws_iam_ssh_public_key Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_ssh_public_key` InSpec audit resource to test the properties of a singular resource of an AWS SSH public key for an IAM user. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS IAM AccessKey.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the public key exists. - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - it { should exist } -end -``` - -## Parameters - -`user_name` _(required)_ - -: The IAM user name associated with the SSH public key. - -`ssh_public_key_id` _(required)_ - -: The unique identifier for the SSH public key. - -`encoding` _(required)_ - -: Specifies the public key encoding format to use in the response. To retrieve the public key in SSH-RSA format, use `SSH`. To retrieve the public key in PEM format, use `PEM`. - -## Properties - -`user_name` -: The name of the IAM user associated with the SSH public key. - -`ssh_public_key_id` -: The unique identifier for the SSH public key. - -`fingerprint` -: The MD5 message digest of the SSH public key. - -`ssh_public_key_body` -: The SSH public key. - -`status` -: The status of the SSH public key. - -`upload_date` -: The date and time, in ISO 8601 date-time format, when the SSH public key is uploaded. - -`ssh_key_age_valid` -: This is a customized parameter. It helps to check AWS IAM SSH keys's age rotated within 730 days. It returns a boolean value. - -## Examples - -**Ensure a user name is available.** - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - its('user_name') { should eq 'USER_NAME' } -end -``` - -**Ensure an SSH public key ID is available.** - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - its('ssh_public_key_id') { should eq 'SSH_PUBLIC_KEY_ID' } -end -``` - -**Ensure SSH key is expired or not.** - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - its('ssh_key_age_valid') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_iam_ssh_public_key(user_name: 'USER_NAME', ssh_public_key_id: 'KEY_ID', encoding: 'SSH') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:GetSSHPublicKeyResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_ssh_public_keys.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_ssh_public_keys.md deleted file mode 100644 index 87d377f0b9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_ssh_public_keys.md +++ /dev/null @@ -1,155 +0,0 @@ -+++ -title = "aws_iam_ssh_public_keys Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_ssh_public_keys" -identifier = "inspec/resources/aws/aws_iam_ssh_public_keys Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_ssh_public_keys` InSpec audit resource to test the properties of the plural resource of an AWS SSH public key for an IAM user. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS IAM AccessKey.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the public key exists by passing the parameter user_name. - -```ruby -describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do - it { should exist } -end -``` - -Ensure that the public key exists without passing any parameter. - -```ruby -describe aws_iam_ssh_public_keys do - it { should exist } -end -``` - -## Parameters - -`user_name` _(required)_ - -: The IAM user name associated with the SSH public key. The above required parameter is optional. - -## Properties - -`user_names` -: The IAM user name associated with the SSH public key. - -: **Field**: `user_name` - -`ssh_public_key_ids` -: The unique identifier for the SSH public key. - -: **Field**: `ssh_public_key_id` - -`statuses` -: The status of the SSH public key. - -: **Field**: `status` - -`upload_dates` -: The date and time, in ISO 8601 date-time format, when the SSH public key is uploaded. - -: **Field**: `upload_date` - -## Examples - -**Ensure a user name is available.** - -```ruby -describe aws_iam_ssh_public_keys do - its('user_names') { should include 'USER_NAME' } -end -``` - -**Ensure an ssh public key id is available.** - -```ruby -describe aws_iam_ssh_public_keys do - its('ssh_public_key_ids') { should include 'KEY_ID' } -end -``` - -**Ensure status is 'Active' by passing the parameter user_name.** - -```ruby -describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do - its('statuses') { should include 'Active' } -end -``` - -**Ensure status is 'Active' without passing any parameter.** - -```ruby -describe aws_iam_ssh_public_keys do - its('statuses') { should include 'Active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do - it { should exist } -end -``` - -```ruby -describe aws_iam_ssh_public_keys do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do - it { should_not exist } -end -``` - -```ruby -describe aws_iam_ssh_public_keys do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do - it { should be_available } -end -``` - -```ruby -describe aws_iam_ssh_public_keys do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListSSHPublicKeysResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_user.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_user.md deleted file mode 100644 index f36ab78a29..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_user.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "aws_iam_user Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_user" -identifier = "inspec/resources/aws/aws_iam_user Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_user` InSpec audit resource to test properties of a single AWS IAM User. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_user` resource block declares the tests for a single AWS IAM User by user name. - -```ruby -describe aws_iam_user(user_name: 'psmith') do - it { should exist } -end -``` - -## Parameters - -`user_name` _(required)_ - -: This resource accepts a single parameter, the User's username which uniquely identifies the User. -This can be passed either as a string or as a `user_name: 'value'` key-value entry in a hash. - -## Properties - -`username` -: The friendly name identifying the user. - -`user_id` -: The stable and unique string identifying the user. - -`user_arn` -: The Amazon Resource Name (ARN) that identifies the user. - -`access_keys` -: An array of hashes each containing metadata about the user's Access Keys. - -`inline_policy_names` -: The names of policies directly attached to the user. - -`attached_policy_names` -: The name of standalone IAM policies which are attached to the user. - -`attached_policy_arns` -: The Amazon Resource Name (ARN) that identifies the user. - -`user_path` -: The path to the user. - -`user_create_date` -: The date and time, in ISO 8601 date-time format, when the user was created. - -`user_password_last_used` -: The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. - -`permissions_boundary` -: The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. - -`user_tags` -: A list of tags that are associated with the user. - -* has_mfa_enabled -* has_console_password - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Test that an IAM user does not exist.** - -```ruby -describe aws_iam_user(user_name: 'invalid-user') do - it { should_not exist } -end -``` - -**Test that an IAM user has MFA enabled.** - -```ruby -describe aws_iam_user('psmith') do - it { should exist } - it { should have_mfa_enabled } -end -``` - -**Ensure a User has no Access Keys or Inline Policies.** - -```ruby -describe aws_iam_user('psmith') do - it { should exist } - its('access_keys') { should be_empty } - its('inline_policy_names') { should be_empty } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -#### has_mfa_enabled - -This will check if the requested User has Multi Factor Authentication enabled. - -```ruby -it { should have_mfa_enabled } -``` - - -#### has_console_password - -This will ensure the User has a console password set. - -```ruby -it { should have_console_password } -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow: -`IAM:Client:GetUserResponse` -`IAM:Client:GetLoginProfileResponse` -`IAM:Client:ListMFADevicesResponse` -`IAM:Client:ListAccessKeysResponse` -`IAM:Client:ListUserPoliciesResponse` -`IAM:Client:ListAttachedUserPoliciesResponse` diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_users.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_users.md deleted file mode 100644 index 83add74f68..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_users.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_iam_users Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_users" -identifier = "inspec/resources/aws/aws_iam_users Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_users` InSpec audit resource to test properties of some or all AWS IAM Users. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_iam_users` resource block returns all IAM Users and allows the testing of that group of Users. - -```ruby -describe aws_iam_users do - its('usernames') { should include 'payroll-admin' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`usernames` -: The usernames of the returned Users. - -`user_arns` -: The Amazon Resource Names of the returned Users. - -`user_ids` -: The IDs of the returned Users. - -`access_keys` -: Array of Access Keys belonging to each User. - -`has_attached_policies` -: Whether or not the User has IAM Policies attached. - -`attached_policy_names` -: The names (if any) of the IAM Policies attached to the User. - -`attached_policy_arns` -: The Amazon Resource Names (if any) of the IAM Policies attached to the User. - -`has_console_password` -: Whether or not the User has a console password set. - -`has_inline_policies` -: Boolean indicating whether or not the User has policies set directly on them. - -`inline_policy_names` -: The names of the policies (if any) which are directly on the User. - -`has_mfa_enabled` -: Boolean indicating whether the User has MFA enabled or not. - -`password_ever_used?` -: Whether the user has even used their console password. - -`password_last_used_days_ago` -: How long ago, in days, since the user last used their console password. Returns `-1` if the password has never been used. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure there are no Users who do not have MFA enabled.** - -```ruby -describe aws_iam_users.where( has_mfa_enabled: false) do - it { should_not exist } -end -``` - -**Ensure there are no Users with inline policies.** - -```ruby -describe aws_iam_users.where(has_inline_policies: true) do - its('usernames') { should be_empty } -end -``` - -**Ensure there are no Users with attached policies.** - -```ruby -describe aws_iam_users.where(has_attached_policies: true) do - its('usernames') { should be_empty } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_iam_users.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_iam_users.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow: -`IAM:Client:GetLoginProfileResponse` -`IAM:Client:ListUsersResponse` -`IAM:Client:ListMFADevicesResponse` -`IAM:Client:ListAccessKeysResponse` -`IAM:Client:ListUserPoliciesResponse` -`IAM:Client:ListAttachedUserPoliciesResponse` diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_virtual_mfa_devices.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_virtual_mfa_devices.md deleted file mode 100644 index 1271ea9f14..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_iam_virtual_mfa_devices.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_iam_virtual_mfa_devices Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_iam_virtual_mfa_devices" -identifier = "inspec/resources/aws/aws_iam_virtual_mfa_devices Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_iam_virtual_mfa_devices` InSpec audit resource to test properties of multiple virtual multi-factor authentication (MFA) devices. - -This resource does not require any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on IAM virtual MFA Devices](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a virtual MFA device exists. - -```ruby -describe aws_iam_virtual_mfa_devices do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`serial_numbers` -: A list of the virtual MFA device's serial number identifiers. - -: **Field**: `serial_number` - -`paths` -: A list of the user paths. - -: **Field**: `path` - -`user_names` -: A list of the friendly names identifying the users. - -: **Field**: `user_name` - -`user_ids` -: A list of the stable and unique user IDs. - -: **Field**: `user_id` - -`arns` -: A list of the Amazon Resource Names (ARNs) that identify the users. - -: **Field**: `arn` - -`create_dates` -: A list of timestamps, in ISO 8601 date-time format, when the user was created. - -: **Field**: `create_date` - -`enable_dates` -: A list of timestamps on which the virtual MFA devices were enabled. - -: **Field**: `enable_date` - -`tags` -: A list of the tags for the resources. - -: **Field**: `tags` - -## Examples - -**Ensure a username is available.** - -```ruby -describe aws_iam_virtual_mfa_devices do - its('user_names') { should include 'USER_NAME' } -end -``` - -**Ensure that an ARN is available.** - -```ruby -describe aws_iam_virtual_mfa_devices do - its('arns') { should include 'USER_ARN' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a complete list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_iam_virtual_mfa_devices do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_iam_virtual_mfa_devices do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_iam_virtual_mfa_devices do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="IAM:Client:ListVirtualMFADevicesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_internet_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_internet_gateway.md deleted file mode 100644 index be3d1e3088..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_internet_gateway.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_internet_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_internet_gateway" -identifier = "inspec/resources/aws/aws_internet_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_internet_gateway` InSpec audit resource to test the properties of a single AWS internet gateway. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_internet_gateway` resource block declares the tests for a single AWS internet gateway by id or name. - -```ruby -describe aws_internet_gateway(id: 'igw-abc0123456789deff') do - it { should exist } -end -``` - -```ruby -describe aws_internet_gateway(name: 'my-igw') do - it { should exist } -end -``` - -## Parameters - -Either the id or the name must be provided. - -`id` _(required if `name` not provided)_ - -: The value of the `internet_gateway_id` assigned by the AWS after the resource has been created. - This should be in the format of `igw-` followed by 8 or 17 hexadecimal characters and passed as an `id: 'value'` key-value entry in a hash. - -`name` _(required if `id` not provided)_ - -: If a `Name` tag is applied to the internet gateway, this can be used to lookup the resource. - This must be passed as a `name: 'value'` key-value entry in a hash. - If there are multiple internet gateways with the same name, this resource will raise an error. - -## Properties - -`id` -: The ID of the internet gateway. - -`name` -: The value of the `Name` tag. It is `nil` if not defined. - -`vpc_id` -: The ID of the attached VPC. It is `nil` if the resource is in a `detached` state. - -`tags` -: A hash, with each key-value pair corresponding to an internet gateway tag. - -`attached?` -: Indicates whether the internet gateway is **attached** to a VPC or not (`true` or `false`). - -`detached?` -: Indicates whether the internet gateway is in a **detached** state or not (`true` or `false`). - -`owner_id` -: The ID of the AWS account that owns the internet gateway. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InternetGateway.html) - -## Examples - -**Test that the internet gateway is attached.** - -```ruby -describe aws_internet_gateway(name: 'my-igw') do - it { should be_attached } -end -``` - -**Test that the ID of the attached VPC is `vpc-1234567890abcdef1`.** - -```ruby -describe aws_internet_gateway(id: 'igw-abc0123456789deff') do - its('vpc_id') { should eq `vpc-1234567890abcdef1` } -end -``` - -**Test that the internet gateway has a certain tag.** - -```ruby -describe aws_internet_gateway(name: 'my-igw') do - its('tags') { should include('environment' => 'dev') } -**Regardless of the value.** - -end -``` - -## Matchers - -This InSpec audit resource has the following special matcher. For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - - -### exist - -```ruby -describe aws_internet_gateway(name: 'my-igw') do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeInternetGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_internet_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_internet_gateways.md deleted file mode 100644 index 39a8bc41b7..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_internet_gateways.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_internet_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_internet_gateways" -identifier = "inspec/resources/aws/aws_internet_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_internet_gateways` InSpec audit resource to test the properties of all AWS internet gateways owned by the AWS account. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_internet_gateways` resource block collects all of the internet gateways and then tests that group. - -```ruby -describe aws_internet_gateways do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID of the internet gateway. - -: **Field**: `id` - -`names` -: The value of the `Name` tag. It is `nil` if not defined. - -: **Field**: `name` - -`vpc_ids` -: The ID of the attached VPC. It is `nil` if the resource is in a `detached` state. - -: **Field**: `vpc_id` - -`tags` -: A hash, with each key-value pair corresponding to an internet gateway tag. - -: **Field**: `tags` - -`attachment_states` -: Indicates whether the internet gateway is attached to a VPC (`attached` or `detached`). - -: **Field**: `attachment_state` - -`owner_ids` -: The ID of the AWS account that owns the internet gateway. - -: **Field**: `owner_id` - -## Examples - -**Test that there are exactly 3 internet gateways.** - -```ruby -describe aws_internet_gateway do - its('count') { should cmp 3 } -end -``` - -**Use this InSpec resource to request the ids of all internet gateways, then test in-depth using `aws_internet_gateway`.** - -```ruby -aws_internet_gateways.ids.each do |id| - describe aws_internet_gateway(id: id) do - it { should be_attached } - end -end -``` - - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. -The field names described in the [properties table](##-properties) should be used for the `` in the `where` clause. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_internet_gateways.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_internet_gateways.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeInternetGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_kms_key.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_kms_key.md deleted file mode 100644 index 5bebdd1159..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_kms_key.md +++ /dev/null @@ -1,187 +0,0 @@ -+++ -title = "aws_kms_key Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_kms_key" -identifier = "inspec/resources/aws/aws_kms_key Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_kms_key` InSpec audit resource to test properties of a single AWS KMS Key. - -AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS lets you create master keys that can never be exported from the service and which can be used to encrypt and decrypt data based on policies you define. - -Each AWS KMS Key is uniquely identified by its key_id or arn. - -For additional information, including details on parameters and properties, see the [AWS documentation on KS Keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An aws_kms_key resource block identifies a key by key_arn or the key id. - - # Find a kms key by arn -```ruby -describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do - it { should exist } -end -``` - - # Find a kms key by just the id -```ruby -describe aws_kms_key('4321dcba-21io-23de-85he-ab0987654321') do - it { should exist } -end -``` - - # Hash syntax for key arn -```ruby -describe aws_kms_key(key_id: 'arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do - it { should exist } -end -``` - -## Parameters - -`alias` _(required if `key_id` not specified)_ - -: This resource accepts searching for a KMS Key by it's Alias. - This can be passed as a `alias: 'alias/value'` key-value entry in a hash. This will then use the `target_key_id` from the Alias to search for the KMS Key. - -`key_id` _(required if `alias` not specified)_ - -: This resource accepts searching for a KMS Key by the KMS Key ID which can represent both the actual Key ID or the ARN of the Key. - This can be passed either as a string or as a `key_id: 'value'` key-value entry in a hash. - -## Properties - -`key_id` -: The globally unique identifier for the key. - -`arn` -: The ARN identifier of the specified key. - -`creation_date` -: Specifies the date and time when the key was created. - -`created_days_ago` -: Specifies the number of days since the key was created. - -`key_state` -: Specifies the state of the key one of "Enabled", "Disabled", "PendingDeletion", "PendingImport". To just check if the key is enabled or not, use the `be_enabled` matcher. - -`description` -: The description of the key. - -`deletion_time` -: Specifies the date and time after which AWS KMS deletes the key. This value is present only when KeyState is PendingDeletion, otherwise this value is nil. - -`invalidation_time` -: Provides the date and time until the key is not valid. Once the key is not valid, AWS KMS deletes the key and it becomes unusable. This value will be null unless the keys Origin is EXTERNAL and its matcher have_key_expiration is set to true. - -`tags` -: A hash with each key-value pair corresponding to a tag associated with the entity. - -## Examples - -**Test that the specified key does exist.** - -```ruby -describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do - it { should exist } -end -``` - -**Test that the specified key is enabled.** - -```ruby -describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do - it { should be_enabled } -end -``` - -**Test that the specified key is rotation enabled.** - -```ruby -describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do - it { should have_rotation_enabled } -end -``` - -**Makes sure that the key was created at least 10 days ago.** - -```ruby -describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do - its('creation_date') { should be < Time.now - 10 * 86400 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). - -Use `should_not` to test the entity should not exist in all cases. - -### exist - -The control will pass if the describe returns at least one result. - - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -#### be_enabled - -The test will pass if the specified key's key_state is set to enabled. - -```ruby -it { should be_enabled } -``` - -#### be_external -Provides whether the source of the key's key material is external or not. If it is not external than it was created by AWS KMS. When it is external, the key material was imported from an existing key management infrastructure or the key lacks key material. - -```ruby -it { should be_external } -``` - -#### be_managed_by_aws - -Provides whether or not the key manager is from AWS. If it is not managed by AWS, it is managed by the customer. - -```ruby -it { should be_managed_by_aws } -``` - -#### have_key_expiration - -Specifies whether the key's key material expires. This value is null unless the keys Origin is External. - -```ruby -it { should have_key_expiration } -``` - -#### have_rotation_enabled - -The test will pass if automatic rotation of the key material is enabled for the specified key. - -```ruby -it { should have_rotation_enabled } -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `KMS:Client:DescribeKeyResponse`, and `KMS:Client:GetKeyRotationStatusResponse` actions set to allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Key Management Service](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awskeymanagementservice.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_kms_keys.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_kms_keys.md deleted file mode 100644 index 53d082cd8f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_kms_keys.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aws_kms_keys Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_kms_keys" -identifier = "inspec/resources/aws/aws_kms_keys Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_kms_keys` InSpec audit resource to test properties of some or all AWS KMS Keys. - -AWS Key Management Service (KMS) is a managed service that makes creating and controlling your encryption keys for your data easier. KMS uses Hardware Security Modules (HSMs) to protect the security of your keys. - -AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. - -For additional information, including details on parameters and properties, see the [AWS documentation on KS Keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_kms_keys` resource block uses an optional filter to select a group of KMS Keys and then tests that group. - - # Verify the number of KMS keys in the AWS account -```ruby -describe aws_kms_keys do - its('entries.count') { should cmp 10 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`key_ids` -: The IDs of the returned keys. - -`key_arns` -: The Amazon Resource Names of the returned keys. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Ensure a Key exists.** - -```ruby -describe aws_kms_keys do - its('key_ids') { should include 'fd7e608b-f435-4186-b8b5-111111111111'} -end -``` - -**Allow at most 100 KMS Keys on the account.** - -```ruby -describe aws_kms_keys do - its('entries.count') { should be <= 100} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_kms_keys do - it { should exist } -end -``` - -```ruby -describe aws_kms_keys.where( : ) do - it { should_not exist } -end -``` - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="KMS:Client:ListKeysResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Key Management Service](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awskeymanagementservice.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda.md deleted file mode 100644 index dba56f8b29..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda.md +++ /dev/null @@ -1,61 +0,0 @@ -+++ -title = "aws_lambda Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda" -identifier = "inspec/resources/aws/aws_lambda Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda` resource to test a specific AWS Lambda function. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_lambda('LAMBDA_FUNCTION') do - it { should exist} - its ('handler') { should eq 'main.on_event'} - its ('version') { should eq '$LATEST' } - its ('runtime') { should eq 'python3.7' } -end -``` - -## Parameters - -This resource expects the name of the AWS Lambda function. - -## Properties - -This resource can test all properties defined by the [Aws::lambda::Types::GetFunctionResponse](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Types/GetFunctionResponse.html) class. - -## Examples - - -**Test that all lambda functions with a particular tag is correctly deployed.** - -```ruby -describe aws_lambda('LAMBDA_FUNCTION') do - it { should exist} - its ('handler') { should eq 'main.on_event'} - its ('version') { should eq '$LATEST' } - its ('runtime') { should eq 'python3.7' } -end -``` - -## Matchers - -This InSpec audit resource uses the standard matchers. For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:GetFunctionResponse" %}} - -You can find detailed documentation at [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_alias.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_alias.md deleted file mode 100644 index dd314647bb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_alias.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_lambda_alias Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_alias" -identifier = "inspec/resources/aws/aws_lambda_alias Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_alias` InSpec audit resource to test properties of a single AWS Lambda alias. - -The `AWS::Lambda::Alias` resource creates an alias for a Lambda function version. Use aliases to provide clients with a function identifier that you can update to invoke a different version. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda alias](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the alias exists. - -```ruby -describe aws_lambda_alias(function_name: 'FUNCTION_NAME', function_alias_name: 'FUNCTION_ALIAS_NAME') do - it { should exist } -end -``` - -## Parameters - -`function_name` _(required)_ - -: The name of the lambda function. - -`function_alias_name` _(required)_ - -: Name of the alias for which you want to retrieve information. - -## Properties - -`alias_arn` -: Lambda function ARN that is qualified using the alias name as the suffix. - -`name` -: The alias name. - -`function_version` -: Function version to which the alias points. - -`description` -: The alias description. - -`routing_config.additional_version_weights` -: The name of the second alias, and the percentage of traffic that is routed to it. - -`revision_id` -: Represents the latest updated revision of the function or alias. - -## Examples - -**Ensure an alias ARN is available.** - -```ruby -describe aws_lambda_alias(function_name: 'FUNCTION_NAME', function_alias_name: 'FUNCTION_ALIAS_NAME') do - its('alias_arn') { should eq 'ALIAS_ARN' } -end -``` - -**Ensure a alias name is available.** - -```ruby -describe aws_lambda_alias(function_name: 'FUNCTION_NAME', function_alias_name: 'FUNCTION_ALIAS_NAME') do - its('name') { should eq 'FUNCTION_ALIAS_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_alias(function_name: 'FUNCTION_NAME', function_alias_name: 'FUNCTION_ALIAS_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_alias(function_name: 'FUNCTION_NAME', function_alias_name: 'FUNCTION_ALIAS_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_alias(function_name: 'FUNCTION_NAME', function_alias_name: 'FUNCTION_ALIAS_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:AliasConfiguration" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_aliases.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_aliases.md deleted file mode 100644 index 87a1bb6c51..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_aliases.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_lambda_aliases Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_aliases" -identifier = "inspec/resources/aws/aws_lambda_aliases Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_aliases` InSpec audit resource to test properties of multiple AWS Lambda aliases. - -The `AWS::Lambda::Alias` resource creates an alias for a Lambda function version. Use aliases to provide clients with a function identifier that you can update to invoke a different version. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda alias](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the alias exists. - -```ruby -describe aws_lambda_aliases(function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`function_name` _(required)_ - -: The name of the lambda function. - -## Properties - -`alias_arns` -: Lambda function ARN that is qualified using the alias name as the suffix. - -: **Field**: `alias_arn` - -`names` -: The alias names. - -: **Field**: `name` - -`function_versions` -: Function version to which the alias points. - -: **Field**: `function_version` - -`descriptions` -: The alias descriptions. - -: **Field**: `description` - -`routing_configs` -: Specifies an additional function versions the alias points to, allowing you to dictate what percentage of traffic will invoke each version. - -: **Field**: `routing_config` - -`revision_ids` -: Represents the latest updated revision of the function or alias. - -: **Field**: `revision_id` - -## Examples - -**Ensure an alias ARN is available.** - -```ruby -describe aws_lambda_aliases(function_name: 'FUNCTION_NAME') do - its('alias_arns') { should include 'ALIAS_ARN' } -end -``` - -**Ensure an alias name is available.** - -```ruby -describe aws_lambda_aliases(function_name: 'FUNCTION_NAME') do - its('names') { should include 'FUNCTION_ALIAS_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_aliases(function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_aliases(function_name: 'FUNCTION_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_aliases(function_name: 'FUNCTION_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:ListAliasesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_code_signing_config.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_code_signing_config.md deleted file mode 100644 index 3d7bcf47e8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_code_signing_config.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_lambda_code_signing_config Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_code_signing_config" -identifier = "inspec/resources/aws/aws_lambda_code_signing_config Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_code_signing_config` InSpec audit resource to test properties of a single AWS Lambda code signing configuration. - -The `AWS::Lambda::CodeSigningConfig` resource specifies the details about a code signing configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM CodeSigningConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the code signing config exists. - -```ruby -describe aws_lambda_code_signing_config(code_signing_config_arn: 'CODE_SIGNING_CONFIG_ARN') do - it { should exist } -end -``` - -## Parameters - -`code_signing_config_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the code signing configuration. - -## Properties - -`code_signing_config_id` -: Unique identifier for the Code signing configuration. - -`code_signing_config_arn` -: The Amazon Resource Name (ARN) of the Code signing configuration. - -`description` -: Code signing configuration description. - -`allowed_publishers.signing_profile_version_arns` -: The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. - -`code_signing_policies.untrusted_artifact_on_deployment` -: Code signing configuration policy for deployment validation failure. - -`last_modified` -: The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD). - -## Examples - -**Ensure a code signing config ID is available.** - -```ruby -describe aws_lambda_code_signing_config(code_signing_config_arn: 'CODE_SIGNING_CONFIG_ARN') do - its('code_signing_config_id') { should eq 'CODE_SIGNING_CONFIG_ID' } -end -``` - -**Ensure a code signing config ARN is available.** - -```ruby -describe aws_lambda_code_signing_config(code_signing_config_arn: 'CODE_SIGNING_CONFIG_ARN') do - its('code_signing_config_arn') { should eq 'CODE_SIGNING_CONFIG_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_code_signing_config(code_signing_config_arn: 'CODE_SIGNING_CONFIG_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_code_signing_config(code_signing_config_arn: 'CODE_SIGNING_CONFIG_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_code_signing_config(code_signing_config_arn: 'CODE_SIGNING_CONFIG_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:GetCodeSigningConfigResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_code_signing_configs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_code_signing_configs.md deleted file mode 100644 index 1cc1da3f21..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_code_signing_configs.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_lambda_code_signing_configs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_code_signing_configs" -identifier = "inspec/resources/aws/aws_lambda_code_signing_configs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_code_signing_configs` InSpec audit resource to test properties of multiple AWS Lambda code signing configurations. - -The `AWS::Lambda::CodeSigningConfig` resource specifies the details about a code signing configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM CodeSigningConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the code signing config exists. - -```ruby -describe aws_lambda_code_signing_configs do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`code_signing_config_ids` -: Unique identifier for the Code signing configuration. - -: **Field**: `code_signing_config_id` - -`code_signing_config_arns` -: The Amazon Resource Name (ARN) of the Code signing configuration. - -: **Field**: `code_signing_config_arn` - -`descriptions` -: Code signing configuration description. - -: **Field**: `description` - -`allowed_publishers` -: The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. - -: **Field**: `allowed_publishers` - -`code_signing_policies` -: Code signing configuration policy for deployment validation failure. - -: **Field**: `code_signing_policies` - -`last_modified` -: The date and time that the Code signing configuration was last modified, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD). - -: **Field**: `last_modified` - -## Examples - -**Ensure a code signing config id is available.** - -```ruby -describe aws_lambda_code_signing_configs do - its('code_signing_config_ids') { should include 'CODE_SIGNING_CONFIG_ID' } -end -``` - -**Ensure a code signing config arn is available.** - -```ruby -describe aws_lambda_code_signing_configs do - its('code_signing_config_arns') { should include 'CODE_SIGNING_CONFIG_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_code_signing_configs do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_code_signing_configs do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_code_signing_configs do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:ListCodeSigningConfigsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_invoke_config.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_invoke_config.md deleted file mode 100644 index 0b59050a60..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_invoke_config.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "aws_lambda_event_invoke_config Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_event_invoke_config" -identifier = "inspec/resources/aws/aws_lambda_event_invoke_config Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_event_invoke_config` InSpec audit resource to test properties of a specific AWS Lambda EventInvokeConfig. - -The AWS::Lambda::EventInvokeConfig resource configures options for asynchronous invocation on a version or an alias. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda EventInvokeConfig.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the config exists. - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`function_name` _(required)_ - -: The name of the function. - -## Properties - -`last_modified` -: The date and time that the configuration was last updated. - -: **Field**: `last_modified` - -`function_arn` -: The Amazon Resource Name (ARN) of the function. - -: **Field**: `function_arn` - -`maximum_retry_attempts` -: The maximum number of times to retry when the function returns an error. - -: **Field**: `maximum_retry_attempts` - -`maximum_event_age_in_seconds` -: The maximum age of a request that Lambda sends to a function for processing. - -: **Field**: `maximum_event_age_in_seconds` - -`on_success_destinations` -: The destination configuration for successful invocations. The Amazon Resource Name (ARN) of the destination resource. - -: **Field**: `destination_config (on_success (destination))` - -`on_faliure_destinations` -: The destination configuration for failed invocations. The Amazon Resource Name (ARN) of the destination resource. - -: **Field**: `destination_config (on_failure (destination))` - -## Examples - -**Ensure an arn is available.** - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - its('function_arn') { should eq 'FUNCTION_ARN' } -end -``` - -**Ensure a maximum retry attempts is available.** - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - its('maximum_retry_attempts') { should eq 1 } -end -``` - -**Ensure on success destination is available.** - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - its('on_success_destinations') { should include 'DESTINATION' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_event_invoke_config(function_name: 'FUNCTION_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:FunctionEventInvokeConfig" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_invoke_configs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_invoke_configs.md deleted file mode 100644 index 6d1fe57565..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_invoke_configs.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_lambda_event_invoke_configs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_event_invoke_configs" -identifier = "inspec/resources/aws/aws_lambda_event_invoke_configs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_event_invoke_configs` InSpec audit resource to test properties of the plural resource of AWS Lambda EventInvokeConfig. - -The AWS::Lambda::EventInvokeConfig resource configures options for asynchronous invocation on a version or an alias. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda EventInvokeConfig.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the config exists. - -```ruby -describe aws_lambda_event_invoke_configs(function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`function_name` _(required)_ - -: The name of the function. - -## Properties - -`last_modified` -: The date and time that the configuration was last updated. - -: **Field**: `last_modified` - -`function_arns` -: The Amazon Resource Name (ARN) of the function. - -: **Field**: `function_arn` - -`maximum_retry_attempts` -: The maximum number of times to retry when the function returns an error. - -: **Field**: `maximum_retry_attempts` - -`destination_configs` -: A destination for events after they have been sent to a function for processing. - -: **Field**: `destination_configs` - -## Examples - -**Ensure an arn is available.** - -```ruby -describe aws_lambda_event_invoke_configs(function_name: 'FUNCTION_NAME') do - its('function_arns') { should include 'FUNCTION_ARN' } -end -``` - -**Ensure a maximum retry attempts is available.** - -```ruby -describe aws_lambda_event_invoke_configs(function_name: 'FUNCTION_NAME') do - its('maximum_retry_attempts') { should include 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_event_invoke_configs(function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_event_invoke_configs(function_name: 'FUNCTION_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:ListFunctionEventInvokeConfigsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_source_mapping.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_source_mapping.md deleted file mode 100644 index dabe027fb3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_source_mapping.md +++ /dev/null @@ -1,158 +0,0 @@ -+++ -title = "aws_lambda_event_source_mapping Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_event_source_mapping" -identifier = "inspec/resources/aws/aws_lambda_event_source_mapping Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_event_source_mapping` InSpec audit resource to test properties of a single mapping between an AWS event source and an AWS Lambda function. - -The `AWS::Lambda::EventSourceMapping` resource creates a mapping between an event source and an AWS Lambda function. Lambda reads items from the event source and triggers the function. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda EventSourceMapping](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a UUID exists. - -```ruby -describe aws_lambda_event_source_mapping(uuid: 'EVENT_SOURCE_MAPPING_UUID') do - it { should exist } -end -``` - -## Parameters - -`uuid` _(required)_ - -: The identifier of the event source mapping. - -## Properties - -`uuid` -: The identifier of the event source mapping. - -`starting_position` -: The position in a stream from which to start reading. Required for Amazon Kinesis, Amazon DynamoDB, and Amazon MSK Streams sources. `AT_TIMESTAMP` is only supported for Amazon Kinesis streams. - -`starting_position_timestamp` -: With `StartingPosition` set to `AT_TIMESTAMP`, the time from which to start reading. - -`batch_size` -: The maximum number of items to retrieve in a single batch. - -`maximum_batching_window_in_seconds` -: (Streams and SQS standard queues) The maximum amount of time to gather records before invoking the function, in seconds. The default value is zero. - -`parallelization_factor` -: (Streams only) The number of batches to process from each shard concurrently. The default value is 1. - -`event_source_arn` -: The Amazon Resource Name (ARN) of the event source. - -`function_arn` -: The ARN of the Lambda function. - -`last_modified` -: The date that the event source mapping was last updated, or its state changed. - -`last_processing_result` -: The result of the last AWS Lambda invocation of your Lambda function. - -`state` -: The state of the event source mapping. It can be one of the following: `Creating`, `Enabling`, `Enabled`, `Disabling`, `Disabled`, `Updating`, or `Deleting`. - -`state_transition_reason` -: Indicates whether the last change to the event source mapping was made by a user, or by the Lambda service. - -`destination_config (on_success (destination))` -: (Streams) An Amazon SQS queue or Amazon SNS topic destination for discarded records. The Amazon Resource Name (ARN) of the destination resource. - -`destination_config (on_failure (destination))` -: The destination configuration for failed invocations. The Amazon Resource Name (ARN) of the destination resource. - -`topics` -: The name of the Kafka topic. - -`queues` -: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume. - -`source_access_configurations (type)` -: An array of the authentication protocol, or the VPC components to secure your event source. The type of authentication protocol or the VPC components for your event source. Valid values: `BASIC_AUTH`, `SASL_SCRAM_256_AUTH`, `SASL_SCRAM_512_AUTH`, `VIRTUAL_HOST`, `VPC_SECURITY_GROUP`, `VPC_SUBNET`. - -`source_access_configurations (uri)` -: An array of the authentication protocol, or the VPC components to secure your event source. The value for your chosen configuration in Type. For example: `"URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName"`. - -`maximum_record_age_in_seconds` -: (Streams only) Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires. - -`bisect_batch_on_function_error` -: (Streams only) If the function returns an error, split the batch in two and retry. The default value is false. - -`maximum_retry_attempts` -: (Streams only) Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires. - -## Examples - -**Ensure an UUID is available.** - -```ruby -describe aws_lambda_event_source_mapping(uuid: 'EVENT_SOURCE_MAPPING_UUID') do - its('uuid') { should eq 'EVENT_SOURCE_MAPPING_UUID' } -end -``` - -**Ensure that the state is `Creating` or not.** - -```ruby -describe aws_lambda_event_source_mapping(uuid: 'EVENT_SOURCE_MAPPING_UUID') do - its('state') { should eq 'Creating' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_event_source_mapping(uuid: 'EVENT_SOURCE_MAPPING_UUID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_event_source_mapping(uuid: 'EVENT_SOURCE_MAPPING_UUID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the uuid is available. - -```ruby -describe aws_lambda_event_source_mapping(uuid: 'EVENT_SOURCE_MAPPING_UUID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:EventSourceMappingConfiguration" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_source_mappings.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_source_mappings.md deleted file mode 100644 index f558b893d9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_event_source_mappings.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_lambda_event_source_mappings Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_event_source_mappings" -identifier = "inspec/resources/aws/aws_lambda_event_source_mappings Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_event_source_mappings` InSpec audit resource to test properties of multiple mappings between AWS event sources and AWS Lambda functions. - -The `AWS::Lambda::EventSourceMapping` resource creates a mapping between an event source and an AWS Lambda function. Lambda reads items from the event source and triggers the function. - -For additional information, including details on parameters and properties, see the [AWS documentation on Athena Work Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-workgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a mapping exists. - -```ruby -describe aws_lambda_event_source_mappings do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`uuids` -: The identifier of the event source mapping. - -`starting_positions` -: The position in a stream from which to start reading. Required for Amazon Kinesis, Amazon DynamoDB, and Amazon MSK Streams sources. `AT_TIMESTAMP` is only supported for Amazon Kinesis streams. - -`starting_position_timestamps` -: With `StartingPosition` set to `AT_TIMESTAMP`, the time from which to start reading. - -`batch_sizes` -: The maximum number of items to retrieve in a single batch. - -`maximum_batching_window_in_seconds` -: (Streams and SQS standard queues) The maximum amount of time to gather records before invoking the function, in seconds. The default value is zero. - -`parallelization_factors` -: (Streams) The number of batches to process from each shard concurrently. The default value is 1. - -`event_source_arns` -: The Amazon Resource Name (ARN) of the event source. - -`function_arns` -: The ARN of the Lambda function. - -`last_modified` -: The date that the event source mapping was last updated, or its state changed. - -`last_processing_results` -: The result of the last AWS Lambda invocation of your Lambda function. - -`states` -: The state of the event source mapping. It can be one of the following: `Creating`, `Enabling`, `Enabled`, `Disabling`, `Disabled`, `Updating`, or `Deleting`. - -`state_transition_reasons` -: Indicates whether the last change to the event source mapping was made by a user, or by the Lambda service. - -`destination_configs` -: The destination configuration of the destination resource. - -`topics` -: The name of the Kafka topic. - -`queues` -: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume. - -`source_access_configurations` -: An array of the authentication protocol, or the VPC components to secure your event source. - -`maximum_record_age_in_seconds` -: (Streams) Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires. - -`bisect_batch_on_function_errors` -: (Streams only) If the function returns an error, split the batch in two and retry. The default value is false. - -`maximum_retry_attempts` -: (Streams only) Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires. - -## Examples - -**Ensure an UUID is available.** - -```ruby -describe aws_lambda_event_source_mappings do - its('uuids') { should include 'EVENT_SOURCE_MAPPING_UUID' } -end -``` - -**Ensure that a mapping has the `Creating` state or not.** - -```ruby -describe aws_lambda_event_source_mappings do - its('states') { should include 'Creating' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_event_source_mappings do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_event_source_mappings do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_lambda_event_source_mappings do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:ListEventSourceMappingsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_layer_version_permission.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_layer_version_permission.md deleted file mode 100644 index d93beb0388..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_layer_version_permission.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_lambda_layer_version_permission Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_layer_version_permission" -identifier = "inspec/resources/aws/aws_lambda_layer_version_permission Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_layer_version_permission` InSpec audit resource to test properties of a single AWS Lambda layer version permission. - -The `AWS::Lambda::LayerVersionPermission` resource adds permissions to the resource-based policy of a version of an Lambda layer. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda layer version permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the permission exists. - -```ruby -describe aws_lambda_layer_version_permission(layer_name: 'LAYER_NAME', version_number: 'VERSION_NUMBER') do - it { should exist } -end -``` - -## Parameters - -`layer_name` _(required)_ - -: The name or Amazon Resource Name (ARN) of the layer. - -`version_number` _(required)_ - -: The version number. - -## Properties - -`policy` -: The policy document. - -`revision_id` -: A unique identifier for the current revision of the policy. - -## Examples - -**Ensure a policy is available.** - -```ruby -describe aws_lambda_layer_version_permission(layer_name: 'LAYER_NAME', version_number: 'VERSION_NUMBER') do - its('policy') { should eq 'POLICY' } -end -``` - -**Ensure a revision ID is available.** - -```ruby -describe aws_lambda_layer_version_permission(layer_name: 'LAYER_NAME', version_number: 'VERSION_NUMBER') do - its('revision_id') { should eq 'REVISION_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_layer_version_permission(layer_name: 'LAYER_NAME', version_number: 'VERSION_NUMBER') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_layer_version_permission(layer_name: 'LAYER_NAME', version_number: 'VERSION_NUMBER') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_layer_version_permission(layer_name: 'LAYER_NAME', version_number: 'VERSION_NUMBER') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:GetLayerVersionPolicyResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_permission.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_permission.md deleted file mode 100644 index 48d5ee02e9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_permission.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "aws_lambda_permission Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_permission" -identifier = "inspec/resources/aws/aws_lambda_permission Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_permission` InSpec audit resource to test properties of a single AWS Lambda permission. - -The `AWS::Lambda::Permission` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that permission has the desired statement ID. - -```ruby -describe aws_lambda_permission(function_name: 'LAMBDA_FUNCTION_NAME', Sid: 'STATEMENT_ID') do - its('sid') { should eq 'STATEMENT_ID' } -end -``` - -## Parameters - -`function_name` _(required)_ - -: The name of the Lambda function. - -`Sid` _(required)_ - -: The statement ID of the function. - -## Properties - -`sid` -: The statement ID of the function. - -`effect` -: The effect of the function. - -`principal` -: The AWS service or account that invokes the function. - -`action` -: The action that the principal can use on the function. - -`resource` -: The resource ARN of the function. - -## Examples - -**Ensure a statement ID is available.** - -```ruby -describe aws_lambda_permission(function_name: 'LAMBDA_FUNCTION_NAME', Sid: 'STATEMENT_ID') do - its('sid') { should eq 'StatementID' } -end -``` - -**Ensure a effect is available.** - -```ruby -describe aws_lambda_permission(function_name: 'LAMBDA_FUNCTION_NAME', Sid: 'STATEMENT_ID') do - its('effect') { should eq 'Allow' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:GetPolicyResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_permissions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_permissions.md deleted file mode 100644 index c8d3ed6adb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_permissions.md +++ /dev/null @@ -1,80 +0,0 @@ -+++ -title = "aws_lambda_permissions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_permissions" -identifier = "inspec/resources/aws/aws_lambda_permissions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_permissions` InSpec audit resource to test properties of multiple AWS Lambda permissions. - -The `AWS::Lambda::Permission` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that permission has the desired statement id. - -```ruby -describe aws_lambda_permission(function_name: 'LAMBDA_FUNCTION_NAME') do - its('sids') { should include 'STATEMENT_ID' } -end -``` - -## Parameters - -`function_name` _(required)_ - -## Properties - -`sids` -: The statement ID of the function. - -`effects` -: The effect of the function. - -`principals` -: The AWS services or accounts that invokes the function. - -`actions` -: The action of the function. - -`resources` -: The resource ARNs of the function.. - -## Examples - -**Ensure a statement ID is available.** - -```ruby -describe aws_lambda_permission(function_name: 'LAMBDA_FUNCTION_NAME') do - its('sids') { should include 'STATEMENT_ID' } -end -``` - -**Ensure an effect is available.** - -```ruby -describe aws_lambda_permission(function_name: 'LAMBDA_FUNCTION_NAME') do - its('effects') { should include 'Allow' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:GetPolicyResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_version.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_version.md deleted file mode 100644 index c6a86d212b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_version.md +++ /dev/null @@ -1,138 +0,0 @@ -+++ -title = "aws_lambda_version Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_version" -identifier = "inspec/resources/aws/aws_lambda_version Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_version` InSpec audit resource to test properties of a single AWS Lambda function version. - -The `AWS::Lambda::Version` resource creates a version from the current code and configuration of a function. Use versions to create a snapshot of your function code and configuration that doesn't change. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda Version](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the Lambda layer version exists. - -```ruby -describe aws_lambda_version(layer_name: 'LAYER_NAME', version_number: 1) do - it { should exist } -end -``` - -## Parameters - -`layer_name` _(required)_ - -: The name or Amazon Resource Name (ARN) of the Lambda layer. - -`version_number` _(required)_ - -: The version number. - -## Properties - -`content.location` -: A link to the layer archive in Amazon S3 that is valid for 10 minutes. - -`content.code_sha_256` -: The SHA-256 hash of the layer archive. - -`content.code_size` -: The size of the layer archive in bytes. - -`content.signing_profile_version_arn` -: The Amazon Resource Name (ARN) for a signing profile version. - -`content.signing_job_arn` -: The Amazon Resource Name (ARN) of a signing job. - -`layer_arn` -: The ARN of the layer. - -`layer_version_arn` -: The ARN of the layer version. - -`description` -: The description of the version. - -`created_date` -: The date that the layer version was created, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD). - -`version` -: The version number. - -`compatible_runtimes` -: The layer's compatible runtimes. - -`license_info` -: The layer's software license. - -`compatible_architectures` -: A list of compatible instruction set architectures. - -## Examples - -**Ensure a layer ARN is available.** - -```ruby -describe aws_lambda_version(layer_name: 'LAYER_NAME', version_number: 1) do - its('layer_arn') { should eq 'LAYER_ARN' } -end -``` - -**Ensure a layer version ARN is available.** - -```ruby -describe aws_lambda_version(layer_name: 'LAYER_NAME', version_number: 1) do - its('layer_version_arn') { should eq 'LAYER_VERSION_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_version(layer_name: 'LAYER_NAME', version_number: 1) do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_version(layer_name: 'LAYER_NAME', version_number: 1) do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_version(layer_name: 'LAYER_NAME', version_number: 1) do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:GetLayerVersionResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_versions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_versions.md deleted file mode 100644 index 670c3ed637..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambda_versions.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_lambda_versions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambda_versions" -identifier = "inspec/resources/aws/aws_lambda_versions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambda_versions` InSpec audit resource to test properties of multiple AWS Lambda function versions. - -The `AWS::Lambda::Version` resource creates a version from the current code and configuration of a function. Use versions to create a snapshot of your function code and configuration that doesn't change. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Lambda Version](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a Lambda version exists. - -```ruby -describe aws_lambda_versions(layer_name: 'LAYER_NAME') do - it { should exist } -end -``` - -## Parameters - -`layer_name` _(required)_ - -: The name or Amazon Resource Name (ARN) of the Lambda layer. - -## Properties - -`layer_version_arns` -: The ARN of the layer version. - -: **Field**: `layer_version_arn` - -`versions` -: The version number. - -: **Field**: `version` - -`descriptions` -: The description of the version. - -: **Field**: `description` - -`created_dates` -: The date that the layer version was created, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD). - -: **Field**: `created_date` - -`compatible_runtimes` -: The layer's compatible runtimes. - -: **Field**: `compatible_runtimes` - -`license_infos` -: The layer's software license. - -: **Field**: `license_info` - -`compatible_architectures` -: A list of compatible instruction set architectures . - -: **Field**: `compatible_architectures` - -## Examples - -**Ensure a layer version ARN is available.** - -```ruby -describe aws_lambda_versions(layer_name: 'LAYER_NAME') do - its('layer_version_arns') { should include 'LAYER_VERSION_ARN' } -end -``` - -**Ensure a version is available.** - -```ruby -describe aws_lambda_versions(layer_name: 'LAYER_NAME') do - its('versions') { should include 1 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_lambda_versions(layer_name: 'LAYER_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_lambda_versions(layer_name: 'LAYER_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_lambda_versions(layer_name: 'LAYER_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:ListLayerVersionsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambdas.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambdas.md deleted file mode 100644 index 2ee240f5bd..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_lambdas.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "aws_lambdas Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_lambdas" -identifier = "inspec/resources/aws/aws_lambdas Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_lambdas` resource to test the collection of lambdas deployed into an account. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```` -describe aws_lambdas do - its('count') { should eq 20 } -end -```` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The names of the lambda deployed. - -`tags` -: The tags of the lambda deployed. - -## Examples - - -**Tests that all lambdas with a particular tag is correctly deployed.** - -```` -lambdas = aws_lambdas() - -describe lambdas do -its ('count') { should eq 33} -end - -lambdas.tags.each_with_index { | tag, i | -if tag!= {} and tag.include? 'Application' and tag['Application']=='test') - lambda_name = lambdas.names[i] - - describe aws_lambda(lambda_name) do - it { should exist} - its ('handler') { should eq 'main.on_event'} - its ('version') { should eq '$LATEST' } - its ('runtime') { should eq 'python3.7' } - end -end -} -```` - -## Matchers - -This InSpec audit resource uses the standard matchers. For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Lambda:Client:ListFunctionsResponse" %}} - -You can find detailed documentation at [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html) diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_launch_configuration.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_launch_configuration.md deleted file mode 100644 index b45eb3ff72..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_launch_configuration.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "aws_launch_configuration Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_launch_configuration" -identifier = "inspec/resources/aws/aws_launch_configuration Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_launch_configuration` InSpec audit resource to test properties of a single AWS Launch Configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on Launch Configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - # Ensure that a launch configuration exists and has the correct key name -```ruby -describe aws_launch_configuration('my-config') do - it { should exist } - its('key_name') { should be 'my-key-name' } -end -``` - - # You may also use hash syntax to pass the launch configuration name -```ruby -describe aws_launch_configuration(launch_configuration_name: 'my-config') do - it { should exist } -end -``` - -## Parameters - -`launch_configuration_name` _(required)_ - - -: This resource expects a single parameter, the `launch_configuration_name` which uniquely identifies the of a Launch Configuration. - -## Properties - -`arn` -: An string indicating the ARN of the launch configuration. - -`image_id` -: An string indicating the AMI of the launch configuration. - -`instance_type` -: A string indicating the instance type of the launch configuration. - -`iam_instance_profile` -: A string indicating the IAM profile for the launch configuration. - -`key_name` -: A string indicating the AWS key pair for the launch configuration. - -`security_groups` -: An array of strings of the security group IDs associated with the launch configuration. - -`associate_public_ip_address` -: A boolean indicating if the launch configuration is configured to set a public IP address. - -`user_data` -: A string containing the user data configured for the launch configuration. - -`ebs_optimized` -: A boolean indicating if the launch configuration is optimized for Amazon EBS. - -`instance_monitoring` -: A string indicating if instance monitoring is set to `detailed` or `basic`. - -`spot_price` -: A floating point number indicating the spot price configured. - -## Examples - -**Ensure a Launch Config is using the correct AMI .** - -```ruby -describe aws_launch_configuration('my-config') do - its('image_id') { should eq 'ami-012345'} -end -``` - -**Test the instance type used in a Launch Config.** - -```ruby -describe aws_launch_configuration('my-config') do - its('instance_type') { should eq 't3.micro'} -end -``` - -**Ensure a Launch Config is associated with the right IAM Profile.** - -```ruby -describe aws_launch_configuration('my-config') do - its('iam_instance_profile') { should eq 'iam-profile' } -end -``` - -**Ensure the Launch Config does not set a public IP.** - -```ruby -describe aws_launch_configuration('my-config') do - its('associate_public_ip_address') { should be false } -end -``` - -**Ensure the correct UserData is set on launched instances.** - -```ruby -describe aws_launch_configuration('my-config') do - its('user_data') { should include 'user-data' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_launch_configuration('AnExistingLC') do - it { should exist } -end -``` - -```ruby -describe aws_launch_configuration('ANonExistentLC') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="AutoScaling:Client:LaunchConfigurationsType" %}} -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups and launch configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_logs_metric_filter.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_logs_metric_filter.md deleted file mode 100644 index bc34a9d394..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_logs_metric_filter.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_logs_metric_filter Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_logs_metric_filter" -identifier = "inspec/resources/aws/aws_logs_metric_filter Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_logs_metric_filter` InSpec audit resource to test properties of a single specific AWS CloudWatch logs metric filter. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs MetricFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a work_group name exists. - -```ruby -describe aws_logs_metric_filter(filter_name: 'FILTER_NAME') do - it { should exist } -end -``` - -## Parameters - -`filter_name` _(required)_ - -: The name of the metric filter. - -## Properties - -`filter_name` -: The name of the metric filter. - -`filter_pattern` -: A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event can contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message. - -`metric_transformations (metric_name)` -: The metric transformations. The name of the CloudWatch metric. - -`metric_transformations (metric_namespace)` -: The metric transformations. A custom namespace to contain your metric in CloudWatch. Use namespaces to group together metrics that are similar. - -`metric_transformations (metric_value)` -: The metric transformations. The value to publish to the CloudWatch metric when a filter pattern matches a log event. - -`metric_transformations (default_value)` -: The metric transformations. The value to emit when a filter pattern does not match a log event. This value can be null. - -`creation_time` -: The creation time of the metric filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -`log_group_name` -: The name of the log group. - -## Examples - -**Ensure a filter name is available.** - -```ruby -describe aws_logs_metric_filter(filter_name: 'FILTER_NAME') do - its('filter_name') { should eq 'FilterName' } -end -``` - -**Ensure a log group name is available.** - -```ruby -describe aws_logs_metric_filter(filter_name: 'FILTER_NAME') do - its('log_group_name') { should eq 'LogGroupName' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_logs_metric_filter(filter_name: 'FILTER_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_logs_metric_filter(filter_name: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the filter name is available. - -```ruby -describe aws_logs_metric_filter(filter_name: 'FILTER_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeMetricFiltersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_logs_metric_filters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_logs_metric_filters.md deleted file mode 100644 index adae253d5e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_logs_metric_filters.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "aws_logs_metric_filters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_logs_metric_filters" -identifier = "inspec/resources/aws/aws_logs_metric_filters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_logs_metric_filters` InSpec audit resource to test properties of multiple AWS CloudWatch logs metric filters. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Logs MetricFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a filter name exists. - -```ruby -describe aws_logs_metric_filters do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`filter_names` -: The name of the metric filter. - -`filter_patterns` -: A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event can contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message. - -`metric_transformations` -: The metric transformations. - -`creation_times` -: The creation time of the metric filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. - -`log_group_names` -: The name of the log group. - -## Examples - -**Ensure a filter name is available.** - -```ruby -describe aws_logs_metric_filters do - its('filter_names') { should include 'FILTER_NAME' } -end -``` - -**Ensure a log group name is available.** - -```ruby -describe aws_logs_metric_filters do - its('log_group_names') { should include 'LOG_GROUP_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_logs_metric_filters do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_logs_metric_filters do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the filter name is available. - -```ruby -describe aws_logs_metric_filters do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="CloudWatchLogs:Client:DescribeMetricFiltersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_broker.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_broker.md deleted file mode 100644 index 18a38e513f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_broker.md +++ /dev/null @@ -1,173 +0,0 @@ -+++ -title = "aws_mq_broker Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_mq_broker" -identifier = "inspec/resources/aws/aws_mq_broker Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_mq_broker` InSpec audit resource to test the properties of a single specific AWS MQ Broker. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS MQ Broker](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amazonmq-broker.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS MQ Broker exists. - -```ruby -describe aws_mq_broker(broker_id: 'BROKER_ID') do - it { should exist } -end -``` - -## Parameters - -`broker_id` _(required)_ - -: broker_id: The ID of the AWS MQ broker. - -## Properties - -`authentication_strategy` -: The authentication strategy used to secure the broker. The default is `SIMPLE`. - -: **Field**: `authentication_strategy` - -`auto_minor_version_upgrade` -: Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. - -: **Field**: `auto_minor_version_upgrade` - -`broker_arn` -: The broker's Amazon Resource Name (ARN). - -: **Field**: `broker_arn` - -`broker_name` -: The name of the broker. - -: **Field**: `broker_name` - -`broker_state` -: The broker's status. - -: **Field**: `broker_state` - -`created` -: Creation time of the broker's profile. - -: **Field**: `created` - -`deployment_mode` -: The deployment mode of the broker. - -: **Field**: `deployment_mode` - -`engine_type` -: The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ.`. - -: **Field**: `engine_type` - -`engine_version` -: The version of the broker engine. - -: **Field**: `engine_version` - -`host_instance_type` -: The broker's instance type. - -: **Field**: `host_instance_type` - -`pending_engine_version` -: The broker engine version for the upgrade. - -: **Field**: `pending_engine_version` - -`pending_host_instance_type` -: The broker's host instance type for the upgrade. - -: **Field**: `pending_host_instance_type` - -`publicly_accessible` -: Enables connections from applications outside of the VPC that hosts the broker's subnets. - -: **Field**: `publicly_accessible` - -`storage_type` -: The broker's storage type. - -: **Field**: `storage_type` - -`subnet_ids` -: The list of groups defines which subnets and IP range the broker can use from different availability zones. If you specify more than one subnet, the subnets must be in different availability zones. Amazon MQ cannot create VPC endpoints for the broker with multiple subnets in the same availability zone. A `SINGLE_INSTANCE` deployment requires one subnet (for example, the default subnet). An `ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ)` requires two subnets. A `CLUSTER_MULTI_AZ deployment (RABBITMQ)` has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet. - -: **Field**: `subnet_ids` - -`tags` -: The list of all tags associated with this broker. - -: **Field**: `tags` - -## Examples - -**Ensure a broker ID is available.** - -```ruby -describe aws_mq_broker(broker_id: 'BROKER_ID') do - its('broker_id') { should eq 'BROKER_ID } -end -``` - -**Ensure a broker name is available.** - -```ruby -describe aws_mq_broker(broker_id: 'BROKER_ID') do - its('broker_name') { should eq 'BROKER_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_mq_broker(broker_id: 'BROKER_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_mq_broker(broker_id: 'DUMMY') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the mq broker is available. - -```ruby -describe aws_mq_broker(broker_id: 'BROKER_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="MQ:Client:DescribeBrokerResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_brokers.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_brokers.md deleted file mode 100644 index 61566cca51..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_brokers.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "aws_mq_brokers Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_mq_brokers" -identifier = "inspec/resources/aws/aws_mq_brokers Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_mq_brokers` InSpec audit resource to test the properties of multiple AWS MQ Broker. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS MQ Broker exists. - -```ruby -describe aws_mq_brokers do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on AWS MQ Broker](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amazonmq-broker.html). - -## Parameters - -This resource does not require any parameters. - -## Properties - -`broker_arns` -: The broker's Amazon Resource Name (ARN). - -: **Field**: `broker_arn` - -`broker_names` -: The name of the broker. This value must be unique in your AWS account, 1-50 characters long, contain only letters, numbers, dashes, and underscores, and not contain white spaces, brackets, wildcard characters, or special characters. - -: **Field**: `broker_name` - -`broker_states` -: The broker's status. - -: **Field**: `broker_state` - -`created` -: Creation time of the broker profile. - -: **Field**: `created` - -`deployment_modes` -: The deployment mode of the broker. Available values: `SINGLE_INSTANCE`', `ACTIVE_STANDBY_MULTI_AZ`, and `CLUSTER_MULTI_AZ`. - -: **Field**: `deployment_mode` - -`engine_types` -: The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ.`. - -: **Field**: `engine_type` - -`engine_versions` -: The version of the broker engine. - -: **Field**: `engine_version` - -`host_instance_types` -: The broker's instance type. - -: **Field**: `host_instance_type` - -## Examples - -**Ensure a broker is available.** - -```ruby -describe aws_mq_brokers do - its('broker_ids') { should include 'BROKER_ID' } -end -``` - -**Ensure that the status is correct.** - -```ruby -describe aws_mq_brokers do - its('broker_names') { should include 'BROKER_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_mq_brokers do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_mq_brokers do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the AWS MQ broker is available. - -```ruby -describe aws_mq_brokers do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="MQ:Client:ListBrokersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_configuration.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_configuration.md deleted file mode 100644 index 512313fdf4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_configuration.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "aws_mq_configuration Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_mq_configuration" -identifier = "inspec/resources/aws/aws_mq_configuration Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_mq_configuration` InSpec audit resource to test the properties of a single specific AWS MQ configuration. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS MQ configuration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amazonmq-configuration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS MQ configuration exists. - -```ruby -describe aws_mq_configuration(configuration_id: 'configuration_id') do - it { should exist } -end -``` - -## Parameters - -`configuration_id` _(required)_ - -`configuration_id` -: The configuration ID. - -## Properties - -`arn` -: The ARN of the configuration. - -: **Field**: `arn` - -`authentication_strategy` -: The authentication strategy associated with the configuration. The default is SIMPLE. - -: **Field**: `authentication_strategy` - -`created` -: The date and time of the configuration revision. - -: **Field**: `Created` - -`description` -: The description of the configuration. - -: **Field**: `description` - -`engine_type` -: The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ. - -: **Field**: `engine_type` - -`engine_version` -: The broker engine's version. For a list of supported engine versions. - -: **Field**: `engine_version` - -`id` -: The unique ID that Amazon MQ generates for the configuration. - -: **Field**: `id` - -`name` -: The name of the configuration. - -: **Field**: `name` - -`tags` -: The list of all tags associated with this configuration. - -: **Field**: `tags` - -## Examples - -**Ensure a configuration id is available.** - -```ruby -describe aws_mq_configuration(configuration_id: 'configuration_id') do - its('configuration_id') { should eq 'configuration_id' } -end -``` - -**Ensure a configuration name is available.** - -```ruby -describe aws_mq_configuration(configuration_id: 'configuration_id') do - its('configuration_name') { should eq 'configuration_name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_mq_configuration(configuration_id: 'configuration_id') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_mq_configuration(configuration_id: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the mq configuration is available. - -```ruby -describe aws_mq_configuration(configuration_id: 'configuration_id') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="MQ:Client:DescribeConfigurationResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_configurations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_configurations.md deleted file mode 100644 index d834b1b359..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_mq_configurations.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "aws_mq_configurations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_mq_configurations" -identifier = "inspec/resources/aws/aws_mq_configurations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_mq_configurations` InSpec audit resource to test the properties of multiple AWS MQ configuration. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that AWS MQ configuration exists. - -```ruby -describe aws_mq_configurations do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on AWS MQ configuration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amazonmq-configuration.html). - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arns` -: The ARN of the configuration. - -: **Field**: `arn` - -`authentication_strategies` -: The authentication strategy associated with the configuration. The default is SIMPLE. - -: **Field**: `authentication_strategy` - -`Created` -: The date and time of the configuration revision. - -: **Field**: `Created` - -`description` -: The description of the configuration. - -: **Field**: `description` - -`engine_types` -: The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ. - -: **Field**: `engine_type` - -`engine_versions` -: The broker engine's version. For a list of supported engine versions. - -: **Field**: `engine_version` - -`ids` -: The unique ID that Amazon MQ generates for the configuration. - -: **Field**: `id` - -`names` -: The name of the configuration. - -: **Field**: `name` - -`tags` -: The list of all tags associated with this configuration. - -: **Field**: `tags` - -## Examples - -**Ensure a configuration ID is available.** - -```ruby -describe aws_mq_configurations do - its('ids') { should include 'configuration_id' } -end -``` - -**Ensure a configuration name is available.** - -```ruby -describe aws_mq_configurations do - its('names') { should include 'configuration_name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_mq_configurations do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_mq_configurations do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the mq configuration is available. - -```ruby -describe aws_mq_configurations do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="MQ:Client:ListConfigurationsResponsegit" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_nat_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_nat_gateway.md deleted file mode 100644 index eab72b2a68..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_nat_gateway.md +++ /dev/null @@ -1,154 +0,0 @@ -+++ -title = "aws_nat_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_nat_gateway" -identifier = "inspec/resources/aws/aws_nat_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_nat_gateway` InSpec audit resource to test the properties of a single AWS NAT gateway. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_nat_gateway` resource block declares the tests for a single AWS NAT gateway by id, name, vpc_id or subnet_id. - -```ruby -describe aws_nat_gateway(id: 'nat-abc0123456789deff') do - it { should exist } -end -``` - -```ruby -describe aws_nat_gateway(name: 'my-nat-gateway') do - it { should exist } -end -``` - -Multiple parameters can be provided for better granularity. - -```ruby -describe aws_nat_gateway(vpc_id: 'vpc-abc01234', subnet_id: 'subnet-6789deff') do - it { should exist } -end -``` - - -## Parameters - -At least one of the following parameters must be provided. -- id -- name -- subnet_id -- vpc_id - -`id` - -: The value of the `nat_gateway_id` assigned by the AWS after the resource has been created. - This should be in the format of `nat-` followed by 8 or 17 hexadecimal characters and passed as an `id: 'value'` key-value entry in a hash. - -`name` - -: If a `Name` tag is applied to the NAT gateway, this can be used to lookup the resource. - This must be passed as a `name: 'value'` key-value entry in a hash. - If there are multiple NAT gateways with the same name, this resource will raise an error. - -`subnet_id` - -: The ID of the subnet in which the NAT gateway is placed. - This should be in the format of `subnet-` followed by 8 or 17 hexadecimal characters and passed as an `subnet_id: 'value'` key-value entry in a hash. - -`vpc_id` - -: The ID of the VPC in which the NAT gateway is located. - This should be in the format of `vpc-` followed by 8 or 17 hexadecimal characters and passed as an `vpc_id: 'value'` key-value entry in a hash. - - -## Properties - -`id` -: The ID of the NAT gateway. - -`name` -: The value of the `Name` tag. It is `nil` if not defined. - -`vpc_id` -: The ID of the VPC in which the NAT gateway is located. - -`subnet_id` -: The ID of the subnet in which the NAT gateway is placed. - -`tags` -: A hash, with each key-value pair corresponding to a NAT gateway tag. - -`nat_gateway_address_set` -: A hash of [NatGatewayAddress object](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_NatGatewayAddress.html) that gives information about the IP addresses and network interface associated with the NAT gateway. - -`state` -: The sate of the NAT gateway. Valid values are: `pending`, `failed`, `available`, `deleting` and `deleted`. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_NatGateway.html) - -## Examples - -**Test that the NAT gateway is in `available` state.** - -```ruby -describe aws_nat_gateway(name: 'my-nat-gateway') do - its('state') { should eq 'available' } -end -``` - -**Test that the ID of the VPC is `vpc-1234567890abcdef1`.** - -```ruby -describe aws_nat_gateway(id: 'nat-abc0123456789deff') do - its('vpc_id') { should eq `vpc-1234567890abcdef1` } -end -``` - -**Test that the NAT gateway has a certain tag.** - -```ruby -describe aws_nat_gateway(name: 'my-nat-gateway') do - its('tags') { should include('environment' => 'dev') } -**Regardless of the value.** - -end -``` - -**Test that the private IP address is `10.0.1.68`.** - -```ruby -describe aws_nat_gateway(vpc_id: 'vpc-abc01234', subnet_id: 'subnet-12345678') do - its('nat_gateway_address_set') { should include(:private_ip => '10.0.1.68') } -end -``` - -For more examples, see the [integration tests](https://github.com/inspec/inspec-aws/blob/main/test/integration/verify/controls/aws_nat_gateway.rb). - -## Matchers - -This InSpec audit resource has the following special matcher. For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - - -### exist - -```ruby -describe aws_nat_gateway(name: 'my-nat-gateway') do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNatGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_nat_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_nat_gateways.md deleted file mode 100644 index 7aa3178e85..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_nat_gateways.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_nat_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_nat_gateways" -identifier = "inspec/resources/aws/aws_nat_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_nat_gateways` InSpec audit resource to test the properties of all AWS NAT gateways owned by the AWS account. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_nat_gateways` resource block collects all of the NAT gateways and then tests that group. - -```ruby -describe aws_nat_gateways do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID of the NAT gateway. - -: **Field**: `id` - -`names` -: The value of the `Name` tag. It is `nil` if not defined. - -: **Field**: `name` - -`vpc_ids` -: The ID of the VPC in which the NAT gateway is located. - -: **Field**: `vpc_id` - -`subnet_ids` -: The ID of the subnet in which the NAT gateway is placed. - -: **Field**: `subnet_id` - -`tags` -: A hash, with each key-value pair corresponding to a NAT gateway tag. - -: **Field**: `tags` - -`states` -: The sate of the NAT gateway. Valid values are: `pending`, `failed`, `available`, `deleting` and `deleted`. - -: **Field**: `state` - -## Examples - -**Test that there are exactly 3 NAT gateways.** - -```ruby -describe aws_nat_gateways do - its('count') { should cmp 3 } -end -``` - -**Use this InSpec resource to request the ids of all NAT gateways, then test in-depth using `aws_nat_gateway` InSpec singular AWS resource.** - -```ruby -aws_nat_gateways.ids.each do |id| - describe aws_nat_gateway(id: id) do - its('state') { should eq 'available' } - end -end -``` - -For more examples, see the [integration tests](https://github.com/inspec/inspec-aws/blob/main/test/integration/verify/controls/aws_nat_gateways.rb). - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### exist - -The control will pass if the describe returns at least one result. -The field names described in the [properties table](##-properties) should be used for the `` in the `where` clause. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_nat_gateways.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_nat_gateways.where( : ) do - it { should_not exist } -end -``` - -Please see [here](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md) for more information on how to use filter table. - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNatGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_acl.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_acl.md deleted file mode 100644 index 52f48539ec..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_acl.md +++ /dev/null @@ -1,219 +0,0 @@ -+++ -title = "aws_network_acl Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_acl" -identifier = "inspec/resources/aws/aws_network_acl Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_acl` InSpec audit resource to test the properties of a single Amazon network ACL. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_network_acl` resource block declares the tests for a single Amazon network ACL by `network_acl_id`. - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should exist } -end -``` - -The value of the `network_acl_id` can be provided as a string. - -```ruby -describe aws_network_acl('acl-001db867a1898981b') do - it { should exist } -end -``` - -## Parameters - -The network ACL ID is required. - -`network_acl_id` _(required)_ - -: The ID of the network ACL: - -: - must contain between 1 and 50 alphanumeric characters or hyphens - - should start with `acl-` - - cannot end with a hyphen or contain two consecutive hyphens - -: It can be passed either as a string or as a `network_acl_id: 'value'` key-value entry in a hash. - -## Properties - -`network_acl_id` -: The ID of the network ACL. - -`is_default` -: Indicates whether this is the default network ACL for the VPC. - -`vpc_id` -: The ID of the VPC for the network ACL. - -`owner_id` -: The ID of the AWS account that owns the network ACL. - -`associated_subnet_ids` -: The ID of the associated subnets to the network ACL. - -`egress` -: All rules that are applied to traffic leaving the subnet. - -`ingress` -: All rules that are applied to traffic incoming to the subnet. - -`associations` -: All subnet associations on the network ACL. - -`tags` -: A hash with each key-value pair corresponding to a network ACL. - -`egress_rule_number_*`ACL_RULE_NUMBER`*` -: This is a dynamically formed property of the egress ACL rule for a specific *`ACL_RULE_NUMBER`*. See below for nested details and examples. - -`ingress_rule_number_*`ACL_RULE_NUMBER`*` -: This is a dynamically formed property of the ingress ACL rule for a specific *`ACL_RULE_NUMBER`*. See below for nested details and examples. - -### Nested Properties of dynamic egress and ingress rule number properties - -|Nested Property | Description | -| --- | --- | -|cidr_block | The IPv4 network range to allow or deny, in CIDR notation. | -|ipv_6_cidr_block | The IPv6 network range to allow or deny, in CIDR notation. | -|protocol | The protocol specified in the entry. Accepted values are: `tcp`, `udp`, `icmp`, or a protocol number. | -|rule_action | Allows or denies the matching traffic. Accepted values are: `allow` or `deny`. | -|rule_number | The number of an entry (in other words, rule) in the set of ACL entries. | -|port_range.from | The start of the port range specified in the entry. | -|port_range.to | The end of the port range specified in the entry. | -|icmp_type_cod.code | The ICMP code specified in the entry, if any. | -|icmp_type_code.type | The ICMP type specified in the entry, if any. | - -You can find detailed documentation at [NetworkAclEntry](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/Types/NetworkAclEntry.html) - -## Examples - -**Test that if a network ACL is default for the VPC.** - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should be_default } -end -``` - -**Test that the ID of the VPC is `vpc-00727fc4213acee4a`.** - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - its('vpc_id') { should eq 'vpc-00727fc4213acee4a' } -end -``` - -**Test that the Associated subnet IDs include `subnet-07a323891825bc312`.** - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - its('associated_subnet_ids') { should include 'subnet-07a323891825bc312' } -end -``` - -**Test that CIDR Block of ACL egress entry for rule number `100` is `10.3.0.0/18`.** - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - its('egress_rule_number_100.cidr_block') { should eq '10.3.0.0/18' } -end -``` - - -**Test that Port Ranges of ACL ingress entry for rule number `100` is `443`.** - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - its('ingress_rule_number_100.port_range.from') { should eq '443' } - its('ingress_rule_number_100.port_range.to') { should eq '443' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should exist } -end -``` - -### be_default - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should be_default } -end -``` - -### be_associated (to any subnet) - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should be_associated } -end -``` - -### have_associations - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should have_associations } - it { should have_associations(subnet_id: 'subnet-07a323891825bc312') } -end -``` - -### have_acl_entry_value - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should have_acl_entry_value(cidr_block: '10.3.0.0/18', egress: false, rule_action: 'allow') } -end -``` - -### have_egress - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should have_egress } - it { should have_egress(cidr_block: '10.3.0.0/18', rule_action: 'allow') } - it { should have_egress(rule_action: 'allow') } - it { should have_egress(cidr_block: '10.3.0.0/18') } -end -``` - -### have_ingress - -```ruby -describe aws_network_acl(network_acl_id: 'acl-001db867a1898981b') do - it { should have_ingress } - it { should have_ingress(cidr_block: '10.3.0.0/18', rule_action: 'allow') } - it { should have_ingress(rule_action: 'allow') } - it { should have_ingress(cidr_block: '10.3.0.0/18') } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkAclsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for network ACL](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_acls.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_acls.md deleted file mode 100644 index 986ec4a8cf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_acls.md +++ /dev/null @@ -1,218 +0,0 @@ -+++ -title = "aws_network_acls Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_acls" -identifier = "inspec/resources/aws/aws_network_acls Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_acls` InSpec audit resource to test the properties of all Amazon network ACLs. -To audit a single network ACL, use the `aws_network_acl` (singular) resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_network_acls` resource block collects a group of network ACL descriptions and then tests that group. - -```ruby -describe aws_network_acls - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`network_acl_ids` -: The IDs of all network ACLs. - -: **Field**: `network_acl_id` - -`vpc_ids` -: The IDs of all the VPCs of the network ACLs. - -: **Field**: `vpc_id` - -`default` -: The boolean flag to say whether the network ACL is default or not. - -: **Field**: `default` - -`default_network_acl_ids` -: The default network ACL IDs for all the VPCs. - -: **Field**: `default_network_acl_ids` - -`associated_subnet_ids` -: The ID of the associated subnets to all the network ACLs. - -: **Field**: `associated_subnet_ids` - -`network_acl_association_ids` -: The ID of the association between the subnets and the network ACLs. - -: **Field**: `network_acl_association_ids` - -`entries_cidr_blocks` -: The IPv4 network range to allow or deny, in CIDR notation of all the network ACLs. - -: **Field**: `entries_cidr_blocks` - -`entries_icmp_type_codes` -: The ICMP code specified in the entry for all the network ACLs. - -: **Field**: `entries_icmp_type_codes` - -`entries_icmp_type_code_types` -: The ICMP type specified in the entry for all the network ACLs. - -: **Field**: `entries_icmp_type_code_types` - -`entries_ipv_6_cidr_blocks` -: The IPv6 network range to allow or deny, in CIDR notation of all the network ACLs. - -: **Field**: `entries_ipv_6_cidr_blocks` - -`entries_port_ranges` -: The ports specified in the entry for all the network ACLs. - -: **Field**: `entries_port_ranges` - -`entries_protocols` -: The protocol specified in the entry for all the network ACLs. - -: **Field**: `entries_protocols` - -`entries_rule_actions` -: The rule to allow or deny the matching traffic for all the network ACLs. - -: **Field**: `entries_rule_actions` - -`entries_rule_numbers` -: The rule number of all ACL entries. - -: **Field**: `entries_rule_numbers` - -`egress_rule_numbers` -: The rule number of all egress ACL entries. - -: **Field**: `egress_rule_numbers` - -`ingress_rule_numbers` -: The rule number of all ingress ACL entries. - -: **Field**: `ingress_rule_numbers` - -`owner_ids` -: The ID of all the AWS accounts that owns all the network ACLs. - -: **Field**: `owner_ids` - -`tags` -: A hash, with each key-value pair corresponding to a network ACL tag. - -: **Field**: `tags` - -## Examples - -**Ensure that exactly three network ACLs exist.** - -```ruby -describe aws_network_acls do - its('count') { should eq 3 } -end -``` - -**Filter all network ACLs whose entries have rule number equal to 100.** - -```ruby -describe aws_network_acls.where { entries_rule_numbers.include?(100) } do - it { should exist } -end -``` - -**Filter all default network ACLs.** - -```ruby -describe aws_network_acls.where(default: true) do - it { should exist } -end -``` - -**Filter all network ACLs with associated subnet IDs matching `subnet-07a323891825bc312`.** - -```ruby -describe aws_network_acls.where { associated_subnet_ids.include?('subnet-07a323891825bc312') } do - it { should exist } -end -``` - -**Filter all network ACLs with entries CIDR blocks matching `10.3.0.0/18`.** - -```ruby -describe aws_network_acls.where { entries_cidr_blocks.include?('10.3.0.0/18') } do - it { should exist } -end -``` - -**Request the IDs of all network ACLs, then test in-depth using `aws_network_acl`.** - -```ruby -aws_network_acls.network_acl_ids.each do |network_acl_id| - describe aws_network_acl(network_acl_id) do - it { should be_default } - end -end -``` - -**Request the IDs of all network ACLs for rule number `100`, then test in-depth using `aws_network_acl`.** - -```ruby -aws_network_acls.where{ ingress_rule_numbers.include?(100) }.network_acl_ids.each do |network_acl_id| - describe aws_network_acl(network_acl_id) do - its('egress_rule_number_100.cidr_block') { should eq '10.3.0.0/18' } - its('egress_rule_number_100.protocol') { should eq '6' } - its('egress_rule_number_100.rule_action') { should eq 'allow' } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the 'describe' method returns at least one result. - -```ruby -describe aws_network_acls.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_network_acls.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeNetworkAclsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall.md deleted file mode 100644 index e7ad52f960..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall.md +++ /dev/null @@ -1,158 +0,0 @@ -+++ -title = "aws_network_firewall_firewall Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_firewall" -identifier = "inspec/resources/aws/aws_network_firewall_firewall Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_firewall` InSpec audit resource to test properties of a single specific AWS Network Firewall firewall. - -The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Firewall](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the firewall exists. - -```ruby -describe aws_network_firewall_firewall(firewall_name: "FIREWALL_NAME") do - it { should exist } -end -``` - -## Parameters - -`firewall_name` _(required)_ - -: The descriptive name of the firewall. - -## Properties - -`firewall.firewall_name` -: The descriptive name of the firewall. - -`firewall.firewall_arn` -: The Amazon Resource Name (ARN) of the firewall. - -`firewall.firewall_policy_arn` -: The Amazon Resource Name (ARN) of the firewall policy. - -`firewall.vpc_id` -: The unique identifier of the VPC where the firewall is in use. - -`firewall.subnet_mappings` -: The public subnets that Network Firewall is using for the firewall. - -`firewall.subnet_mappings.first.subnet_id` -: The unique identifier for the subnet. - -`firewall.delete_protection` -: A flag indicating whether it is possible to delete the firewall. - -`firewall.subnet_change_protection` -: A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. - -`firewall.firewall_policy_change_protection` -: A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. - -`firewall.description` -: A description of the firewall. - -`firewall.firewall_id` -: The unique identifier for the firewall. - -`firewall.tags` -: A key:value pair associated with an AWS resource. - -`firewall_status.status` -: The readiness of the configured firewall to handle network traffic across all of the Availability Zones where you've configured it. - -`firewall_status.configuration_sync_state_summary` -: The configuration sync state for the firewall. - -`firewall_status.sync_states` -: The subnets that you've configured for use by the Network Firewall firewall. - -`firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id` -: The unique identifier of the subnet that you've specified to be used for a firewall endpoint. - -`firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id` -: The identifier of the firewall endpoint that Network Firewall has instantiated in the subnet. - -`firewall_status.sync_states["AvailabilityZone"].attachment.status` -: The current status of the firewall endpoint in the subnet. - -`firewall_status.sync_states["AvailabilityZone"].config` -: The configuration status of the firewall endpoint in a single VPC subnet. - -`firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status` -: Indicates whether this object is in sync with the version indicated in the update token. - -`firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token` -: The current version of the object that is either in sync or pending synchronization. - -## Examples - -**Ensure a firewall name is available.** - -```ruby -describe aws_network_firewall_firewall(firewall_name: "FIREWALL_NAME") do - its('firewall.firewall_name') { should eq 'IAMFleetRole' } -end -``` - -**Ensure that the status is `READY`.** - -```ruby -describe aws_network_firewall_firewall(firewall_name: "FIREWALL_NAME") do - its('firewall_status.status') { should eq 'READY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_firewall(firewall_name: "FIREWALL_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_firewall(firewall_name: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_firewall_firewall(firewall_name: "FIREWALL_NAME") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:DescribeFirewallResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall_policies.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall_policies.md deleted file mode 100644 index d9ef99145b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall_policies.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "aws_network_firewall_firewall_policies Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_firewall_policies" -identifier = "inspec/resources/aws/aws_network_firewall_firewall_policies Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_firewall_policies` InSpec audit resource to test properties of multiple AWS Network Firewall Policy. - -The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the policy exists. - -```ruby -describe aws_network_firewall_firewall_policies do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`firewall_names` -: The descriptive name of the firewall. - -: **Field**: `firewall_name` - -`firewall_arns` -: The Amazon Resource Name (ARN) of the firewall. - -: **Field**: `firewall_arn` - -## Examples - -**Ensure a policy name is available.** - -```ruby -describe aws_network_firewall_firewall_policies do - its('names') { should include 'FIREWALL_NAME' } -end -``` - -**Ensure that the policy arn is available.** - -```ruby -describe aws_network_firewall_firewall_policies do - its('arns') { should include 'POLICY_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `List` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_firewall_policies do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_firewall_policies do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:ListFirewallPoliciesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall_policy.md deleted file mode 100644 index 0c42fbcfb5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewall_policy.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "aws_network_firewall_firewall_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_firewall_policy" -identifier = "inspec/resources/aws/aws_network_firewall_firewall_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_firewall_policy` InSpec audit resource to test properties of a single specific AWS Network Firewall policy. - -The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Firewall](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the firewall exists. - -```ruby -describe aws_network_firewall_firewall_policy(firewall_policy_name: 'FIREWALL_POLICY_NAME') do - it { should exist } -end -``` - -## Parameters - -`firewall_policy_name` _(required)_ - -: The descriptive name of the firewall. - -## Properties - -`update_token` -: A token used for optimistic locking. - -`firewall_policy_response.firewall_policy_name` -: The descriptive name of the firewall policy. - -`firewall_policy_response.firewall_policy_arn` -: The Amazon Resource Name (ARN) of the firewall policy. - -`firewall_policy_response.firewall_policy_id` -: The unique identifier for the firewall policy. - -`firewall_policy_response.description` -: A description of the firewall policy. - -`firewall_policy_response.firewall_policy_status` -: The current status of the firewall policy. - -`firewall_policy_response.tags` -: The key:value pairs to associate with the resource. - -`firewall_policy.stateless_rule_group_references` -: References to the stateless rule groups that are used in the policy. - -`firewall_policy.stateless_rule_group_references.first.resource_arn` -: The Amazon Resource Name (ARN) of the stateless rule group. - -`firewall_policy.stateless_rule_group_references.first.priority` -: An integer setting that indicates the order in which to run the stateless rule groups in a single FirewallPolicy. - -`firewall_policy.stateless_default_actions` -: The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. - -`firewall_policy.stateless_fragment_default_actions` -: The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. - -`firewall_policy.stateless_custom_actions` -: The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. - -`firewall_policy.stateless_custom_actions.first.action_name` -: The descriptive name of the custom action. - -`firewall_policy.stateless_custom_actions.first.action_definition.publish_metric_action.dimensions` -: The value to use in an Amazon CloudWatch custom metric dimension. - -`firewall_policy.stateful_rule_group_references` -: References to the stateless rule groups that are used in the policy. - -`firewall_policy.stateful_rule_group_references.first.resource_arn` -: The Amazon Resource Name (ARN) of the stateful rule group. - -## Examples - -**Ensure a update token is available.** - -```ruby -describe aws_network_firewall_firewall_policy(firewall_policy_name: 'FIREWALL_POLICY_NAME') do - its('update_token') { should eq 'UPDATE_TOKEN' } -end -``` - -**Ensure a policy name is available.** - -```ruby -describe aws_network_firewall_firewall_policy(firewall_policy_name: 'FIREWALL_POLICY_NAME') do - its('firewall_policy_response.firewall_policy_name') { should eq 'FIREWALL_POLICY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_firewall_policy(firewall_policy_name: 'FIREWALL_POLICY_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_firewall_policy(firewall_policy_name: 'FIREWALL_POLICY_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_firewall_firewall_policy(firewall_policy_name: 'FIREWALL_POLICY_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:DescribeFirewallPolicyResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewalls.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewalls.md deleted file mode 100644 index 2a29e4cc8c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_firewalls.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "aws_network_firewall_firewalls Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_firewalls" -identifier = "inspec/resources/aws/aws_network_firewall_firewalls Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_firewalls` InSpec audit resource to test properties of multiple AWS Network Firewall firewalls. - -The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Firewall](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the firewall exists. - -```ruby -describe aws_network_firewall_firewalls do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`firewall_names` -: The descriptive name of the firewall. - -: **Field**: `firewall_name` - -`firewall_arns` -: The Amazon Resource Name (ARN) of the firewall. - -: **Field**: `firewall_arn` - -## Examples - -**Ensure a firewall name is available.** - -```ruby -describe aws_network_firewall_firewalls do - its('firewall_names') { should include 'FIREWALL_NAME' } -end -``` - -**Ensure that the firewall ARN is `FIREWALL_ARN`.** - -```ruby -describe aws_network_firewall_firewalls do - its('firewall_arns') { should include 'FIREWALL_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_firewalls do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_firewalls do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_firewall_firewalls do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:DescribeFirewallResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_logging_configuration.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_logging_configuration.md deleted file mode 100644 index 97adbb5820..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_logging_configuration.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_network_firewall_logging_configuration Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_logging_configuration" -identifier = "inspec/resources/aws/aws_network_firewall_logging_configuration Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_logging_configuration` InSpec audit resource to test properties of a single specific AWS Network Firewall Logging Configuration. - -The `AWS::NetworkFirewall::LoggingConfiguration` resource defines the destinations and logging options for an [`AWS::NetworkFirewall::Firewall`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html). - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Logging Configuration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-loggingconfiguration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the firewall exists. - -```ruby -describe aws_network_firewall_logging_configuration(firewall_name: 'FIREWALL_NAME') do - it { should exist } -end -``` - -## Parameters - -`firewall_name` _(required)_ - -: The Amazon Resource Name (ARN) of the firewall. - -## Properties - -`firewall_arn` -: The Amazon Resource Name (ARN) of the firewall. - -`logging_configuration_log_destination_configs_log_type` -: The type of log to send. - -`logging_configuration_log_destination_configs_log_destination_type` -: The type of storage destination to send these logs to. - -`logging_configuration_log_destination_configs_log_destination` -: The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type. - -## Examples - -**Ensure a firewall ARN is available.** - -```ruby -describe aws_network_firewall_logging_configuration(firewall_name: 'FIREWALL_NAME') do - its('firewall_arn') { should eq 'FIREWALL_ARN' } -end -``` - -**Ensure that the log type is available.** - -```ruby -describe aws_network_firewall_logging_configuration(firewall_name: 'FIREWALL_NAME') do - its('logging_configuration_log_destination_configs_log_type') { should eq 'LOG_TYPE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_logging_configuration(firewall_name: 'FIREWALL_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_logging_configuration(firewall_name: 'FIREWALL_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_firewall_logging_configuration(firewall_name: 'FIREWALL_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:DescribeFirewallResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_rule_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_rule_group.md deleted file mode 100644 index 2b116db53c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_rule_group.md +++ /dev/null @@ -1,236 +0,0 @@ -+++ -title = "aws_network_firewall_rule_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_rule_group" -identifier = "inspec/resources/aws/aws_network_firewall_rule_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_rule_group` InSpec audit resource to test properties of a single specific AWS Network Firewall rule group. - -The `AWS::NetworkFirewall::RuleGroup` resource defines a reusable collection of stateless or stateful network traffic filtering rules. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Rule Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the firewall exists. - -```ruby -describe aws_network_firewall_rule_group(rule_group_name: "RULE_GROUP_NAME") do - it { should exist } -end -``` - -## Parameters - -`rule_group_name` _(required)_ - -: The descriptive name of the rule group. - -## Properties - -`update_token` -: A token used for optimistic locking. - -`rule_group.rule_variables.ip_sets` -: A list of IP addresses and address ranges, in CIDR notation. - -`rule_group.rule_variables.ip_sets["RuleVariableName"].definition` -: The list of IP addresses and address ranges, in CIDR notation. - -`rule_group.rule_variables.port_sets` -: A list of port ranges. - -`rule_group.rule_variables.port_sets["RuleVariableName"].definition` -: The set of port ranges. - -`rule_group.rules_source.rules_string` -: Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. - -`rule_group.rules_source.rules_source_list.targets` -: The domains that you want to inspect for in your traffic flows. - -`rule_group.rules_source.rules_source_list.target_types` -: The protocols you want to inspect. Specify TLS_SNI for HTTPS. - -`rule_group.rules_source.rules_source_list.generated_rules_type` -: Whether you want to allow or deny access to the domains in your target list. - -`rule_group.rules_source.stateful_rules` -: The 5-tuple stateful inspection criteria. - -`rule_group.rules_source.stateful_rules.first.action` -: Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. - -`rule_group.rules_source.stateful_rules.first.header.protocol` -: The protocol to inspect for. - -`rule_group.rules_source.stateful_rules.first.header.source` -: The source IP address or address range to inspect for, in CIDR notation. - -`rule_group.rules_source.stateful_rules.first.header.source_port` -: The source port to inspect for. - -`rule_group.rules_source.stateful_rules.first.header.direction` -: The direction of traffic flow to inspect. - -`rule_group.rules_source.stateful_rules.first.header.destination` -: The destination IP address or address range to inspect for, in CIDR notation. - -`rule_group.rules_source.stateful_rules.first.header.destination_port` -: The destination port to inspect for. - -`rule_group.rules_source.stateful_rules.first.rule_options` -: Additional settings for a stateful rule. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules` -: Defines the set of stateless rules for use in a stateless rule group. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.sources` -: The source IP addresses and address ranges to inspect for. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.sources.first.address_definition` -: Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.destinations` -: The destination IP addresses and address ranges to inspect for, in CIDR notation. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.destinations.first.address_definition` -: Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.source_ports` -: The source ports to inspect for. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.source_ports.first.from_port` -: The lower limit of the port range. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.source_ports.first.to_port` -: The upper limit of the port range. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.destination_ports` -: The destination ports to inspect for. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.destination_ports.first.from_port` -: The lower limit of the port range. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.destination_ports.first.to_port` -: The upper limit of the port range. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.protocols` -: The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA). - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.tcp_flags` -: The TCP flags and masks to inspect for. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.tcp_flags.first.flags` -: Used in conjunction with the Masks setting to define the flags that must be set and flags that must not be set in order for the packet to match. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.match_attributes.tcp_flags.first.masks` -: The set of flags to consider in the inspection. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.rule_definition.actions` -: The actions to take on a packet that matches one of the stateless rule definition's match attributes. - -`rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rules.first.priority` -: A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. - -`rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions` -: Defines an array of individual custom action definitions that are available for use by the stateless rules in this StatelessRulesAndCustomActions specification. - -`rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions.first.action_name` -: The descriptive name of the custom action. - -`rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions.first.action_definition.publish_metric_action.dimensions` -: The value to use in an Amazon CloudWatch custom metric dimension. - -`rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions.first.action_definition.publish_metric_action.dimensions.first.value` -: The value to use in the custom metric dimension. - -`rule_group_response.rule_group_arn` -: The Amazon Resource Name (ARN) of the rule group. - -`rule_group_response.rule_group_name` -: The descriptive name of the rule group. - -`rule_group_response.rule_group_id` -: The unique identifier for the rule group. - -`rule_group_response.description` -: A description of the rule group. - -`rule_group_response.type` -: Indicates whether the rule group is stateless or stateful. - -`rule_group_response.capacity` -: The maximum operating resources that this rule group can use. - -`rule_group_response.rule_group_status` -: Detailed information about the current status of a rule group. - -`rule_group_response.tags` -: The key:value pairs to associate with the resource. - -## Examples - -**Ensure an update token is available.** - -```ruby -describe aws_network_firewall_rule_group(rule_group_name: "RULE_GROUP_NAME") do - its('update_token') { should eq 'UPDATE_TOKEN' } -end -``` - -**Ensure that the rule group arn is `RuleGroupARN`.** - -```ruby -describe aws_network_firewall_rule_group(rule_group_name: "RULE_GROUP_NAME") do - its('rule_group_response.rule_group_arn') { should eq 'ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_rule_group(rule_group_name: "RULE_GROUP_NAME") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_rule_group(rule_group_name: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_firewall_rule_group(rule_group_name: "RULE_GROUP_NAME") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:DescribeRuleGroupResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_rule_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_rule_groups.md deleted file mode 100644 index 6e842559d9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_firewall_rule_groups.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "aws_network_firewall_rule_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_firewall_rule_groups" -identifier = "inspec/resources/aws/aws_network_firewall_rule_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_firewall_rule_groups` InSpec audit resource to test properties of multiple AWS Network Firewall rule groups. - -The `AWS::NetworkFirewall::RuleGroup` resource defines a reusable collection of stateless or stateful network traffic filtering rules. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Firewall Rule Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the rule group exists. - -```ruby -describe aws_network_firewall_rule_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The descriptive name of the rule group. - -: **Field**: `name` - -`arns` -: The Amazon Resource Name (ARN) of the rule group. - -: **Field**: `arn` - -## Examples - -**Ensure a name is available.** - -```ruby -describe aws_network_firewall_rule_groups do - its('names') { should include 'RULE_GROUP_NaAME' } -end -``` - -**Ensure that the arn is available.** - -```ruby -describe aws_network_firewall_rule_groups do - its('arns') { should include 'ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_firewall_rule_groups do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_firewall_rule_groups do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkFirewall:Client:ListRuleGroupsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_customer_gateway_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_customer_gateway_association.md deleted file mode 100644 index 2e5310e15c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_customer_gateway_association.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "aws_network_manager_customer_gateway_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_manager_customer_gateway_association" -identifier = "inspec/resources/aws/aws_network_manager_customer_gateway_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_manager_customer_gateway_association` InSpec audit resource to test properties of a single specific AWS Network Manager customer gateway association. - -The `AWS::NetworkManager::CustomerGatewayAssociation` resource specifies an association between a customer gateway, a device, and optionally, a link. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Manager Customer Gateway Association.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkmanager-customergatewayassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the customer gateway association exists. - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID', customer_gateway_arn: 'CUSTOMER_GATEWAY_ARN') do - it { should exist } -end -``` - -## Parameters - -`global_network_id` _(required)_ - -: The ID of the global network. - -`customer_gateway_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the customer gateway. - -## Properties - -`customer_gateway_arn` -: The Amazon Resource Name (ARN) of the customer gateway. - -`global_network_id` -: The ID of the global network. - -`device_id` -: The ID of the device. - -`link_id` -: The ID of the link. - -`state` -: The association state. - -## Examples - -**Ensure a customer gateway arn is available.** - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID', customer_gateway_arn: 'CUSTOMER_GATEWAY_ARN') do - its('customer_gateway_arn') { should eq 'CustomerGatewayARN' } -end -``` - -**Ensure that the state is `active`.** - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID', customer_gateway_arn: 'CUSTOMER_GATEWAY_ARN') do - its('state') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID', customer_gateway_arn: 'CUSTOMER_GATEWAY_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID', customer_gateway_arn: 'CUSTOMER_GATEWAY_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID', customer_gateway_arn: 'CUSTOMER_GATEWAY_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkManager:Client:GetCustomerGatewayAssociationsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_customer_gateway_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_customer_gateway_associations.md deleted file mode 100644 index 0ea9ea2e8a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_customer_gateway_associations.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "aws_network_manager_customer_gateway_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_manager_customer_gateway_associations" -identifier = "inspec/resources/aws/aws_network_manager_customer_gateway_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_manager_customer_gateway_associations` InSpec audit resource to test properties of multiple AWS Network Manager customer gateway associations. - -The `AWS::NetworkManager::CustomerGatewayAssociation` resource specifies an association between a customer gateway, a device, and optionally, a link. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Manager Customer Gateway Association.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkmanager-customergatewayassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the customer gateway association exists. - -```ruby -describe aws_network_manager_customer_gateway_associations(global_network_id: "GLOBAL_NETWORK_ID") do - it { should exist } -end -``` - -## Parameters - -`global_network_id` _(required)_ - -: The ID of the global network. - -## Properties - -`customer_gateway_arns` -: The Amazon Resource Name (ARN) of the customer gateway. - -: **Field**: `customer_gateway_arn` - -`global_network_ids` -: The ID of the global network. - -: **Field**: `global_network_id` - -`device_ids` -: The ID of the device. - -: **Field**: `device_id` - -`link_ids` -: The ID of the link. - -: **Field**: `link_id` - -`states` -: The association state. - -: **Field**: `state` - -## Examples - -**Ensure a customer gateway arn is available.** - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID') do - its('customer_gateway_arns') { should include 'CustomerGatewayARN' } -end -``` - -**Ensure that the state is `active`.** - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID') do - its('states') { should include 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_manager_customer_gateway_association(global_network_id: "dummy") do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkManager:Client:GetCustomerGatewayAssociationsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_device.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_device.md deleted file mode 100644 index 32c6273769..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_device.md +++ /dev/null @@ -1,166 +0,0 @@ -+++ -title = "aws_network_manager_device Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_manager_device" -identifier = "inspec/resources/aws/aws_network_manager_device Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_manager_device` InSpec audit resource to test properties of a single specific AWS Network Manager device. - -The `AWS::NetworkManager::Device` resource gets information about one or more of your devices in a global network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Manager Device](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkmanager-device.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a device exists. - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -## Parameters - -`device_id` _(required)_ - -: The ID of the device. - -`global_network_id` _(required)_ - -: The ID of the global network. - -## Properties - -`device_id` -: The ID of the device. - -`device_arn` -: The Amazon Resource Name (ARN) of the device. - -`global_network_id` -: The ID of the global network. - -`aws_location.zone` -: The Zone the device is located in. This can be the ID of an Availability Zone, Local Zone, Wavelength Zone, or an Outpost. - -`aws_location.subnet_arn` -: The Amazon Resource Name (ARN) of the subnet the device is located in. - -`description` -: The description of the device. - -`type` -: The device type. - -`vendor` -: The device vendor. - -`model` -: The device model. - -`serial_number` -: The device serial number. - -`location.address` -: The physical address of the location. - -`location.latitude` -: The latitude of the location. - -`location.longitude` -: The longitude of the location. - -`site_id` -: The site ID. - -`created_at` -: The date and time that the site was created. - -`state` -: The device state. - -`tags` -: The tags for the device. - -## Examples - -**Ensure a device ID is available.** - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - its('device_id') { should eq 'DEVICE_ID' } -end -``` - -**Ensure a global network ID is available.** - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - its('global_network_id') { should eq 'GLOBAL_NETWORK_ID' } -end -``` - -**Ensure a zone is available.** - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - its('aws_location.zone') { should eq 'ZONE_NAME' } -end -``` - -**Ensure that the state is `AVAILABLE`.** - -```ruby -describe aws_network_manager_global_network(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - its('state') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_manager_device(device_id: 'DEVICE_ID', global_network_id: 'GLOBAL_NETWORK_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkManager:Client:GetDevicesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_devices.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_devices.md deleted file mode 100644 index dff37dd59b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_devices.md +++ /dev/null @@ -1,181 +0,0 @@ -+++ -title = "aws_network_manager_devices Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_manager_devices" -identifier = "inspec/resources/aws/aws_network_manager_devices Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_manager_devices` InSpec audit resource to test properties of multiple AWS Network Manager devices. - -The `AWS::NetworkManager::Device` resource gets information about one or more of your devices in a global network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Manager Device](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkmanager-device.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a device exists. - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -## Parameters - -`global_network_id` _(required)_ - -: The ID of the global network. - -## Properties - -`device_ids` -: The ID of the device. - -: **Field**: `device_id` - -`device_arns` -: The Amazon Resource Name (ARN) of the device. - -: **Field**: `device_arn` - -`global_network_ids` -: The ID of the global network. - -: **Field**: `global_network_id` - -`location_zones` -: The Zone the device is located in. This can be the ID of an Availability Zone, Local Zone, Wavelength Zone, or an Outpost. - -: **Field**: `zone` - -`location_subnet_arns` -: The Amazon Resource Name (ARN) of the subnet the device is located in. - -: **Field**: `subnet_arn` - -`descriptions` -: The description of the device. - -: **Field**: `description` - -`types` -: The device type. - -: **Field**: `type` - -`vendors` -: The device vendor. - -: **Field**: `vendor` - -`models` -: The device model. - -: **Field**: `model` - -`addresses` -: The physical address of the location. - -: **Field**: `address` - -`latitudes` -: The latitude of the location. - -: **Field**: `latitude` - -`longitudes` -: The longitude of the location. - -: **Field**: `longitude` - -`site_ids` -: The site ID. - -: **Field**: `site_id` - -`created_at` -: The date and time that the site was created. - -: **Field**: `created_at` - -`states` -: The device state. - -: **Field**: `state` - -`tags` -: The tags for the device. - -: **Field**: `tags` - -## Examples - -**Ensure a device ID is available.** - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - its('device_ids') { should include 'DEVICE_ID' } -end -``` - -**Ensure a global network ID is available.** - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - its('global_network_ids') { should include 'GLOBAL_NETWORK_ID' } -end -``` - -**Ensure a location zone is available.** - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - its('location_zones') { should include 'ZONE_NAME' } -end -``` - -**Ensure that the state is `AVAILABLE`.** - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - its('states') { should include 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_manager_devices(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkManager:Client:GetDevicesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_global_network.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_global_network.md deleted file mode 100644 index d30539d937..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_global_network.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_network_manager_global_network Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_manager_global_network" -identifier = "inspec/resources/aws/aws_network_manager_global_network Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_manager_global_network` InSpec audit resource to test properties of a specific AWS Network Manager global network. - -The `AWS::NetworkManager::GlobalNetwork` resource describes one or more global networks. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Manager Global Network](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkmanager-globalnetwork.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that Global Network ID exists. - -```ruby -describe aws_network_manager_global_network(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -## Parameters - -`global_network_id` _(required)_ - -: The ID of the global network. - -## Properties - -`global_network_id` -: The ID of the global network. - -`global_network_arn` -: The Amazon Resource Name (ARN) of the global network. - -`description` -: The description of the global network. - -`created_at` -: The date and time that the global network was created. - -`state` -: The state of the global network. - -`tags` -: The tags for the global network. - -## Examples - -**Ensure a global network ID is available.** - -```ruby -describe aws_network_manager_global_network(global_network_id: 'GLOBAL_NETWORK_ID') do - its('global_network_id') { should eq 'GLOBAL_NETWORK_ID' } -end -``` - -**Ensure that the state is `AVAILABLE`.** - -```ruby -describe aws_network_manager_global_network(global_network_id: 'GLOBAL_NETWORK_ID') do - its('state') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_manager_global_network(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_manager_global_network(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_network_manager_global_network(global_network_id: 'GLOBAL_NETWORK_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkManager:Client:DescribeGlobalNetworksResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_global_networks.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_global_networks.md deleted file mode 100644 index 52a191ee25..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_network_manager_global_networks.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_network_manager_global_networks Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_network_manager_global_networks" -identifier = "inspec/resources/aws/aws_network_manager_global_networks Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_network_manager_global_networks` InSpec audit resource to test properties of a single specific AWS Network Manager global network. - -The `AWS::NetworkManager::GlobalNetwork` resource describes one or more global networks. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Network Manager Global Network](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkmanager-globalnetwork.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that Global Network ID exists. - -```ruby -describe aws_network_manager_global_networks do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`global_network_ids` -: global_network_id. - -`global_network_arns` -: global_network_arn. - -`descriptions` -: description. - -`created_at` -: created_at. - -`states` -: state. - -`tags` -: tags. - -## Examples - -**Ensure a Global Network ID is available.** - -```ruby -describe aws_network_manager_global_networks do - its('global_network_ids') { should include 'GLOBAL_NETWORK_ID' } -end -``` - -**Ensure that the state is `AVAILABLE`.** - -```ruby -describe aws_network_manager_global_networks do - its('states') { should include 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_network_manager_global_networks do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_network_manager_global_networks do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="NetworkManager:Client:DescribeGlobalNetworksResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_organizations_member.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_organizations_member.md deleted file mode 100644 index 39e75c3186..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_organizations_member.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "aws_organizations_member Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_organizations_member" -identifier = "inspec/resources/aws/aws_organizations_member Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_organizations_member` InSpec audit resource to test the current AWS Account being used within an organization. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_organizations_member` resource block tests if the current AWS Account is the Master Account. - -The `master` matcher will return `true` or `false` accordingly. -You may also verify that the `master_account_id` and `master_account_arn` properties match known values. - -If the current AWS Account _**is**_ the Master Account, you may also access properties of that account. - -```ruby -describe aws_organizations_member do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`master_account_id` -: The ID of the AWS Organizations Master Account. - -`master_account_arn` -: The ARN of the AWS Organizations Master Account. - -_**If the current Account is the Master Account, the following properties are also available:**_ - -|Property | Description| -| --- | --- | -|account_id | The ID of the current Account. | -|account_arn | The ARN of the current Account. | -|account_name | The Name of the current Acccount. | -|account_email | The Email address associated with the current Account. | - -## Examples - -**Ensure you are a child account with a certain ID for the top level account.** - -```ruby -describe aws_organizations_member do - it { should_not be_master } - its('master_account_id') { should cmp '56845218745' } -end -``` - -**Ensure you are the top level account, with the right name and email associated.** - -```ruby -describe aws_organizations_member do - it { should be_master } - its('account_name') { should eq 'MyAWSMasterAccount' } - its('account_email') { should eq 'aws.admin@org.com' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_master - -The `be_master` matcher tests if the account is a 'master' AWS Account. - -```ruby -it { should_not be_master } -``` - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -it { should exist } -``` \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ram_resource_share.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ram_resource_share.md deleted file mode 100644 index d79fbfd868..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ram_resource_share.md +++ /dev/null @@ -1,127 +0,0 @@ -+++ -title = "aws_ram_resource_share Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ram_resource_share" -identifier = "inspec/resources/aws/aws_ram_resource_share Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ram_resource_share` InSpec audit resource to test properties of a single specific AWS RAM resource share. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RAM Resource Share](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a resource exists. - -```ruby -describe aws_ram_resource_share(resource_owner: 'SELF', resource_share_arn: 'RESOURCE_SHARE_ARN') do - it { should exist } -end -``` - -## Parameters - -`resource_owner` _(required)_ - -: The type of owner. Possible values: `SELF` and `OTHER-ACCOUNTS`. - -`resource_share_arn` _(required)_ - -: The Amazon Resource Name (ARN) of the resource share. - -## Properties - -`resource_share_arn` -: The Amazon Resource Name (ARN) of the resource share. - -`name` -: The name of the resource share. - -`owning_account_id` -: The ID of the AWS account that owns the resource share. - -`allow_external_principals` -: Indicates whether principals outside your AWS organization can be associated with a resource share. - -`status` -: The status of the resource share. - -`status_message` -: A message about the status of the resource share. - -`tags` -: The tags for the resource share. - -`creation_time` -: The time when the resource share was created. - -`last_updated_time` -: The time when the resource share was last updated. - -`feature_set` -: Indicates how the resource share was created. Possible values include `CREATED_FROM_POLICY`, `PROMOTING_TO_STANDARD`, and `STANDARD`. - -## Examples - -**Ensure a resource share ARN is available.** - -```ruby -describe aws_ram_resource_share(resource_owner: 'SELF', resource_share_arn: 'RESOURCE_SHARE_ARN') do - its('resource_share_arn') { should eq 'RESOURCE_SHARE_ARN' } -end -``` - -**Ensure a resource name is available.** - -```ruby -describe aws_ram_resource_share(resource_owner: 'SELF', resource_share_arn: 'RESOURCE_SHARE_ARN') do - its('name') { should eq 'RESOURCE_SHARE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ram_resource_share(resource_owner: 'SELF', resource_share_arn: 'RESOURCE_SHARE_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ram_resource_share(resource_owner: 'SELF', resource_share_arn: 'RESOURCE_SHARE_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the work_group name is available. - -```ruby -describe aws_ram_resource_share(resource_owner: 'SELF', resource_share_arn: 'RESOURCE_SHARE_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RAM:Client:GetResourceSharesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ram_resource_shares.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ram_resource_shares.md deleted file mode 100644 index a2ed131040..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ram_resource_shares.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_ram_resource_shares Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ram_resource_shares" -identifier = "inspec/resources/aws/aws_ram_resource_shares Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ram_resource_shares` InSpec audit resource to test properties of multiple AWS RAM resource shares. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RAM Resource Share](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a resource exists. - -```ruby -describe aws_ram_resource_shares(resource_owner: 'SELF') do - it { should exist } -end -``` - -## Parameters - -`resource_owner` _(required)_ - -: The type of owner. Possible values: `SELF` and `OTHER-ACCOUNTS`. - -## Properties - -`resource_share_arns` -: The Amazon Resource Name (ARN) of the resource share. - -`names` -: The name of the resource share. - -`owning_account_ids` -: The ID of the AWS account that owns the resource share. - -`allow_external_principals` -: Indicates whether principals outside your AWS organization can be associated with a resource share. - -`statuses` -: The status of the resource share. - -`status_messages` -: A message about the status of the resource share. - -`tags` -: The tags for the resource share. - -`creation_times` -: The time when the resource share was created. - -`last_updated_times` -: The time when the resource share was last updated. - -`feature_sets` -: Indicates how the resource share was created. Possible values include `CREATED_FROM_POLICY`, `PROMOTING_TO_STANDARD`, and `STANDARD`. - -## Examples - -**Ensure a resource ARN is available.** - -```ruby -describe aws_ram_resource_shares(resource_owner: 'SELF') do - its('resource_share_arns') { should include 'RESOURCE_SHARE_ARN' } -end -``` - -**Ensure that a resource share has an `ACTIVE` status.** - -```ruby -describe aws_ram_resource_shares(resource_owner: 'SELF') do - its('statuses') { should include 'ACTIVE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ram_resource_shares(resource_owner: 'SELF') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ram_resource_shares(resource_owner: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the resource is available. - -```ruby -describe aws_ram_resource_shares(resource_owner: 'SELF') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RAM:Client:GetResourceSharesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_cluster.md deleted file mode 100644 index 9d3a58fe3e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_cluster.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_rds_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_cluster" -identifier = "inspec/resources/aws/aws_rds_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_cluster` InSpec audit resource to test detailed properties of an individual RDS cluster. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -For additional information, including details on parameters and properties, see the [AWS documentation on RDS cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_rds_cluster` resource block uses resource parameters to search for an RDS cluster, and then tests that RDS cluster. If no RDS clusters match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one RDS cluster matches (due to vague search parameters), an error is raised. - -```ruby -describe aws_rds_cluster('test-cluster-id') do - it { should exist } -end -``` - - # Can also use hash syntax -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'test-cluster-id') do - it { should exist } -end -``` - -## Parameters - -`db_cluster_identifier` _(required)_ - -: This resource accepts a single parameter, the user-supplied cluster identifier. This parameter isn't case-sensitive. - This can be passed either as a string or as a `db_cluster_identifier: 'value'` key-value entry in a hash. - -## Properties - -For a comprehensive list of properties available to test on an RDS cluster see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/DBCluster.html). - -## Examples - -**Test the engine used with an RDS cluster.** - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do - its('engine') { should eq 'mysql' } - its('engine_version') { should eq '5.6.37' } -end -``` - -**Test the storage allocated to an RDS cluster.** - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do - its('storage_encrypted') { should eq true } - its('allocated_storage') { should eq 10 } -end -``` - -**Test the cluster status and master username.** - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do - its('master_username') { should eq 'db-maintain' } - its('status') { should eq 'available' } -end -``` - -**Test the maximum and minimum capacity of a serverless RDS cluster.** - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do - its('scaling_configuration_info.min_capacity') { should eq 2 } - its('scaling_configuration_info.max_capacity') { should eq 64 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'AnExistingRDS') do - it { should exist } -end -``` - -```ruby -describe aws_rds_cluster(db_cluster_identifier: 'ANonExistentRDS') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBClusterMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_clusters.md deleted file mode 100644 index 7e7f038527..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_clusters.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_rds_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_clusters" -identifier = "inspec/resources/aws/aws_rds_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_clusters` InSpec audit resource to test properties of a collection of AWS RDS clusters. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure you have exactly 3 clusters - -```ruby -describe aws_rds_clusters do - its('db_cluster_identifiers.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`cluster_identifier` -: The unique IDs of the RDS clusters returned. - -`database_name` -: The name of the database associated with each RDS cluster. - -`cluster_\members` -: The RDS instances attached to each RDS cluster. - -`engine` -: The name of the database engine used by each cluster. - -`engine_version` -: The version of the database engine used by each cluster. - -`status` -: The current status of each cluster. - -`allocated_storage` -: The storage allocated to each cluster. - -`storage_encrypted` -: Returns T/F whether the cluster is encrypted or not. - -`availability_zones` -: A list of availability zones of the RDS clusters returned. - -`multi_az` -: Returns T/F depending on whether multiple availability zones are used in the cluster. - -`arn` -: The unique Amazon resource name of the RDS clusters. - -## Examples - -**Ensure a specific cluster exists.** - -```ruby -describe aws_rds_clusters do - its('db_cluster_identifier') { should include ['cluster-12345678', 'cluster-456786786'] } -end -``` - -**Request the IDs of all RDS clusters, then test in-depth using `aws_rds_cluster` to ensure all clusters are encrypted and have a sensible size.** - -```ruby -aws_rds_clusters.cluster_identifier.each do |cluster_identifier| - describe aws_rds_cluster(cluster_identifier) do - it { should have_encrypted_storage } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_clusters do - it { should exist } -end -``` - -```ruby -describe aws_rds_clusters do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBClusterMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_cluster_snapshot.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_cluster_snapshot.md deleted file mode 100644 index c011a33b0c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_cluster_snapshot.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "aws_rds_db_cluster_snapshot Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_cluster_snapshot" -identifier = "inspec/resources/aws/aws_rds_db_cluster_snapshot Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_cluster_snapshot` InSpec audit resource to test the properties of the singular resource of AWS RDS Cluster snapshot. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS Cluster Snapshot.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_RDS.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that cluster snapshot exists. - -```ruby -describe aws_rds_db_cluster_snapshot(db_cluster_snapshot_id: "CLUSTER_ID") do - it { should exist } -end -``` - -## Parameters - -`db_cluster_snapshot_id` _(required)_ - -: The cluster snapshot ID. - -## Properties - -`availability_zones` -: Provides the list of EC2 Availability Zones instances in the DB cluster snapshot that can be restored. - -`db_cluster_snapshot_identifier` -: Specifies the identifier for the DB cluster snapshot. - -`db_cluster_identifier` -: Specifies the identifier of the DB cluster from which the DB cluster snapshot is created. - -`snapshot_create_time` -: Provides the time when the snapshot is taken, in Universal Coordinated Time (UTC). - -`engine` -: Specifies the name of the database engine. - -`allocated_storage` -: Specifies the allocated storage size in Gibibytes (GiB). - -`status` -: Specifies the status of this DB cluster snapshot. - -`port` -: Specifies the port where the DB cluster is listening at the time of the snapshot. - -`vpc_id` -: Provides the VPC ID associated with the DB cluster snapshot. - -`cluster_create_time` -: Specifies when the DB cluster is created, in Universal Coordinated Time (UTC). - -`master_username` -: Provides the master username for the DB cluster snapshot. - -`engine_version` -: Provides the version of the database engine for the DB cluster snapshot. - -`license_model` -: Provides the license model information for the DB cluster snapshot. - -`snapshot_type` -: Provides the DB cluster snapshot type. - -`percent_progress` -: Specifies the percentage of the estimated data that is transferred. - -`storage_encrypted` -: Specifies whether the DB cluster snapshot is encrypted. - -`kms_key_id` -: If `StorageEncrypted` is true, the AWS Key Management Service (AWS KMS) identifier for the encrypted DB cluster snapshot is set to protect the data. - -`db_cluster_snapshot_arn` -: The Amazon Resource Name (ARN) for the DB cluster snapshot. - -`source_db_cluster_snapshot_arn` -: If the DB cluster snapshot is copied from a source DB cluster snapshot, the Amazon Resource Name (ARN) for the source DB cluster snapshot is associated, otherwise a null value is stored for the source DB cluster snapsot ARN. - -`iam_database_authentication_enabled` -: `True`, if the mapping of the AWS Identity and Access Management (IAM) corresponds to database accounts that are enabled, and otherwise `False`. - -`tag_list` -: The related tags. - -## Examples - -**Ensure a cluster snapshot ID is `available`.** - -```ruby -describe aws_rds_db_cluster_snapshot(db_cluster_snapshot_id: "CLUSTER_ID") do - its('db_cluster_snapshot_id') { should eq 'CLUSTER_ID' } -end -``` - -**Ensure that the status is `available`.** - -```ruby -describe aws_rds_db_cluster_snapshot(db_cluster_snapshot_id: "CLUSTER_ID") do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_cluster_snapshot(db_cluster_snapshot_id: "CLUSTER_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_cluster_snapshot(db_cluster_snapshot_id: "CLUSTER_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_cluster_snapshot(db_cluster_snapshot_id: "CLUSTER_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBClusterSnapshotMessage" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_cluster_snapshots.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_cluster_snapshots.md deleted file mode 100644 index b5919996b0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_cluster_snapshots.md +++ /dev/null @@ -1,196 +0,0 @@ -+++ -title = "aws_rds_db_cluster_snapshots Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_cluster_snapshots" -identifier = "inspec/resources/aws/aws_rds_db_cluster_snapshots Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_cluster_snapshots` InSpec audit resource to test the properties of a single specific AWS RDS Cluster snapshot. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS Cluster Snapshot.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_RDS.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the cluster snapshot exists. - -```ruby -describe aws_rds_db_cluster_snapshots do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`availability_zones` -: Provides the list of EC2 Availability Zones instances in the DB cluster snapshot that can be restored. - -: **Field**: `availability_zone` - -`db_cluster_snapshot_identifiers` -: Specifies the identifier for the DB cluster snapshot. - -: **Field**: `db_cluster_snapshot_identifier` - -`db_cluster_identifiers` -: Specifies the identifier of the DB cluster from which the DB cluster snapshot is created. - -: **Field**: `db_cluster_identifier` - -`snapshot_create_times` -: Provides the time when the snapshot is taken, in Universal Coordinated Time (UTC). - -: **Field**: `snapshot_create_time` - -`engines` -: Specifies the name of the database engine. - -: **Field**: `engine` - -`allocated_storages` -: Specifies the allocated storage size in Gibibytes (GiB). - -: **Field**: `allocated_storage` - -`statuses` -: Specifies the status of this DB cluster snapshot. - -: **Field**: `status` - -`ports` -: Specifies the port where the DB cluster is listening at the time of the snapshot. - -: **Field**: `port` - -`vpc_ids` -: Provides the VPC ID associated with the DB cluster snapshot. - -: **Field**: `vpc_id` - -`cluster_create_times` -: Specifies the time when the DB cluster is created, in Universal Coordinated Time (UTC). - -: **Field**: `cluster_create_time` - -`master_usernames` -: Provides the master username for the DB cluster snapshot. - -: **Field**: `master_username` - -`engine_versions` -: Provides the database engine version for the DB cluster snapshot. - -: **Field**: `engine_version` - -`license_models` -: Provides the license model information for the DB cluster snapshot. - -: **Field**: `license_model` - -`snapshot_types` -: Provides the DB cluster snapshot type. - -: **Field**: `snapshot_type` - -`percent_progresses` -: Specifies the percentage of the estimated data that is transferred. - -: **Field**: `percent_progress` - -`storage_encrypted` -: Specifies whether the DB cluster snapshot is encrypted. - -: **Field**: `storage_encrypted` - -`kms_key_ids` -: If `StorageEncrypted` is true, the AWS Key Management Service (AWS KMS) identifier for the encrypted DB cluster snapshot is set to protect the data. - -: **Field**: `kms_key_id` - -`db_cluster_snapshot_arns` -: The Amazon Resource Name (ARN) for the DB cluster snapshot. - -: **Field**: `db_cluster_snapshot_arn` - -`source_db_cluster_snapshot_arns` -: If the DB cluster snapshot is copied from a source DB cluster snapshot, the Amazon Resource Name (ARN) for the source DB cluster snapshot is associated, otherwise a null value is stored for the source DB cluster snapsot ARN. - -: **Field**: `source_db_cluster_snapshot_arn` - -`iam_database_authentication_enabled` -: `True`, if the mapping of the AWS Identity and Access Management (IAM) corresponds to database accounts are enabled, and otherwise `False`. - -: **Field**: `iam_database_authentication_enabled` - -`tag_lists` -: The related tags. - -: **Field**: `tag_list` - -## Examples - -**Ensure a cluster snapshot id is available.** - -```ruby -describe aws_rds_db_cluster_snapshots do - its('db_cluster_snapshot_ids') { should include 'CLUSTER_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_rds_db_cluster_snapshots do - its('statuses') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_cluster_snapshots do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_cluster_snapshots do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_cluster_snapshots do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBClusterSnapshotMessage" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy.md deleted file mode 100644 index 5edea70b5f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy.md +++ /dev/null @@ -1,160 +0,0 @@ -+++ -title = "aws_rds_db_proxy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_proxy" -identifier = "inspec/resources/aws/aws_rds_db_proxy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_proxy` InSpec audit resource to test properties of a single AWS Relational Database Service (RDS) database proxy. - -The `AWS::RDS::DBProxy` resource creates or updates an RDS DB proxy. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS DBProxy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the db proxy exists. - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - it { should exist } -end -``` - -## Parameters - -`db_proxy_name` _(required)_ - -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -## Properties - -`db_proxy_name` -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -`db_proxy_arn` -: The Amazon Resource Name (ARN) for the proxy. - -`status` -: The current status of this proxy. - -`engine_family` -: The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. - -`vpc_id` -: The VPC id. - -`vpc_security_group_ids` -: Provides a list of VPC security groups that the proxy belongs to. - -`vpc_subnet_ids` -: The EC2 subnet IDs for the proxy. - -`auth_descriptions` -: A user-specified description about the authentication used by a proxy to log in as a specific database user. - -`auth_user_names` -: The name of the database user to which the proxy connects. - -`auth_schemes` -: The type of authentication that the proxy uses for connections from the proxy to the underlying database. - -`auth_secret_arns` -: The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager. - -`auth_iam_auths` -: Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. - -`role_arn` -: The Amazon Resource Name (ARN) for the IAM role that the proxy uses to access Amazon Secrets Manager. - -`endpoint` -: The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application. - -`require_tls` -: Indicates whether Transport Layer Security (TLS) encryption is required for connections to the proxy. - -`idle_client_timeout` -: The number of seconds a connection to the proxy can have no activity before the proxy drops the client connection. - -`debug_logging` -: Whether the proxy includes detailed information about SQL statements in its logs. - -`created_date` -: The date and time when the proxy was first created. - -`updated_date` -: The date and time when the proxy was last updated. - -## Examples - -**Ensure a db proxy name is available.** - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - its('db_proxy_name') { should eq 'DB_PROXY_NAME' } -end -``` - -**Ensure a db proxy arn is available.** - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - its('db_proxy_arn') { should eq 'DB_PROXY_ARN' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_proxy(db_proxy_name: 'DB_PROXY_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBProxiesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_endpoint.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_endpoint.md deleted file mode 100644 index 43a5ac61e5..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_endpoint.md +++ /dev/null @@ -1,140 +0,0 @@ -+++ -title = "aws_rds_db_proxy_endpoint Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_proxy_endpoint" -identifier = "inspec/resources/aws/aws_rds_db_proxy_endpoint Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_proxy_endpoint` InSpec audit resource to test properties of a single AWS Relational Database Service (RDS) database proxy endpoint. - -The `AWS::RDS::DBProxyEndpoint` resource creates or updates an AWS RDS DB proxy endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS DBProxyEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxyendpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the DB proxy endpoint exists. - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - it { should exist } -end -``` - -## Parameters - -`db_proxy_name` _(required)_ - -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -`db_proxy_endpoint_name` _(required)_ - -: The name for the DB proxy endpoint. - -## Properties - -`db_proxy_endpoint_name` -: The name for the DB proxy endpoint. - -`db_proxy_endpoint_arn` -: The Amazon Resource Name (ARN) for the DB proxy endpoint. - -`db_proxy_name` -: The identifier for the DB proxy that is associated with this DB proxy endpoint. - -`status` -: The current status of this DB proxy endpoint. - -`vpc_id` -: Provides the VPC ID of the DB proxy endpoint. - -`vpc_security_group_ids` -: Provides a list of VPC security groups that the DB proxy endpoint belongs to. - -`vpc_subnet_ids` -: The EC2 subnet IDs for the DB proxy endpoint. - -`endpoint` -: The endpoint that you can use to connect to the DB proxy. - -`created_date` -: The date and time when the DB proxy endpoint was first created. - -`target_role` -: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations. - -`is_default` -: A value that indicates whether this endpoint is the default endpoint for the associated DB proxy. Default DB proxy endpoints always have read/write capability. - -## Examples - -**Ensure a DB proxy endpoint name is available.** - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - its('db_proxy_endpoint_name') { should eq 'DB_PROXY_ENDPOINT_NAME' } -end -``` - -**Ensure a DB proxy is available.** - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - its('db_proxy_name') { should eq 'DB_PROXY_NAME' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_proxy_endpoint(db_proxy_name: 'DB_PROXY_NAME', db_proxy_endpoint_name: 'DB_PROXY_ENDPOINT_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBProxyEndpointsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_endpoints.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_endpoints.md deleted file mode 100644 index 8a7094ec80..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_endpoints.md +++ /dev/null @@ -1,158 +0,0 @@ -+++ -title = "aws_rds_db_proxy_endpoints Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_proxy_endpoints" -identifier = "inspec/resources/aws/aws_rds_db_proxy_endpoints Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_proxy_endpoints` InSpec audit resource to test properties of multiple AWS Relational Database Service (RDS) database proxy endpoints. - -The `AWS::RDS::DBProxyEndpoint` resource creates or updates an AWS RDS DB proxy endpoint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS DBProxyEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxyendpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the DB proxy endpoint exists. - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - it { should exist } -end -``` - -## Parameters - -`db_proxy_name` _(required)_ - -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -## Properties - -`db_proxy_endpoint_names` -: The name for the DB proxy endpoint. - -: **Field**: `db_proxy_endpoint_name` - -`db_proxy_endpoint_arns` -: The Amazon Resource Name (ARN) for the DB proxy endpoint. - -: **Field**: `db_proxy_endpoint_arn` - -`db_proxy_names` -: The identifier for the DB proxy that is associated with this DB proxy endpoint. - -: **Field**: `db_proxy_name` - -`statuses` -: The current status of this DB proxy endpoint. - -: **Field**: `status` - -`vpc_ids` -: Provides the VPC ID of the DB proxy endpoint. - -: **Field**: `vpc_id` - -`vpc_security_group_ids` -: Provides a list of VPC security groups that the DB proxy endpoint belongs to. - -: **Field**: `vpc_security_group_ids` - -`vpc_subnet_ids` -: The EC2 subnet IDs for the DB proxy endpoint. - -: **Field**: `vpc_subnet_ids` - -`endpoints` -: The endpoint that you can use to connect to the DB proxy. - -: **Field**: `endpoint` - -`created_dates` -: The date and time when the DB proxy endpoint was first created. - -: **Field**: `created_date` - -`target_roles` -: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations. - -: **Field**: `target_role` - -`is_default` -: A value that indicates whether this endpoint is the default endpoint for the associated DB proxy. Default DB proxy endpoints always have read/write capability. - -: **Field**: `is_default` - -## Examples - -**Ensure a DB proxy endpoint name is available.** - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - its('db_proxy_endpoint_names') { should include 'DB_PROXY_ENDPOINT_NAME' } -end -``` - -**Ensure a DB proxy is available.** - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - its('db_proxy_names') { should include 'DB_PROXY_NAME' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - its('statuses') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_proxy_endpoints(db_proxy_name: 'DB_PROXY_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBProxyEndpointsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_target_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_target_group.md deleted file mode 100644 index 88cac81bac..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_target_group.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "aws_rds_db_proxy_target_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_proxy_target_group" -identifier = "inspec/resources/aws/aws_rds_db_proxy_target_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_proxy_target_group` InSpec audit resource to test properties of a single AWS Relational Database Service (RDS) database proxy target group. - -The `AWS::RDS::DBProxyTargetGroup` resource represents a set of RDS DB instances, Aurora DB clusters, or both that a proxy can connect to. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS DBProxyTargetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxytargetgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the target group exists. - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - it { should exist } -end -``` - -## Parameters - -`db_proxy_name` _(required)_ - -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -`target_group_name` _(required)_ - -: The identifier for the target group. - -## Properties - -`db_proxy_name` -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -`target_group_name` -: The identifier for the target group. - -`target_group_arn` -: The Amazon Resource Name (ARN) representing the target group. - -`is_default` -: Whether this target group is the first one used for connection requests by the associated proxy. - -`status` -: The current status of this target group. - -`connection_pool_config.max_connections_percent` -: The maximum size of the connection pool for each target in a target group. - -`connection_pool_config.max_idle_connections_percent` -: Controls how actively the proxy closes idle database connections in the connection pool. - -`connection_pool_config.connection_borrow_timeout` -: The number of seconds for a proxy to wait for a connection to become available in the connection pool. - -`connection_pool_config.session_pinning_filters` -: Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. - -`connection_pool_config.init_query` -: One or more SQL statements for the proxy to run when opening each new database connection. - -`created_date` -: The date and time when the target group was first created. - -`updated_date` -: The date and time when the target group was last updated. - -## Examples - -**Ensure a DB proxy name is available.** - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - its('db_proxy_name') { should eq 'DB_PROXY_NAME' } -end -``` - -**Ensure a target group name is available.** - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - its('target_group_name') { should eq 'TARGET_GROUP_NAME' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_proxy_target_group(db_proxy_name: 'DB_PROXY_NAME', target_group_name: 'TARGET_GROUP_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBProxyTargetGroupsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_target_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_target_groups.md deleted file mode 100644 index 190de97047..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_proxy_target_groups.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "aws_rds_db_proxy_target_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_proxy_target_groups" -identifier = "inspec/resources/aws/aws_rds_db_proxy_target_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_proxy_target_groups` InSpec audit resource to test properties of multiple AWS Relational Database Service (RDS) database proxy target groups. - -The `AWS::RDS::DBProxyTargetGroup` resource represents a set of RDS DB instances, Aurora DB clusters, or both that a proxy can connect to. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS RDS DBProxyTargetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxytargetgroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the target group exists. - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - it { should exist } -end -``` - -## Parameters - -`db_proxy_name` _(required)_ - -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -## Properties - -`db_proxy_names` -: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. - -: **Field**: `db_proxy_name` - -`target_group_names` -: The identifier for the target group. - -: **Field**: `target_group_name` - -`target_group_arns` -: The Amazon Resource Name (ARN) representing the target group. - -: **Field**: `target_group_arn` - -`is_default` -: Whether this target group is the first one used for connection requests by the associated proxy. - -: **Field**: `is_default` - -`statuses` -: The current status of this target group. - -: **Field**: `status` - -`connection_pool_configs` -: The settings that determine the size and behavior of the connection pool for the target group. - -: **Field**: `connection_pool_config` - -`created_dates` -: The date and time when the target group was first created. - -: **Field**: `created_date` - -`updated_dates` -: The date and time when the target group was last updated. - -: **Field**: `updated_date` - -## Examples - -**Ensure a DB proxy name is available.** - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - its('db_proxy_names') { should include 'DB_PROXY_NAME' } -end -``` - -**Ensure a target group name is available.** - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - its('target_group_names') { should include 'TARGET_GROUP_NAME' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - its('statuses') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_proxy_target_groups(db_proxy_name: 'DB_PROXY_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBProxyTargetGroupsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_security_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_security_group.md deleted file mode 100644 index 5a8013b066..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_security_group.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "aws_rds_db_security_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_security_group" -identifier = "inspec/resources/aws/aws_rds_db_security_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_security_group` InSpec audit resource to test properties of a single Amazon Relational Database Service (RDS) database security group. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::RDS::DBSecurityGroup` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-security-group.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the security group exists. - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - it { should exist } -end -``` - -## Parameters - -`db_security_group_name` _(required)_ - -: The identifier for the security group. - -## Properties - -`owner_id` -: Provides the Amazon Web Services ID of the owner of a specific DB security group. - -: **Field**: `owner_id` - -`db_security_group_name` -: Specifies the name of the DB security group. - -: **Field**: `db_security_group_name` - -`db_security_group_description` -: Provides the description of the DB security group. - -: **Field**: `db_security_group_description` - -`vpc_id` -: Provides the VpcId of the DB security group. - -: **Field**: `vpc_id` - -`ec2_security_groups` -: Contains a list of EC2SecurityGroup elements. - -: **Field**: `ec2_security_groups` - -`ec2_security_group_statuses` -: Provides the status of the EC2 security group. Status can be "authorizing", "authorized", "revoking", and "revoked". - -: **Field**: `ec2_security_group (status)` - -`ec2_security_group_names` -: Specifies the name of the EC2 security group. - -: **Field**: `ec2_security_group_name` - -`ec2_security_group_ids` -: pecifies the id of the EC2 security group. - -: **Field**: `ec2_security_group_id` - -`ec2_security_group_owner_ids` -: pecifies the Amazon Web Services ID of the owner of the EC2 security group specified in the EC2SecurityGroupName field. - -: **Field**: `ec2_security_group_owner_id` - -`ip_ranges_statuses` -: Specifies the status of the IP range. Status can be "authorizing", "authorized", "revoking", and "revoked". - -: **Field**: `ip_ranges (status)` - -`ip_ranges_cidrips` -: Specifies the IP range. - -: **Field**: `cidrip` - -`db_security_group_arn` -: The Amazon Resource Name (ARN) for the DB security group. - -: **Field**: `db_security_group_arn` - -## Examples - -**Ensure a security group name is available.** - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - its('db_security_group_name') { should eq 'DB_SECURITY_GROUP_NAME' } -end -``` - -**Ensure a security group description is available.** - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - its('db_security_group_description') { should eq 'DB_SECURITY_GROUP_DESCRIPTION' } -end -``` - -**Ensure a status is `authorized`.** - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - its('ec2_security_group_statuses') { should include 'authorized' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_security_group(db_security_group_name: 'DB_SECURITY_GROUP_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBSecurityGroup" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_security_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_security_groups.md deleted file mode 100644 index 45993de86e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_db_security_groups.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_rds_db_security_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_db_security_groups" -identifier = "inspec/resources/aws/aws_rds_db_security_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_db_security_groups` InSpec audit resource to test properties of multiple Amazon Relational Database Service (RDS) database security groups. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the DB security group exists. - -```ruby -describe aws_rds_db_security_groups do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on the `AWS::RDS::DBSecurityGroup` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-security-group.html). - -## Properties - -`owner_ids` -: Provides the Amazon Web Services ID of the owner of a specific DB security group. - -: **Field**: `owner_id` - -`db_security_group_names` -: The name of the DB security group to return details for. - -: **Field**: `db_security_group_name` - -`db_security_group_descriptions` -: Provides the description of the DB security group. - -: **Field**: `db_security_group_description` - -`vpc_ids` -: Provides the VpcId of the DB security group. - -: **Field**: `vpc_id` - -`db_security_group_arns` -: The Amazon Resource Name (ARN) for the DB security group. - -: **Field**: `db_security_group_arn` - -## Examples - -**Ensure a DB security group name is available.** - -```ruby -describe aws_rds_db_security_groups do - its('db_security group_names') { should include 'DB_SECURITY_GROUP_NAME' } -end -``` - -**Ensure a DB security group ARN is available.** - -```ruby -describe aws_rds_db_security_groups do - its('db_security_group_arns') { should include 'DB_SECURITY_GROUP_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_db_security_groups do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_db_security_groups do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_db_security_groups do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBSecurityGroup" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_event_subscription.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_event_subscription.md deleted file mode 100644 index b99ee9735f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_event_subscription.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "aws_rds_event_subscription Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_event_subscription" -identifier = "inspec/resources/aws/aws_rds_event_subscription Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_event_subscription` InSpec audit resource to test properties of a single AWS RDS event subscription. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::RDS::EventSubscription` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-eventsubscription.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the event subscription exists. - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`subscription_name` _(required)_ - -: The identifier for the event subscription. - -## Properties - -`customer_aws_id` -: The Amazon Web Services customer account associated with the RDS event notification subscription. - -`cust_subscription_id` -: The RDS event notification subscription ID. - -`sns_topic_arn` -: The topic ARN of the RDS event notification subscription. - -`status` -: The status of the RDS event notification subscription. - -`subscription_creation_time` -: The time the RDS event notification subscription was created. - -`source_type` -: The source type for the RDS event notification subscription. - -`source_ids_list` -: A list of source IDs for the RDS event notification subscription. - -`event_categories_list` -: A list of event categories for the RDS event notification subscription. - -`enabled` -: A Boolean value indicating if the subscription is enabled. True indicates the subscription is enabled. - -`event_subscription_arn` -: The Amazon Resource Name (ARN) for the event subscription. - -## Examples - -**Ensure an event subscription name is available.** - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - its('cust_subscription_id') { should eq 'CUST_SUBSCRIPTION_ID' } -end -``` - -**Ensure an event subscription SNS topic ARN is available.** - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - its('sns_topic_arn') { should eq 'SNS_TOPIC_ARN' } -end -``` - -**Ensure a customer AWS ID is available.** - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - its('customer_aws_id') { should eq 'CUSTOMER_AWS_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_event_subscription(subscription_name: 'EVENT_SUBSCRIPTION_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeEventSubscriptionsMessage" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_event_subscriptions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_event_subscriptions.md deleted file mode 100644 index 64d39f54f9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_event_subscriptions.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "aws_rds_event_subscriptions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_event_subscriptions" -identifier = "inspec/resources/aws/aws_rds_event_subscriptions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_event_subscriptions` InSpec audit resource to test properties of multiple AWS RDS event subscriptions. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::RDS::EventSubscription` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-eventsubscription.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the event subscription exists. - -```ruby -describe aws_rds_event_subscriptions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`customer_aws_ids` -: The Amazon Web Services customer account associated with the RDS event notification subscription. - -: **Field**: `customer_aws_id` - -`cust_subscription_ids` -: The RDS event notification subscription Id. - -: **Field**: `cust_subscription_id` - -`sns_topic_arns` -: The topic ARN of the RDS event notification subscription. - -: **Field**: `sns_topic_arn` - -`statuses` -: The status of the RDS event notification subscription. - -: **Field**: `status` - -`subscription_creation_times` -: The time the RDS event notification subscription was created. - -: **Field**: `subscription_creation_time` - -`source_types` -: The source type for the RDS event notification subscription. - -: **Field**: `source_type` - -`source_ids_lists` -: A list of source IDs for the RDS event notification subscription. - -: **Field**: `source_ids_list` - -`event_categories_lists` -: A list of event categories for the RDS event notification subscription. - -: **Field**: `event_categories_list` - -`enabled` -: A Boolean value indicating if the subscription is enabled. True indicates the subscription is enabled. - -: **Field**: `enabled` - -`event_subscription_arns` -: The Amazon Resource Name (ARN) for the event subscription.Exceptions. - -: **Field**: `event_subscription_arn` - -## Examples - -**Ensure an event subscription name is available.** - -```ruby -describe aws_rds_event_subscriptions do - its('cust_subscription_ids') { should include 'CUST_SUBSCRIPTION_ID' } -end -``` - -**Ensure an event subscription SNS Topic ARN is available.** - -```ruby -describe aws_rds_event_subscriptions do - its('sns_topic_arns') { should include 'SNS_TOPIC_ARN' } -end -``` - -**Ensure a customer AWS ID is available.** - -```ruby -describe aws_rds_event_subscriptions do - its('customer_aws_ids') { should include 'CUSTOMER_AWS_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_event_subscriptions do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_event_subscriptions do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_event_subscriptions do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBSecurityGroup" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_global_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_global_cluster.md deleted file mode 100644 index 896c883438..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_global_cluster.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "aws_rds_global_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_global_cluster" -identifier = "inspec/resources/aws/aws_rds_global_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_global_cluster` InSpec audit resource to test properties of a single Amazon Aurora global database cluster. - -The `AWS::RDS::GlobalCluster` resource creates or updates an Amazon Aurora global database spread across multiple AWS Regions. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::RDS::GlobalCluster` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the global cluster exists. - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER') do - it { should exist } -end -``` - -## Parameters - -`global_cluster_identifier` _(required)_ - -: The cluster identifier of the global database cluster. - -## Properties - -`global_cluster_identifier` -: The list of global clusters returned by this request. - -`global_cluster_resource_id` -: Contains a user-supplied global database cluster identifier. This identifier is the unique key that identifies a global database cluster. - -`global_cluster_arn` -: The Amazon Web Services Region-unique, immutable identifier for the global database cluster. - -`status` -: Specifies the current state of this global database cluster. - -`engine` -: The Aurora database engine used by the global database cluster. - -`engine_version` -: Indicates the database engine version. - -`database_name` -: The default database name within the new global database cluster. - -`storage_encrypted` -: The storage encryption setting for the global database cluster. - -`deletion_protection` -: The deletion protection setting for the new global database cluster. - -`failover_state.status` -: The current status of the Aurora global database ( GlobalCluster ). - -`failover_state.from_db_cluster_arn` -: The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently being demoted, and which is associated with this state. - -`failover_state.to_db_cluster_arn` -: The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently being promoted, and which is associated with this state. - -`global_cluster_members.db_cluster_arn` -: The Amazon Resource Name (ARN) for each Aurora cluster. - -`global_cluster_members.readers` -: The Amazon Resource Name (ARN) for each read-only secondary cluster associated with the Aurora global database. - -`global_cluster_members.is_writer` -: Specifies whether the Aurora cluster is the primary cluster (that is, has read-write capability) for the Aurora global database with which it is associated. - -`global_cluster_members.global_write_forwarding_status` -: Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, not enabled, or is in the process of enabling it. - -## Examples - -**Ensure a DB global cluster is available.** - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do - its('global_cluster_resource_id') { should eq 'GLOBAL_CLUSTER_ID' } -end -``` - -**Ensure a global cluster engine is available.** - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do - its('engine') { should eq 'ENGINE' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeGlobalClustersMessage" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_global_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_global_clusters.md deleted file mode 100644 index 041181e24c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_global_clusters.md +++ /dev/null @@ -1,142 +0,0 @@ -+++ -title = "aws_rds_global_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_global_clusters" -identifier = "inspec/resources/aws/aws_rds_global_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_global_clusters` InSpec audit resource to test properties of multiple Amazon Aurora global database clusters. - -The AWS::RDS::GlobalCluster resource creates or updates an Amazon Aurora global database spread across multiple AWS Regions. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the global cluster exists. - -```ruby -aws_rds_global_clusters do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on the `AWS::RDS::GlobalCluster` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html). - -## Properties - -`global_cluster_identifiers` -: The list of global clusters returned by this request. - -: **Field**: `global_cluster_identifier` - -`global_cluster_resource_ids` -: Contains a user-supplied global database cluster identifier. - -: **Field**: `global_cluster_resource_id` - -`global_cluster_arns` -: The Amazon Web Services Region-unique, immutable identifier for the global database cluster. - -: **Field**: `global_cluster_arn` - -`statuses` -: Specifies the current state of this global database cluster. - -: **Field**: `status` - -`engines` -: The Aurora database engine used by the global database cluster. - -: **Field**: `engine` - -`engine_versions` -: Indicates the database engine version. - -: **Field**: `engine_version` - -`database_names` -: The default database name within the new global database cluster. - -: **Field**: `database_name` - -`storage_encrypted` -: The storage encryption setting for the global database cluster. - -: **Field**: `storage_encrypted` - -`deletion_protections` -: The deletion protection setting for the new global database cluster. - -: **Field**: `deletion_protection` - -## Examples - -**Ensure global cluster resource ID is available.** - -```ruby -describe aws_rds_global_clusters do - its('global_cluster_identifiers') { should include 'GLOBAL_CLUSTER_IDENTIFIER' } -end -``` - -**Ensure global cluster resource ID is available.** - -```ruby -describe aws_rds_global_clusters do - its('global_cluster_resource_ids') { should include 'GLOBAL_CLUSTER_RESOURCE_ID' } -end -``` - -**Ensure a status is `available`.** - -```ruby -describe aws_rds_global_clusters do - its('statuses') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_rds_global_clusters do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_rds_global_clusters do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_rds_global_clusters do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeGlobalClustersMessage" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_group_option.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_group_option.md deleted file mode 100644 index f3cf40d499..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_group_option.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_rds_group_option Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_group_option" -identifier = "inspec/resources/aws/aws_rds_group_option Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_group_option` InSpec audit resource to test detailed properties of an individual RDS cluster.An `aws_rds_group_option` resource block uses resource parameters to search for an RDS option group, and then tests that RDS option group. If no RDS option group match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -For additional information, including details on parameters and properties, see the [AWS documentation on RDS Option Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-optiongroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure if the option group exists - -```ruby -describe aws_rds_group_option('default:aurora-5-6') do - it { should exist } -end -``` - - # Can also use hash syntax -```ruby -describe aws_rds_group_option(option_group_name: 'default:aurora-5-6') do - it { should exist } -end -``` - -## Parameters - -`option_group_name` _(required)_ - -: This resource accepts a single parameter, the user-supplied option_group_name. This parameter isn't case-sensitive. - This can be passed either as a string or as a `option_group_name: 'value'` key-value entry in a hash. - -## Properties - -`option_group_name` -: The name RDS option group. - -`option_group_description` -: The name of the database associated with each RDS cluster. - -`engine_name` -: The name of the engine associated with each RDS cluster. - -`major_engine_version` -: The major engine version of a option group. - -`option_group_arn` -: The arn of a option group. - -`vpc_id` -: The vpc id of option group. - -`allows_vpc_and_non_vpc_instance_memberships` -: The storage allocated to each cluster. - -For a comprehensive list of properties available to test on an RDS option group see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/DBCluster.html). - -## Examples - -**Test the engine used with an aws_rds_group_option.** - -```ruby -describe aws_rds_group_option(option_group_name: 'mysql') do - its('engine_name') { should eq 'mysql' } - its('major_engine_version') { should eq '5.6.37' } -end -``` - -**Test the options to allocated to an aws_rds_group_option.** - -```ruby -describe aws_rds_group_option(option_group_name: 'mysql') do - its('options.option_name') { should eq 'test' } - its('options.permanent') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_group_option(option_group_name: 'mysql') do - it { should exist } -end -``` - -```ruby -describe aws_rds_group_option(option_group_name: 'mysql') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:OptionGroups" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_group_options.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_group_options.md deleted file mode 100644 index 89c675ec2d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_group_options.md +++ /dev/null @@ -1,137 +0,0 @@ -+++ -title = "aws_rds_group_options Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_group_options" -identifier = "inspec/resources/aws/aws_rds_group_options Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_group_options` InSpec audit resource to test detailed properties of a group of Amazon Relational Database Service (RDS) clusters. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_rds_group_options` resource block uses resource parameters to search for an RDS option group, and then tests that RDS option group. If no RDS option group match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. -describe aws_rds_group_option(engine_name: 'mysql') do -it { should exist } -end - - # Can also use hash syntax -```ruby -describe aws_rds_group_options do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`option_group_names` -: The name RDS option group. - -: **Field**: `option_group_name` - -`option_group_description` -: The name of the database associated with each RDS cluster. - -: **Field**: `option_group_description` - -`engine_names` -: The name of the engine associated with each RDS cluster. - -: **Field**: `engine_name` - -`major_engine_versions` -: The major engine version of a option group. - -: **Field**: `major_engine_version` - -`option_group_arns` -: The arn of a option group. - -: **Field**: `option_group_arn` - -`vpc_ids` -: The vpc id of option group. - -: **Field**: `vpc_id` - -`allows_vpc_and_non_vpc_instance_memberships` -: The storage allocated to each cluster. - -: **Field**: `allows_vpc_and_non_vpc_instance_memberships` -See the [AWS documentation on RDS cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-optiongroup.html). - - -For a comprehensive list of properties available to test on an RDS cluster see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/DBCluster.html). - -## Examples - -**Test the engine used with an aws_rds_group_option.** - -```ruby -describe aws_rds_group_options do - its('engine_name') { should include 'mysql' } - its('major_engine_version') { should include '5.6.37' } -end -``` - -**Ensure a specific cluster exists.** - -```ruby -describe aws_rds_group_options do - its('option_group_name') { should include 'option_group_name8-test } -end -``` - -**Use the InSpec resource to request the IDs of all RDS clusters, then test in-depth using `aws_rds_cluster` to ensure all clusters are encrypted and have a sensible size.** - -```ruby -aws_rds_group_options.option_group_name.each do |option_group_name| - describe aws_rds_group_option(option_group_name) do - it { should exist } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_group_options do - it { should exist } -end -``` - -```ruby -describe aws_rds_group_options do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:OptionGroups" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_instance.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_instance.md deleted file mode 100644 index 88922f3ac3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_instance.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "aws_rds_instance Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_instance" -identifier = "inspec/resources/aws/aws_rds_instance Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_instance` InSpec audit resource to test detailed properties of an individual RDS instance. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -For additional information, including details on parameters and properties, see the [AWS documentation on RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_rds_instance` resource block uses resource parameters to search for an RDS instance, and then tests that RDS instance. If no RDS instances match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one RDS instance matches (due to vague search parameters), an error is raised. - -```ruby -describe aws_rds_instance('test-instance-id') do - it { should exist } -end -``` - - # Can also use hash syntax -```ruby -describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do - it { should exist } -end -``` - -## Parameters - -`db_instance_identifier` _(required if resource_data not provided)_ - -: The user-supplied instance identifier. This parameter isn't case-sensitive. - This can be passed either as a string or as a `db_instance_identifier: 'value'` key-value entry in a hash. - -`resource_data` _(required if db_instance_identifier not provided)_ - -: A hash or the cached AWS response passed from the `aws_rds_instances` resource. - -## Properties - -For a comprehensive list of properties available to test on an RDS Instance see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/Types/DBInstance.html) - -## Examples - -**Test the engine used with an RDS instance.** - -```ruby -describe aws_rds_instance(db_instance_identifier: 'awsrds123') do - its ('engine') { should eq 'mysql' } - its ('engine_version') { should eq '5.6.37' } -end -``` - -**Test the storage allocated to an RDS instance.** - -```ruby -describe aws_rds_instance(db_instance_identifier: 'awsrds123') do - its ('storage_type') { should eq 'gp2' } - its ('allocated_storage') { should eq 10 } -end -``` - -**Test the instance type and master username.** - -```ruby -describe aws_rds_instance(db_instance_identifier: 'awsrds123') do - its ('master_username') { should eq 'db-maintain' } - its ('db_instance_class') { should eq 'db.t3.micro' } -end -``` - -**Test the instance type and master username from cached resources.** - -```ruby -resource = aws_rds_instances.where(db_instance_identifier: 'awsrds123') -describe aws_rds_instance(resource_data: resource) do - its ('master_username') { should eq 'db-maintain' } - its ('db_instance_class') { should eq 'db.t3.micro' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_instance(db_instance_identifier: 'AnExistingRDS') do - it { should exist } -end -``` - -```ruby -describe aws_rds_instance(db_instance_identifier: 'ANonExistentRDS') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBInstanceMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_instances.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_instances.md deleted file mode 100644 index 0482d1e122..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_instances.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "aws_rds_instances Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_instances" -identifier = "inspec/resources/aws/aws_rds_instances Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_instances` InSpec audit resource to test properties of a collection of AWS RDS instances. - -RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -RDS instances are compute instances used by the RDS service. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure you have exactly 3 instances - -```ruby -describe aws_rds_instances do - its('db_instance_identifiers.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`db_instance_identifiers` -: The unique IDs of the RDS Instances returned. - -`db_instance_classes` -: The list of the name of the compute and memory capacity class of the DB instances. - -`db_security_groups` -: A list of DB security group elements containing `DBSecurityGroup.Name` and `DBSecurityGroup.Status` subelements. - -`vpc_security_groups` -: Provides a list of VPC security group elements that the DB instance belongs to. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -See the [AWS RDS DBInstance API documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBInstance.html) for more information. - -## Examples - -**Ensure a specific instance exists.** - -```ruby -describe aws_rds_instances do - its('db_instance_identifiers') { should include 'rds-12345678' } -end -``` - -**Use the InSpec resource to request the IDs of all RDS instances, then test in-depth using `aws_rds_instance` to ensure all instances are encrypted and have a sensible size.** - -```ruby -aws_rds_instances.db_instance_identifiers.each do |db_instance_identifier| - describe aws_rds_instance(db_instance_identifier) do - it { should be_encrypted } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_instances do - it { should exist } -end -``` - -```ruby -describe aws_rds_instances do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBInstanceMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshot.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshot.md deleted file mode 100644 index c32086e15b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshot.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "aws_rds_snapshot Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_snapshot" -identifier = "inspec/resources/aws/aws_rds_snapshot Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_snapshot` InSpec audit resource to test the detailed properties of an individual RDS snapshot. - -For additional information, including details on parameters and properties, see the [AWS documentation on RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_rds_snapshot` resource block uses resource parameters to search for an RDS snapshot and test the respective RDS snapshot. - -No error is raised if no RDS snapshots match. However, the `exists` matcher will return `false`, and all properties will be `nil`. - -An error is raised if more than one RDS snapshot matches (due to vague search parameters). - -```ruby -describe aws_rds_snapshot('TEST-SNAPSHOT-ID') do - it { should exist } -end -``` - - # Can also use hash syntax -```ruby -describe aws_rds_snapshot(db_snapshot_identifier: 'TEST-SNAPSHOT-ID') do - it { should exist } -end -``` - - # Passing in -```ruby -describe aws_rds_snapshot(resource_data: 'RESOURCE_DATA_OBJECT') do - it { should exist } -end -``` - -## Parameters - -`db_snapshot_identifier` _(required if resource_data not provided)_ - -: The user-supplied database snapshot identifier. - This parameter can passed as a string or a `db_snapshot_identifier: 'value'` key-value entry in a hash. - -`resource_data` _(required if db_snapshot_identifier not provided)_ - -: A cached resource data object. - This must be passed key-value entry in a hash. For example, `resource_data: 'RESOURCE_DATA_OBJECT'` . - -## Properties - -For a comprehensive list of properties available to test on an RDS snapshot see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/Types/DBSnapshot.html) - -## Examples - -**Tests the engine used is with an RDS snapshot.** - -```ruby -describe aws_rds_snapshot(db_snapshot_identifier: 'AWSRDS123') do - its ('engine') { should eq 'MYSQL' } - its ('engine_version') { should eq '5.6.37' } -end -``` - - -**Tests the storage allocated to an RDS snapshot.** - -```ruby -describe aws_rds_snapshot(db_snapshot_identifier: 'AWSRDS123') do - its ('allocated_storage') { should eq 10 } -end -``` - - -**Tests the snapshot type and master username.** - -```ruby -describe aws_rds_snapshot(db_snapshot_identifier: 'AWSRDS123') do - its ('master_username') { should eq 'DB-MAINTAIN' } -end -``` - -**Tests the snapshot using cached resource data.** - -```ruby -describe aws_rds_snapshot(resource_data: 'AWS_RDS_SNAPSHOT') do - its ('engine') { should eq 'MYSQL' } - its ('engine_version') { should eq '5.6.37' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_snapshot(db_snapshot_identifier: 'AnExistingRDS') do - it { should exist } -end -``` - -```ruby -describe aws_rds_snapshot(db_snapshot_identifier: 'ANonExistentRDS') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBSnapshotMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshot_attributes.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshot_attributes.md deleted file mode 100644 index b6b3dcca72..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshot_attributes.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_rds_snapshot_attributes Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_snapshot_attributes" -identifier = "inspec/resources/aws/aws_rds_snapshot_attributes Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_snapshotattributes` InSpec audit resource to test the detailed properties of an individual RDS snapshot attrbutes. - -For additional information, including details on parameters and properties, see the [AWS documentation on RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_rds_snapshot_attributes` resource block uses resource parameters to search for an RDS snapshot and test the respective RDS snapshot attributes. - -No error is raised if no RDS snapshots match. However, the `exists` matcher will return `false`, and all properties will be `nil`. - -An error is raised if more than one RDS snapshot matches (due to vague search parameters). - -```ruby -describe aws_rds_snapshot_attributes('TEST-SNAPSHOT-ID') do - it { should exist } -end -``` - - # Can also use hash syntax -```ruby -describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'TEST-SNAPSHOT-ID') do - it { should exist } -end -``` - -## Parameters - -`db_snapshot_identifier` - -: This resource accepts a single parameter either as a string or a `db_snapshot_identifier: 'value'` key-value entry in a hash. This parameter is user-supplied DB snapshot identifier. This parameter isn't case-sensitive and is a required parameter. - -## Properties - -`db_snapshot_identifier` -: The unique ID of the RDS snapshot returned. - -`attribute_name` -: The name of the attribute returned for a RDS snapshot. - -`attribute_values` -: The attribute values associated with the attribute_name. - -## Examples - -**Tests the attribute name of RDS snapshot.** - -```ruby -describe aws_rds_snapshot-attributes(db_snapshot_identifier: 'AWSRDS123') do - its ('attribute_name') { should eq 'restore' } -end -``` - -**Tests the attribute value of attribute name for a RDS snapshot.** - -```ruby -describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'AWSRDS123').where('attribute_name' == 'restore') do - its('attribute_values') { should_not include 'all' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'AnExistingRDS') do - it { should exist } -end -``` - -```ruby -describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'ANonExistentRDS') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DescribeDBSnapshotAttributesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshots.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshots.md deleted file mode 100644 index 2ad78821f8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_rds_snapshots.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_rds_snapshots Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_rds_snapshots" -identifier = "inspec/resources/aws/aws_rds_snapshots Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_rds_snapshots` InSpec audit resource to test the properties of a collection of AWS RDS snapshots. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have three snapshots. - -```ruby -describe aws_rds_snapshots do - its('db_snapshot_identifiers.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`db_snapshot_identifiers` -: The unique IDs of the RDS snapshots returned. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Ensure a specific snapshot exists.** - -```ruby -describe aws_rds_snapshots do - its('db_snapshot_identifiers') { should include 'RDS-12345678' } -end -``` - -**Requests the IDs of RDS snapshots and ensures the snapshots are encrypted with sensible size.** - -```ruby -aws_rds_snapshots.db_snapshot_identifiers.each do |db_snapshot_identifier| - describe aws_rds_snapshot(db_snapshot_identifier) do - it { should be_encrypted } - end -end -``` - -**Tests the snapshot using cached resource_data.** - -```ruby -aws_rds_snapshots.entries.each do |AWS_RDS_SNAPSHOT| - describe aws_rds_snapshot(resource_data: AWS_RDS_SNAPSHOT) do - its ('engine') { should eq 'MYSQL' } - its ('engine_version') { should eq '5.6.37' } - end -end -``` - -**Loop through all RDS snapshots and test each snapshot with singular resource.** - -This method uses local in-memory caching to test each snapshot for quicker execution of large sets of test cases. - -```ruby -aws_rds_snapshots.entries.each do |AWS_RDS_SNAPSHOT| - describe aws_rds_snapshot(resource_data: AWS_RDS_SNAPSHOT) do - it { should exist } - it { should have_encrypted_snapshot } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_rds_snapshots do - it { should exist } -end -``` - -```ruby -describe aws_rds_snapshots do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="RDS:Client:DBSnapshotMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster.md deleted file mode 100644 index c12dfe0fc9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster.md +++ /dev/null @@ -1,153 +0,0 @@ -+++ -title = "aws_redshift_cluster Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_redshift_cluster" -identifier = "inspec/resources/aws/aws_redshift_cluster Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_redshift_cluster` InSpec audit resource to test detailed properties of an individual AWS Redshift cluster. - - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_redshift_cluster` resource block uses resource parameters to search for a Redshift cluster, and then tests that Redshift cluster. If no Redshift clusters match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one Redshift cluster matches (due to vague search parameters), an error is raised. - -```ruby -describe aws_redshift_cluster('test-cluster-id') do - it { should exist } -end -``` - - # Can also use hash syntax -```ruby -describe aws_redshift_cluster(cluster_identifier: 'test-cluster-id') do - it { should exist } -end -``` - -## Parameters - -`cluster_identifier` _(required)_ - -: This resource accepts a single parameter, the user-supplied cluster identifier. This parameter isn't case-sensitive. - This can be passed either as a string or as a `cluster_identifier: 'value'` key-value entry in a hash. - -: Also see the [AWS Redshift cluster documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html). - -## Properties - -`cluster_identifier` -: The unique IDs of the redshift clusters returned. - -`db_names` -: The name of the database associated with each redshift cluster. - -`node_type` -: The redshift instance type. - -`cluster_create_time` -: The create time of redshift clusters. - -`cluster_subnet_group_name` -: The cluster name of redshift clusters. - -`cluster_status` -: The current status of each cluster . - -`cluster_availability_status` -: The current status of cluster. - -`modify_status` -: The current status of cluster. - -`availability_zones` -: A list of availability zones of the redshift clusters returned. - -`allow_version_upgrade` -: Returns T/F depending on whether version upgrade is allowed or not. - -`encrypted` -: Returns T/F depending on whether Redshift clusters are encrypted or not. - -`cluster_subnet_group_name` -: Cluster subnet group name for redshift clusters returned. - -`iam_roles` -: iam_roles that are used in the cluster. - -`vpc_id` -: vpc_id of the redshift clusters. - -## Examples - -For a comprehensive list of properties available to test on an Redshift cluster see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Redshift/Client.html#describe_clusters-instance_method.html). - -## Examples - -### Test the engine used with a Redshift cluster - -```ruby -describe aws_redshift_cluster(cluster_identifier: 'awsRedshift123') do - its('engine') { should eq 'mysql' } - its('engine_version') { should eq '5.6.37' } -end -``` - -### Test the encryption and version_upgrade attribute of the Redshift cluster - -```ruby -describe aws_redshift_cluster(cluster_identifier: 'awsRedshift123') do - its('encrypted') { should eq true } - its('allow_version_upgrade') { should eq true } -end -``` - -### Test the cluster status and master username - -```ruby -describe aws_redshift_cluster(cluster_identifier: 'awsRedshift123') do - its('master_username') { should eq 'db-maintain' } - its('cluster_status') { should eq 'available' } -end -``` - - - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_redshift_cluster(cluster_identifier: 'AnExistingRedshift') do - it { should exist } -end -``` - -```ruby -describe aws_redshift_cluster(cluster_identifier: 'ANonExistentRedshift') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Redshift:Client:ClustersMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Redshift](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonRedshift.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster_parameter_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster_parameter_group.md deleted file mode 100644 index 4e27523a06..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster_parameter_group.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "aws_redshift_cluster_parameter_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_redshift_cluster_parameter_group" -identifier = "inspec/resources/aws/aws_redshift_cluster_parameter_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_redshift_cluster_parameter_group` InSpec audit resource to test properties of a single specific Redshift cluster parameter group. - -A Redshift cluster parameter group is uniquely identified by the parameter group name. - -For additional information, including details on parameters and properties, see the [AWS documentation on Redshift cluster parameter group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-clusterparametergroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a parameter_group_name exists. - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - it { should exist } -end -``` - -## Parameters - -`parameter_group_name` _(required)_ - -## Properties - -`parameter_group_name` -: The name of a specific parameter group for which to return details. By default, details about all parameter groups and the default parameter group are returned. - -`parameter_group_family` -: The family of the parameter group. - -`description` -: The description of the parameter group. - -`tags` -: The tags of the parameter group. - -## Examples - -**Ensure a parameter group name is available.** - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - its('parameter_group_name') { should eq 'test' } -end -``` - -**Check the family name in the cluster parameter group.** - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - its('parameter_group_family') { should eq 'family_name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - it { should_not exist } -end -``` - -### be_available - -Check if the IP address is available. - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - it { should be_available } -end -``` - -Use `should_not` to test an IP address that should not exist. - -```ruby -describe aws_redshift_cluster_parameter_group(parameter_group_name: 'test') do - it { should_not be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Redshift:Client:ClusterParameterGroupsMessage" %}} - -See the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html) documentation for additional information. diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster_parameter_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster_parameter_groups.md deleted file mode 100644 index fe81b8cc91..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_cluster_parameter_groups.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_redshift_cluster_parameter_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_redshift_cluster_parameter_groups" -identifier = "inspec/resources/aws/aws_redshift_cluster_parameter_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_redshift_cluster_parameter_groups` InSpec audit resource to test properties of some or all AWS Redshift cluster parameter groups. - -This resource does not expect any parameters. - -For additional information, including details on parameters and properties, see the [AWS documentation on Redshift cluster parameter group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-clusterparametergroup.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Verify that a Parameter group name exists. - -```ruby -describe aws_redshift_cluster_parameter_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`parameter_group_names` -: The name of a specific parameter group for which to return details. By default, details about all parameter groups and the default parameter group are returned. - -: **Field**: `parameter_group_name` - -`parameter_group_families` -: The family of the parameter group. - -: **Field**: `parameter_group_family` - -`descriptions` -: The description of the parameter group. - -: **Field**: `description` - -`tags` -: The tags of the parameter group. - -: **Field**: `tags` - -## Examples - -**Ensure a Redshift cluster parameter group has parameter groups.** - -```ruby -describe aws_redshift_cluster_parameter_groups do - it { should exist } -end -``` - -**Verify the number of Redshift cluster parameter groups.** - -```ruby -describe aws_redshift_cluster_parameter_groups do - its('count') { should eq 5 } -end -``` - -**Verify the family name exists for at least one of the cluster parameter groups.** - -```ruby -describe aws_redshift_cluster_parameter_groups do - its('parameter_group_families') { should include "FAMILY_NAME" } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -describe aws_redshift_cluster_parameter_groups do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_redshift_cluster_parameter_groups do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Redshift:Client:ClusterParameterGroupsMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_clusters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_clusters.md deleted file mode 100644 index dbc750ffe1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_redshift_clusters.md +++ /dev/null @@ -1,159 +0,0 @@ -+++ -title = "aws_redshift_clusters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_redshift_clusters" -identifier = "inspec/resources/aws/aws_redshift_clusters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_redshift_clusters` InSpec audit resource to test properties of a collection of Amazon Redshift clusters. - -Redshift gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure you have exactly 3 clusters - -```ruby -describe aws_redshift_clusters do - its('cluster_identifiers.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`cluster_identifiers` -: The unique IDs of the Redshift clusters returned. - -: **Field**: `cluster_identifier` - -`db_names` -: The name of the database associated with each Redshift cluster. - -: **Field**: `db_name` - -`node_types` -: The Redshift instance type. - -: **Field**: `node_type` - -`cluster_create_time` -: The create time of Redshift clusters. - -: **Field**: `cluster_create_time` - -`cluster_subnet_group_names` -: The cluster name of Redshift clusters. - -: **Field**: `cluster_subnet_group_name` - -`cluster_status` -: The current status of each cluster. - -: **Field**: `cluster_status` - -`cluster_availability_status` -: The current status of cluster. - -: **Field**: `cluster_availability_status` - -`modify_status` -: The current status of cluster. - -: **Field**: `modify_status` - -`availability_zones` -: A list of availability zones of the Redshift clusters returned. - -: **Field**: `availability_zones` - -`allow_version_upgrade` -: Returns `true` or `false` depending on whether version upgrade is allowed or not. - -: **Field**: `allow_version_upgrade` - -`encrypted` -: Returns `true` or `false` depending on whether Redshift clusters are encrypted or not. - -: **Field**: `encrypted` - -`cluster_subnet_group_names` -: Cluster subnet group name for Redshift clusters returned. - -: **Field**: `cluster_subnet_group_name` - -`iam_roles` -: The IAM roles that are used in the cluster. - -: **Field**: `iam_roles` - -`vpc_ids` -: The VPC ID of the Redshift clusters. - -: **Field**: `vpc_id` - -For a comprehensive list of properties available to test on an Redshift cluster see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Redshift/Client.html#describe_clusters-instance_method.html). - -## Examples - -**Ensure a specific cluster exists.** - -```ruby -describe aws_redshift_clusters do - its('cluster_identifier') { should include 'cluster-12345678' } -end -``` - -**Request the IDs of all Redshift clusters, then test in-depth using `aws_redshift_cluster` to ensure all clusters are encrypted.** - -```ruby -aws_redshift_clusters.cluster_identifier.each do |cluster_identifier| - describe aws_redshift_cluster(cluster_identifier) do - it { should have_encrypted } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test entity exists. - -```ruby -describe aws_redshift_clusters do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_redshift_clusters do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Redshift:Client:ClustersMessage" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_region.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_region.md deleted file mode 100644 index f1ad2f51f3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_region.md +++ /dev/null @@ -1,88 +0,0 @@ -+++ -title = "aws_region Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_region" -identifier = "inspec/resources/aws/aws_region Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_region` InSpec audit resource to test properties of a single AWS region. - -For additional information, including details on parameters and properties, see the [AWS documentation on Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_region` resource block identifies an AWS region by ID. If no region is provided, the current default is used. - -```ruby -describe aws_region('eu-west-2') do - it { should exist } -end -``` - -```ruby -describe aws_region(region_name: 'us-east-1') do - it { should exist } -end -``` - -## Parameters - -`region_name` _(optional)_ - -: This resource accepts a single parameter, the region_name. - This can be passed either as a string or as a `region_name: 'value'` key-value entry in a hash. - -## Properties - -`region_name` -: The Name of the region. - -`endpoint` -: The resolved endpoint of the region. - -## Examples - -**Test whether a region exists.** - -```ruby -describe aws_region('region-not-real') do - it { should_not exist } -end -``` - -**Test the Region Endpoint.** - -```ruby -describe aws_region(region_name: 'eu-west-2') do - its('endpoint') { should eq 'ec2.eu-west-2.amazonaws.com' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -it { should exist } -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeRegionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_regions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_regions.md deleted file mode 100644 index 2badf26b1c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_regions.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "aws_regions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_regions" -identifier = "inspec/resources/aws/aws_regions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_regions` InSpec audit resource to test properties of some or all AWS regions in bulk. - -Note that this resource lists all AWS regions that are currently available to the caller. - -For additional information, including details on parameters and properties, see the [AWS documentation on Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_regions` resource block uses an optional filter to select a group of regions and then tests that group. - -```ruby -describe aws_regions.where { region_name: 'us-not-there-1' } do - it { should_not exist } -end -``` - -## Parameters - -`name` _(required)_ - -: This resource does not expect any parameters. - -## Properties - -`region_names` -: The Names of the regions. - -`endpoints` -: The resolved endpoints of the regions. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Check for a Particular Region.** - -```ruby -describe aws_regions do - its('region_names') { should include 'eu-west-2' } -end -``` - - -**Check an endpoint exists.** - -```ruby -describe aws_regions do - its('endpoints') { should include 'ec2.eu-west-2.amazonaws.com' } -end -``` - -**Use the regions resource to check single regions in more detail.** - -```ruby -aws_regions.region_names.each do |aws_region_name| - describe aws_region(region_name: aws_region_name) do - it { should exist } - end -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -```ruby -it { should exist } -``` - - - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeRegionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53_record_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53_record_set.md deleted file mode 100644 index 5cc47e504b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53_record_set.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_route53_record_set Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53_record_set" -identifier = "inspec/resources/aws/aws_route53_record_set Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53_record_set` InSpec audit resource to test properties of a single specific AWS Route53 record set. - -The `AWS::Route53::RecordSet` resource specifies information about the record that you want to create. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53 Record Set](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a record exists. - -```ruby -describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do - it { should exist } -end -``` - -## Parameters - -`hosted_zone_id` _(required) - -: The ID of the hosted zone that contains the resource record sets that you want to list. - -`start_record_name` _(required)_ - -: The name of the record set. - -## Properties - -`name` -: The name of a record in the specified hosted zone. - -`type` -: The DNS record type. - -`set_identifier` -: In a group of resource record sets that have the same name and type, the value of SetIdentifier must be unique for each resource record set. - -`weight` -: The weight element for every weighted resource record set. - -`region` -: The Amazon EC2 Region of the record set. - -`geo_location (continent_code)` -: The two-letter code for the continent. Amazon Route 53 supports the following continent codes: `AF`: Africa, `AN`: Antarctica, `AS`: Asia, `EU`: Europe, `OC`: Oceania, `NA`: North America, `SA`: South America. - -`geo_location (country_code)` -: The [two-letter code for a country](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). - -`geo_location (subdivision_code)` -: The [two-letter code for a state](https://pe.usps.com/text/pub28/28apb.htm) of the United States. - -`failover` -: The failover configuration of resource record set. Valid values are `PRIMARY` and `SECONDARY`. - -`multi_value_answer` -: Whether the resource is a Multivalue answer resource record set. Valid values: `true` or `false`. - -`ttl` -: The resource record cache time to live (TTL), in seconds. - -`resource_records` -: Information about the resource records to act upon. - -`alias_target (hosted_zone_id)` -: Alias resource record sets only: The hosted zone ID of the resource. - -`alias_target (dns_name)` -: Alias resource record sets only: The applicable domain name for your API. - -`alias_target (evaluate_target_health)` -: Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets: When `EvaluateTargetHealth` is `true`, an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone. Valid values: `true` or `false`. - -`health_check_id` -: The ID of a health check. - -`traffic_policy_instance_id` -: The ID of the traffic policy instance. When you create a traffic policy instance, Amazon Route 53 automatically creates a resource record set. `TrafficPolicyInstanceId` is the ID of the traffic policy instance that Route 53 created this resource record set for. - -## Examples - -**Ensure a record is available.** - -```ruby -describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do - its('name') { should eq 'RECORD_SET_NAME' } -end -``` - -**Ensure that the failover is `PRIMARY`.** - -```ruby -describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do - its('failover') { should eq 'PRIMARY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the record name is available. - -```ruby -describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53:Client:ListResourceRecordSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53_record_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53_record_sets.md deleted file mode 100644 index 9e4087285e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53_record_sets.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_route53_record_sets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53_record_sets" -identifier = "inspec/resources/aws/aws_route53_record_sets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53_record_sets` InSpec audit resource to test properties of multiple AWS Route53 record sets. - -The `AWS::Route53::RecordSet` type can be used as a standalone resource or as an embedded property in the `AWS::Route53::RecordSetGroup` type. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53 Record Set](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a record exists. - -```ruby -describe aws_route53_record_sets(hosted_zone_id: 'HOSTED_ZONE_ID') do - it { should exist } -end -``` - -## Parameters - -`hosted_zone_id` _(required)_ - -: The ID of the hosted zone that contains the resource record sets that you want to get. - -## Properties - -`names` -: The name of a record in the specified hosted zone. - -: **Field**: `name` - -`types` -: The DNS record type. - -: **Field**: `type` - -`set_identifiers` -: In a group of resource record sets that have the same name and type, the value of SetIdentifier must be unique for each resource record set. - -: **Field**: `set_identifier` - -`weights` -: The weight element for every weighted resource record set. - -: **Field**: `weight` - -`regions` -: The Amazon EC2 Region of the record set. - -: **Field**: `region` - -`geo_locations` -: The geo location of the record set. - -: **Field**: `geo_location` - -`failovers` -: The failover configuration of resource record set. Valid values are `PRIMARY` and `SECONDARY`. - -: **Field**: `failover` - -`multi_value_answers` -: Whether a resource is a Multivalue answer resource record set. Valid values: `true` or `false`. - -: **Field**: `multi_value_answer` - -`ttls` -: The resource record cache time to live (TTL), in seconds. - -: **Field**: `ttl` - -`resource_records` -: Information about the resource records to act upon. - -: **Field**: `resource_record` - -`alias_targets` -: The alias target of the record set. - -: **Field**: `alias_target` - -`health_check_ids` -: The IDs of a health check. - -: **Field**: `health_check_id` - -`traffic_policy_instance_ids` -: The ID of the traffic policy instance. When you create a traffic policy instance, Amazon Route 53 automatically creates a resource record set. `TrafficPolicyInstanceId` is the ID of the traffic policy instance that Route 53 created this resource record set for. - -: **Field**: `traffic_policy_instance_id` - -## Examples - -**Ensure a record name is available.** - -```ruby -describe aws_route53_record_sets(hosted_zone_id: 'HOSTED_ZONE_ID') do - its('names') { should include 'RECORD_SET_NAME' } -end -``` - -**Ensure that the failover of a record set is configured to `PRIMARY`.** - -```ruby -describe aws_route53_record_sets(hosted_zone_id: 'HOSTED_ZONE_ID') do - its('failovers') { should include 'PRIMARY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53_record_sets(hosted_zone_id: 'HOSTED_ZONE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53_record_sets(hosted_zone_id: 'HOSTED_ZONE_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53:Client:ListResourceRecordSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_endpoint.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_endpoint.md deleted file mode 100644 index 594d238620..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_endpoint.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "aws_route53resolver_resolver_endpoint Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53resolver_resolver_endpoint" -identifier = "inspec/resources/aws/aws_route53resolver_resolver_endpoint Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53resolver_resolver_endpoint` InSpec audit resource to test properties of a single AWS Route53 Resolver endpoint. - -There are two types of Resolver endpoints, inbound and outbound. An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network. An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53Resolver Resolver Endpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverendpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an endpoint exists. - -```ruby -describe aws_route53resolver_resolver_endpoint(resolver_endpoint_id: 'ResourceId') do - it { should exist } -end -``` - -## Parameters - -`resolver_endpoint_id` _(required)_ - -: The ID of the Resolver endpoint. - -## Properties - -`id` -: The ID of the Resolver endpoint. - -`creator_request_id` -: A unique string that identifies the request that created the Resolver endpoint. The `CreatorRequestId` allows failed requests to be retried without the risk of running the operation twice. - -`arn` -: The ARN (Amazon Resource Name) for the Resolver endpoint. - -`name` -: The name that you assigned to the Resolver endpoint when you submitted a `CreateResolverEndpoint` request. - -`security_group_ids` -: The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network. - -`direction` -: Indicates whether the Resolver endpoint allows inbound or outbound DNS queries. Valid values: `INBOUND`, `OUTBOUND`. - -`ip_address_count` -: The number of IP addresses that the Resolver endpoint can use for DNS queries. - -`host_vpc_id` -: The ID of the VPC that you want to create the Resolver endpoint in. - -`status` -: A code that specifies the current status of the Resolver endpoint. Valid values are: `CREATING`, `OPERATIONAL`, `UPDATING`, `AUTO_RECOVERING`, `ACTION_NEEDED`, `DELETING`. - -`status_message` -: A detailed description of the status of the Resolver endpoint. - -`creation_time` -: The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC). - -`modification_time` -: The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC). - -## Examples - -**Ensure an endpoint name is available.** - -```ruby -describe aws_route53resolver_resolver_endpoint(resolver_endpoint_id: 'RESOLVER_ENDPOINT_ID') do - its('name') { should eq 'ENDPOINT_NAME' } -end -``` - -**Ensure that the endpoint status is `CREATING`.** - -```ruby -describe aws_route53resolver_resolver_endpoint(resolver_endpoint_id: 'RESOLVER_ENDPOINT_ID') do - its('status') { should eq 'CREATING' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53resolver_resolver_endpoint(resolver_endpoint_id: 'RESOLVER_ENDPOINT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53resolver_resolver_endpoint(resolver_endpoint_id: 'RESOLVER_ENDPOINT_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the endpoint name is available. - -```ruby -describe aws_route53resolver_resolver_endpoint(resolver_endpoint_id: 'RESOLVER_ENDPOINT_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53Resolver:Client:GetResolverEndpointResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_endpoints.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_endpoints.md deleted file mode 100644 index f7f14dbd18..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_endpoints.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_route53resolver_resolver_endpoints Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53resolver_resolver_endpoints" -identifier = "inspec/resources/aws/aws_route53resolver_resolver_endpoints Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53resolver_resolver_endpoints` InSpec audit resource to test properties of multiple AWS Route53 Resolver endpoints. - -There are two types of Resolver endpoints, inbound and outbound. An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network. An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53Resolver Resolver Endpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverendpoint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an endpoint exists. - -```ruby -describe aws_route53resolver_resolver_endpoints do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID of the Resolver endpoint. - -`creator_request_ids` -: A unique string that identifies the request that created the Resolver endpoint. The `CreatorRequestId` allows failed requests to be retried without the risk of running the operation twice. - -`arns` -: The ARN (Amazon Resource Name) for the Resolver endpoint. - -`names` -: The name that you assigned to the Resolver endpoint when you submitted a `CreateResolverEndpoint` request. - -`security_group_ids` -: The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network. - -`directions` -: Indicates whether the Resolver endpoint allows inbound or outbound DNS queries. Valid values: `INBOUND`, `OUTBOUND`. - -`ip_address_counts` -: The number of IP addresses that the Resolver endpoint can use for DNS queries. - -`host_vpc_ids` -: The ID of the VPC that you want to create the Resolver endpoint in. - -`statuses` -: A code that specifies the current status of the Resolver endpoint. Valid values are: `CREATING`, `OPERATIONAL`, `UPDATING`, `AUTO_RECOVERING`, `ACTION_NEEDED`, `DELETING`. - -`status_messages` -: A detailed description of the status of the Resolver endpoint. - -`creation_times` -: The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC). - -`modification_times` -: The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC). - -## Examples - -**Ensure an endpoint name is available.** - -```ruby -describe aws_route53resolver_resolver_endpoints do - its('names') { should include 'ENDPOINT_NAME' } -end -``` - -**Ensure that an endpoint has the `CREATING` status.** - -```ruby -describe aws_route53resolver_resolver_endpoints do - its('statuses') { should include 'CREATING' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53resolver_resolver_endpoints do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53resolver_resolver_endpoints do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the endpoint name is available. - -```ruby -describe aws_route53resolver_resolver_endpoints do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53Resolver:Client:ListResolverEndpointsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule.md deleted file mode 100644 index ffdefb8ee8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule.md +++ /dev/null @@ -1,140 +0,0 @@ -+++ -title = "aws_route53resolver_resolver_rule Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53resolver_resolver_rule" -identifier = "inspec/resources/aws/aws_route53resolver_resolver_rule Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53resolver_resolver_rule` InSpec audit resource to test properties of a single AWS Route53 Resolver rule. - -The AWS Route53 Resolver Rule resource specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53 Resolver rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a resolver rule exists. - -```ruby -describe aws_route53resolver_resolver_rule(resolver_rule_id: 'RULE_ID') do - it { should exist } -end -``` - -## Parameters - -`resolver_rule_id` _(required)_ - -: The ID of the Resolver rule. - -## Properties - -`id` -: The ID that Resolver assigned to the Resolver rule when you created it. - -`creator_request_id` -: A unique string that you specified when you created the Resolver rule. `CreatorRequestId` identifies the request and allows failed requests to be retried without the risk of running the operation twice. - -`arn` -: The ARN (Amazon Resource Name) for the Resolver rule specified by Id. - -`domain_name` -: DNS queries for this domain name are forwarded to the IP addresses that are specified in `TargetIps`. - -`status` -: A code that specifies the current status of the Resolver rule. - -`status_message` -: A detailed description of the status of a Resolver rule. - -`rule_type` -: When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. - -`name` -: The name for the Resolver rule, which you specified when you created the Resolver rule. - -`target_ips (ip)` -: One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses. - -`target_ips (port)` -: The port at the IP address that you want to forward DNS queries to. - -`resolver_endpoint_id` -: The ID of the endpoint that the rule is associated with. - -`owner_id` -: When a rule is shared with another AWS account, the account ID of the account that the rule is shared with. - -`share_status` -: Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account. - -`creation_time` -: The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC). - -`modification_time` -: The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC). - -## Examples - -**Ensure a Resolver rule name is available.** - -```ruby -describe aws_route53resolver_resolver_rule(resolver_rule_id: 'RULE_ID') do - its('name') { should eq 'ResolverRuleName' } -end -``` - -**Ensure that the status is `COMPLETE` or `FAILED`.** - -```ruby -describe aws_route53resolver_resolver_rule(resolver_rule_id: 'RULE_ID') do - its('status') { should eq 'COMPLETE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53resolver_resolver_rule(resolver_rule_id: 'RULE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53resolver_resolver_rule(resolver_rule_id: 'RULE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_route53resolver_resolver_rule(resolver_rule_id: 'RULE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53Resolver:Client:GetResolverRuleResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule_association.md deleted file mode 100644 index 63fb8e8961..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule_association.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_route53resolver_resolver_rule_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53resolver_resolver_rule_association" -identifier = "inspec/resources/aws/aws_route53resolver_resolver_rule_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53resolver_resolver_rule_association` InSpec audit resource to test properties of a single AWS Route53 Resolver rule association. - -The Resolver rule association determines which DNS queries that originate in the VPC are forwarded to your network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53Resolver Resolver Rule Association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverruleassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a resolver rule exists. - -```ruby -describe aws_route53resolver_resolver_rule_association(resolver_rule_association_id: 'RESOLVER_RULE_ASSOCIATION_ID') do - it { should exist } -end -``` - -## Parameters - -`resolver_rule_association_id` _(required)_ - -: The ID of the Resolver rule association that you want to get information about. - -## Properties - -`id` -: The ID of the association between a Resolver rule and a VPC. - -`resolver_rule_id` -: The ID of the Resolver rule that you associated with the VPC that is specified by VPCId. - -`name` -: The name of an association between a Resolver rule and a VPC. - -`vpc_id` -: The ID of the VPC that you associated the Resolver rule with. - -`status` -: A code that specifies the current status of the association between a Resolver rule and a VPC. - -`status_message` -: A detailed description of the status of the association between a Resolver rule and a VPC. - -## Examples - -**Ensure a resolver rule name is available.** - -```ruby -describe aws_route53resolver_resolver_rule_association(resolver_rule_association_id: 'RESOLVER_RULE_ASSOCIATION_ID') do - its('name') { should eq 'RESOLVER_RULE_NAME' } -end -``` - -**Ensure that the status is `COMPLETE` or `FAILED`.** - -```ruby -describe aws_route53resolver_resolver_rule_association(resolver_rule_association_id: 'RESOLVER_RULE_ASSOCIATION_ID') do - its('status') { should eq 'COMPLETE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53resolver_resolver_rule_association(resolver_rule_association_id: 'RESOLVER_RULE_ASSOCIATION_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53resolver_resolver_rule_association(resolver_rule_association_id: 'RESOLVER_RULE_ASSOCIATION_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_route53resolver_resolver_rule_association(resolver_rule_association_id: 'RESOLVER_RULE_ASSOCIATION_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53Resolver:Client:GetResolverRuleAssociationResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule_associations.md deleted file mode 100644 index 4e07e15438..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rule_associations.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "aws_route53resolver_resolver_rule_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53resolver_resolver_rule_associations" -identifier = "inspec/resources/aws/aws_route53resolver_resolver_rule_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53resolver_resolver_rule_associations` InSpec audit resource to test properties of multiple AWS Route53 Resolver rule associations. - -The Resolver rule association determines which DNS queries that originate in the VPC are forwarded to your network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53Resolver Resolver Rule Association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverruleassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a resolver name exists. - -```ruby -describe aws_route53resolver_resolver_rule_associations do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID of the association between a Resolver rule and a VPC. - -`resolver_rule_ids` -: The ID of the Resolver rule that you associated with the VPC that is specified by VPCId. - -`names` -: The name of an association between a Resolver rule and a VPC. - -`vpc_ids` -: The ID of the VPC that you associated the Resolver rule with. - -`statuses` -: A code that specifies the current status of the association between a Resolver rule and a VPC. - -`status_messages` -: A detailed description of the status of the association between a Resolver rule and a VPC. - -## Examples - -**Ensure a resolver name is available.** - -```ruby -describe aws_route53resolver_resolver_rule_associations do - its('names') { should include 'RESOLVER_RULE_NAME' } -end -``` - -**Ensure that the status is `COMPLETE` or `FAILED`.** - -```ruby -describe aws_route53resolver_resolver_rule_associations do - its('statuses') { should include 'COMPLETE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53resolver_resolver_rule_associations do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53resolver_resolver_rule_associations do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_athena_work_groups do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53Resolver:Client:ListResolverRuleAssociationsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rules.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rules.md deleted file mode 100644 index a5789fd691..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route53resolver_resolver_rules.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_route53resolver_resolver_rules Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route53resolver_resolver_rules" -identifier = "inspec/resources/aws/aws_route53resolver_resolver_rules Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route53resolver_resolver_rules` InSpec audit resource to test properties of multiple AWS Route53 Resolver rules. - -The AWS Route53 Resolver Rule resource specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Route53 Resolver Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a rule exists. - -```ruby -describe aws_route53resolver_resolver_rules do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The ID that Resolver assigned to the Resolver rule when you created it. - -`creator_request_ids` -: A unique string that you specified when you created the Resolver rule. `CreatorRequestId` identifies the request and allows failed requests to be retried without the risk of running the operation twice. - -`arns` -: The ARN (Amazon Resource Name) for the Resolver rule specified by ID. - -`domain_names` -: DNS queries for this domain name are forwarded to the IP addresses that are specified in `TargetIps`. - -`statuses` -: A code that specifies the current status of the Resolver rule. - -`status_messages` -: A detailed description of the status of a Resolver rule. - -`rule_types` -: When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. - -`names` -: The name for the Resolver rule, which you specified when you created the Resolver rule. - -`target_ips` -: An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. - -`resolver_endpoint_ids` -: The ID of the endpoint that the rule is associated with. - -`owner_ids` -: When a rule is shared with another AWS account, the account ID of the account that the rule is shared with. - -`share_statuses` -: Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account. - -`creation_times` -: The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC). - -`modification_times` -: The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC). - -## Examples - -**Ensure a rule name is available.** - -```ruby -describe aws_route53resolver_resolver_rules do - its('names') { should include 'RULE_NAME' } -end -``` - -**Ensure that the status is `COMPLETE` or `FAILED`.** - -```ruby -describe aws_route53resolver_resolver_rules do - its('statuses') { should include 'COMPLETE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_route53resolver_resolver_rules do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_route53resolver_resolver_rules do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the rule name is available. - -```ruby -describe aws_route53resolver_resolver_rules do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Route53Resolver:Client:ListResolverRulesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route_table.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route_table.md deleted file mode 100644 index 5ce0ee7b0a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route_table.md +++ /dev/null @@ -1,263 +0,0 @@ -+++ -title = "aws_route_table Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route_table" -identifier = "inspec/resources/aws/aws_route_table Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route_table` InSpec audit resource to test the properties of a single route or route table. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. - -For additional information, including details on parameters and properties, see the [AWS documentation on route tables](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route-table.html) and the [AWS documentation on routes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html#cfn-ec2-route-destinationcidrblock). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -This resource expects a single parameter that uniquely identifies the route table. You may pass it as a string, or as the value in a hash: - -```ruby -describe aws_route_table('ROUTE_TABLE_ID') do - it { should exist } -end -``` - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should exist } -end -``` - -## Parameters - -`route_table_id` _(required)_ - -: This resource accepts a single parameter, the `route_table_id`. - This can be passed either as a string or as a `route_table_id: 'value'` key-value entry in a hash. - -## Properties - -`route_table_id` -: The ID of the route table. - -`owner_id` -: The ID of the AWS account that owns the route table. - -`vpc_id` -: The ID of the VPC. - -`routes` -: The routes in the route table. - -`associations` -: The associations between the route table and one or more subnets. - -`propagating_vgws` -: Any virtual private gateway (VGW) propagating routes. - -`tags` -: Any tags assigned to the route table. - -`routes(carrier_gateway_id)` -: The ID of the carrier gateway. - -`routes(destination_cidr_block)` -: The IPv4 CIDR block used for the destination match. - -`routes(destination_ipv_6_cidr_block)` -: The IPv6 CIDR block used for the destination match. - -`routes(destination_prefix_list_id)` -: The prefix of the AWS service. - -`routes(egress_only_internet_gateway_id)` -: The ID of the egress-only internet gateway. - -`routes(gateway_id)` -: The ID of a gateway attached to your VPC. - -`routes(instance_id)` -: The ID of a NAT instance in your VPC. - -`routes(local_gateway_id)` -: The ID of the local gateway. - -`routes(nat_gateway_id)` -: The ID of a NAT gateway. - -`routes(network_interface_id)` -: The ID of the network interface. - -`routes(transit_gateway_id)` -: The ID of a transit gateway. - -`routes(vpc_peering_connection_id)` -: The ID of a VPC peering connection. - -`routes(instance_owner_id)` -: The owner ID of a NAT instance in your VPC. - -`routes(origin)` -: Describes how the route was created. - -`routes(state)` -: The state of the route. - -`associated_subnet_ids` -: List of associated subnet IDs. - -`associated_gateway_ids` -: List of associated gateway IDs. - -## Examples - -**Confirm that the route table has expected VPC identifier.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('vpc_id') { should eq 'VPC_ID' } -end -``` - -**Confirm that the route table has expected owner identifier.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('owner_id') { should eq 'OWNER_ID' } -end -``` - -**Ensure the expected number of routes is present.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('routes.count') { should eq 2 } -end -``` - -**Ensure the expected number of associations is present.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('associations.count') { should eq 1 } -end -``` - -**Ensure the subnet ID of interest is associated.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('associated_subnet_ids') { should include 'SUBNET_ID' } -end -``` - -**Ensure no gateways are associated.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('associated_gateway_ids') { should be_empty } -end -``` - -**Ensure there are no virtual private gateway (VGW) propagating routes.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('propagating_vgws') { should be_empty } -end -``` - -**Confirm that the route table has the expected destination IPv4 CIDR block of the route.** - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - its('routes.first.destination_cidr_block') { should eq 'IPV4_CIDR_BLOCK' } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_route_table('should-be-there') do - it { should exist } -end -``` - -```ruby -describe aws_route_table('should-not-be-there') do - it { should_not exist } -end -``` - -### main - -The control will pass if the route table is the main route table for the VPC. - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should be_main } -end -``` - -### have_subnet_associated - -The control will pass if the subnet is associated with the route table. - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should have_subnet_associated('SUBNET_ID') } -end -``` - - -### have_gateway_associated - -The control will pass if the specified gateway is associated with the route table. - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should have_gateway_associated('GATEWAY_ID') } -end -``` - -### have_failed_association_value - -The control will pass if the specified gateway, subnet, or association that is associated with the route table has a failed state. - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should have_failed_association_value(gateway_id: 'GATEWAY_ID') } -end -``` - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should have_failed_association_value(subnet_id: 'SUBNET_ID') } -end -``` - -```ruby -describe aws_route_table(route_table_id: 'ROUTE_TABLE_ID') do - it { should have_failed_association_value(route_table_association_id: 'ROUTE_TABLE_ASSOCIATION_ID') } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeRouteTablesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route_tables.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route_tables.md deleted file mode 100644 index f3897ae943..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_route_tables.md +++ /dev/null @@ -1,228 +0,0 @@ -+++ -title = "aws_route_tables Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_route_tables" -identifier = "inspec/resources/aws/aws_route_tables Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_route_tables` InSpec audit resource to test the properties of all route tables or a group of route tables, and all routes or a group of routes. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. - -For additional information, including details on parameters and properties, see the [AWS documentation on route tables](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route-table.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_route_tables do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`route_table_ids` -: The route table IDs. - -: **Field**: `route_table_id` - -`vpc_ids` -: The VPC IDs. - -: **Field**: `vpc_id` - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -: **Field**: Not Applicable - -`routes(carrier_gateway_ids)` -: The ID of the carrier gateway. - -: **Field**: `carrier_gateway_id` - -`routes(destination_cidr_blocks)` -: The IPv4 CIDR block used for the destination match. - -: **Field**: `destination_cidr_block` - -`routes(destination_ipv_6_cidr_blocks)` -: The IPv6 CIDR block used for the destination match. - -: **Field**: `destination_ipv_6_cidr_block` - -`routes(destination_prefix_list_ids)` -: The prefix of the AWS service. - -: **Field**: `destination_prefix_list_id` - -`routes(egress_only_internet_gateway_ids)` -: The ID of the egress-only internet gateway. - -: **Field**: `egress_only_internet_gateway_id` - -`routes(gateway_ids)` -: The ID of a gateway attached to your VPC. - -: **Field**: `gateway_id` - -`routes(instance_ids)` -: The ID of a NAT instance in your VPC. - -: **Field**: `instance_id` - -`routes(local_gateway_ids)` -: The ID of the local gateway. - -: **Field**: `instance_owner_id` - -`routes(nat_gateway_ids)` -: The ID of a NAT gateway. - -: **Field**: `nat_gateway_id` - -`routes(network_interface_ids)` -: The ID of the network interface. - -: **Field**: `network_interface_id` - -`routes(transit_gateway_ids)` -: The ID of a transit gateway. - -: **Field**: `transit_gateway_id` - -`routes(vpc_peering_connection_ids)` -: The ID of a VPC peering connection. - -: **Field**: `vpc_peering_connection_id` - -`routes(instance_owner_ids)` -: The owner ID of a NAT instance in your VPC. - -: **Field**: `instance_owner_id` - -`routes(origins)` -: Describes how the route was created. - -: **Field**: `origin` - -`routes(states)` -: The state of the route. - -: **Field**: `state` - -`route_table_association_ids` -: List of associated route table association IDs. - -: **Field**: `route_table_association_ids` - -`association_subnet_ids` -: List of all association states(`associated`, `failed`, `disassociated`) subnet IDs. - -: **Field**: `association_subnet_ids` - -`associated_subnet_ids` -: List of associated subnet IDs. - -: **Field**: `associated_subnet_ids` - -`association_gateway_ids` -: List of all association states(`associated`, `failed`, `disassociated`) gateway IDs. - -: **Field**: `association_gateway_ids` - -`associated_gateway_ids` -: List of associated gateway IDs. - -: **Field**: `associated_gateway_ids` - -`association_states` -: List of all association states(`associated`, `failed`, `disassociated`). - -: **Field**: `association_states` - -`main` -: flag to indicate the main route table. - -: **Field**: `main` - -## Examples - -**Confirm that a route table exists.** - -```ruby -describe aws_route_tables do - its('vpc_ids') { should include 'VPC_ID' } -end -``` - -**Confirm a route table exists.** - -```ruby -describe aws_route_tables do - its('route_table_ids') { should include 'ROUTE_TABLE_ID' } -end -``` - -**Confirm a destination_cidr_blocks is there in the routes.** - -```ruby -describe aws_route_tables do - its('destination_cidr_blocks') { should include "IPV4_CIDR_BLOCK" } -end -``` - -**Ensure subnet ID of interest is associated .** - -```ruby -describe aws_route_tables do - its('associated_subnet_ids') { should include 'SUBNET_ID' } -end -``` - -**Filter only main route tables.** - -```ruby -describe aws_route_tables.where(main: true) do - it { should exist } -end -``` - -**Filter all failed associations.** - -```ruby -describe aws_route_tables.where{ association_states.include?('associated') } do - it { should exist } -end -``` - -## Matchers - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test the entity should not exist. - -```ruby -describe aws_route_tables do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeRouteTablesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_access_point.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_access_point.md deleted file mode 100644 index 40c3f8ee4a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_access_point.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_s3_access_point Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_access_point" -identifier = "inspec/resources/aws/aws_s3_access_point Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_access_point` InSpec audit resource to test properties of a single specific S3 bucket resource. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS API Metric.](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the base path mapping exists. - -```ruby -describe aws_s3_access_point(bucket_name: 'BUCKET_NAME', metrics_id: 'METRICS_ID') do - it { should exist } -end -``` - -## Parameters - -`domain_name` _(required)_ - -: The name of the bucket containing the metrics configuration to retrieve. - -`metrics_id` _(required)_ - -: The ID used to identify the metrics configuration. - -## Properties - -`id` -: The ID used to identify the metrics configuration. - -: **Field**: `id` - -`filter.access_point_arn` -: The access point ARN used when evaluating a metrics filter. - -: **Field**: `filter.access_point_arn` - -`filter.and.access_point_arn` -: The access point ARN used when evaluating an AND predicate. - -: **Field**: `filter.and.access_point_arn` - -## Examples - -**Ensure that the id is available.** - -```ruby -describe aws_s3_access_point(bucket_name: 'BUCKET_NAME', metrics_id: 'METRICS_ID') do - its('id') { should eq 'METRICS_ID' } -end -``` - -**Ensure that access point arn is available.** - -```ruby -describe aws_s3_access_point(bucket_name: 'BUCKET_NAME', metrics_id: 'METRICS_ID') do - its('filter.access_point_arn') { should eq 'AccessPointArn' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_s3_access_point(bucket_name: 'BUCKET_NAME', metrics_id: 'METRICS_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_s3_access_point(bucket_name: 'dummy', metrics_id: 'dummy') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_s3_access_point(bucket_name: 'BUCKET_NAME', metrics_id: 'METRICS_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="S3:Client:GetBucketMetricsConfigurationOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_access_points.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_access_points.md deleted file mode 100644 index 2ae2e1ca88..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_access_points.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "aws_s3_access_points Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_access_points" -identifier = "inspec/resources/aws/aws_s3_access_points Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_access_points` InSpec audit resource to test properties of a Multiple specific S3 bucket points resource. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS S3 Access Points.](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the base path mapping exists. - -```ruby -describe aws_s3_access_points(bucket_name: 'BUCKET_NAME') do - it { should exist } -end -``` - -## Parameters - -`bucket_name` _(required)_ - -: The name of the bucket containing the metrics configuration to retrieve. - -## Properties - -`ids` -: The ID used to identify the metrics configuration. - -: **Field**: `id` - -`filter_access_point_arns` -: The access point ARN used when evaluating a metrics filter. - -: **Field**: `filter.access_point_arn` - -`filter_and_access_point_arns` -: The access point ARN used when evaluating an AND predicate. - -: **Field**: `filter.and.access_point_arn` - -## Examples - -**Ensure that an ID is available.** - -```ruby -describe aws_s3_access_points(bucket_name: 'BUCKET_NAME') do - its('ids') { should include 'AccessPointArn' } -end -``` - -**Ensure that stage name is available.** - -```ruby -describe aws_s3_access_points(bucket_name: 'BUCKET_NAME') do - its('filter_access_point_arns') { should include 'AccessPointArn' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_s3_access_points(bucket_name: 'BUCKET_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_s3_access_points(bucket_name: 'BUCKET_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_s3_access_points(bucket_name: 'BUCKET_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="S3:Client:listBucketMetricsConfigurationOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket.md deleted file mode 100644 index 0a2e28f94d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket.md +++ /dev/null @@ -1,201 +0,0 @@ -+++ -title = "aws_s3_bucket Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_bucket" -identifier = "inspec/resources/aws/aws_s3_bucket Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_bucket` InSpec audit resource to test properties of a single AWS bucket. - -For additional information, including details on parameters and properties, see the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_s3_bucket` resource block declares a bucket by name, and then lists tests to be performed. - -```ruby -describe aws_s3_bucket(bucket_name: 'test_bucket') do - it { should exist } - it { should_not be_public } -end -``` - -```ruby -describe aws_s3_bucket('test_bucket') do - it { should exist } -end -``` - -## Parameters - -`bucket_name` _(required)_ - -: This resource accepts a single parameter, the S3 Bucket Name which uniquely identifies the bucket. - This can be passed either as a string or as a `bucket_name: 'value'` key-value entry in a hash. - -## Properties - -`region` -: The region of the bucket. Region is overridden based on the location returned from S3. - -`bucket_acl` -: An array of AWS Grants detailing permission grants on the bucket. - -`bucket_policy` -: The IAM policy document controlling access to the bucket. - -`bucket_lifecycle_rules` -: The lifecycle policy rules that define actions S3 will take for all objects (or a subset of objects) in their lifetime. - -`tags` -: An hash with each key-value pair corresponding to a tag associated with the entity. - -## Examples - - -**Test the bucket-level ACL.** - -```ruby -describe aws_s3_bucket('test_bucket') do - its('bucket_acl.count') { should eq 1 } -end -``` - -**Check if a bucket has a bucket policy.** - -```ruby -describe aws_s3_bucket('test_bucket') do - its('bucket_policy') { should be_empty } -end -``` - -**Check if a bucket appears to be exposed to the public.** - -```ruby -describe aws_s3_bucket('test_bucket') do - it { should_not be_public } -end -``` - -**Check if the correct region is set.** - -```ruby -describe aws_s3_bucket('test_bucket') do - its('region') { should eq 'us-east-1' } -end -``` - -**Check bucket's ACL for correct grants.** - -```ruby -bucket_acl = aws_s3_bucket('my-bucket').bucket_acl -``` - -**Look for grants to "AllUsers" (that is, the public).** - -```ruby -all_users_grants = bucket_acl.select do |g| - g.grantee.type == 'Group' && g.grantee.uri =~ /AllUsers/ -end -``` - -**Look for grants to "AuthenticatedUsers" (that is, any authenticated AWS user - nearly public).** - -```ruby -auth_grants = bucket_acl.select do |g| - g.grantee.type == 'Group' && g.grantee.uri =~ /AuthenticatedUsers/ -end -``` - -**Test all buckets .** - -```ruby -aws_s3_buckets.bucket_names.each do |bucket_name| - describe aws_s3_bucket(bucket_name) do - it { should have_default_encryption_enabled } - end - end -``` - -**Test buckets in a specific region .** - -```ruby -aws_s3_buckets.bucket_names.each do |bucket_name| - if aws_s3_bucket(bucket_name: bucket_name).region == region - describe aws_s3_bucket(bucket_name) do - it { should have_default_encryption_enabled } - end - end - end -``` - -**Check if a bucket has a bucket policy that requires requests to use HTTPS.** - -```ruby -describe aws_s3_bucket('test_bucket') do - it { should have_secure_transport_enabled } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -#### be_public - -The `be_public` matcher tests if the bucket has potentially insecure access controls. This high-level matcher detects several insecure conditions, which may be enhanced in the future. Currently, the matcher reports an insecure bucket if any of the following conditions are met: - - 1. A bucket ACL grant exists for the 'AllUsers' group - 2. A bucket ACL grant exists for the 'AuthenticatedUsers' group - 3. A bucket policy has an effect 'Allow' and principal '*' - -Note: This resource does not detect insecure object ACLs. - -```ruby -it { should_not be_public } -``` - -#### have_access_logging_enabled - -The `have_access_logging_enabled` matcher tests if access logging is enabled for the s3 bucket. - -```ruby -it { should have_access_logging_enabled } -``` - -#### have_default_encryption_enabled - -The `have_default_encryption_enabled` matcher tests if default encryption is enabled for the s3 bucket. - -```ruby -it { should have_default_encryption_enabled } -``` - -#### have_versioning_enabled - -The `have_versioning_enabled` matcher tests if versioning is enabled for the s3 bucket. - - it { should have_versioning_enabled } - -#### have_secure_transport_enabled - -The `have_secure_transport_enabled` matcher tests if a bucket policy that explicitly denies requests via HTTP is enabled for the s3 bucket. - - it { should have_secure_transport_enabled } - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3:Client:GetBucketAclOutput`, `S3:Client:GetBucketLocationOutput`, `S3:Client:GetBucketLoggingOutput`, `S3:Client:GetBucketPolicyOutput`, and `S3:Client:GetBucketEncryptionOutput` actions set to allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_object.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_object.md deleted file mode 100644 index 421fa62e7f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_object.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "aws_s3_bucket_object Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_bucket_object" -identifier = "inspec/resources/aws/aws_s3_bucket_object Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_bucket_object` InSpec audit resource to test properties of a single AWS bucket object. - -Each S3 Object has a 'key' which can be thought of as the name of the S3 Object which uniquely identifies it. - -For additional information, including details on parameters and properties, see the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_s3_bucket_object` resource block declares a bucket and an object key by name, and then lists tests to be performed. - -```ruby -describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_object_key') do - it { should exist } - it { should_not be_public } -end -``` - -## Parameters - -`bucket_name` _(required)_ - -: The S3 Bucket Name which uniquely identifies the bucket. - This must be passed as a `bucket_name: 'value'` key-value entry in a hash. - -`key` _(required)_ - -: The S3 Bucket Key which uniquely identifies the bucket object. - This must be passed as a `key: 'value'` key-value entry in a hash. - -## Properties - -`bucket_name` -: The name of the bucket. - -`key` -: The key within the bucket. - -`content_length` -: Size of the body in bytes. - -`content_type` -: A standard MIME type describing the format of the object data. - -`object_acl` -: An array of AWS Grants detailing permission grants on the bucket object. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). - -## Examples - -**Test an object's object-level ACL.** - -```ruby -describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do - its('object_acl.count') { should eq 1 } -end -``` - -**Test an object's size in bytes is less than `100000`.** - -```ruby -describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do - its('content_length') { should be < 1_000_000 } -end -``` - -**Test an object's type is "image/jpeg".** - -```ruby -describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do - its('content_type') { should eq "image/jpeg" } -end -``` - -**Check to see if a object appears to be exposed to the public.** - -```ruby -describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do - it { should_not be_public } -end -``` - - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). - -### be_public - -The `be_public` matcher tests if the object has potentially insecure access controls. This high-level matcher detects several insecure conditions, which may be enhanced in the future. Currently, the matcher reports an insecure object if any of the following conditions are met: - - 1. A object ACL grant exists for the 'AllUsers' group - 2. A object ACL grant exists for the 'AuthenticatedUsers' group - -Note: This resource does not detect insecure bucket ACLs. - -```ruby -it { should_not be_public } -``` - -## AWS Permissions - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3:Client:GetObjectOutput`, and `S3:Client:GetObjectAclOutput` actions set to allow. - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_objects.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_objects.md deleted file mode 100644 index 0906db985b..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_objects.md +++ /dev/null @@ -1,191 +0,0 @@ -+++ -title = "aws_s3_bucket_objects Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_bucket_objects" -identifier = "inspec/resources/aws/aws_s3_bucket_objects Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_bucket_objects` InSpec audit resource to test properties of multiple AWS S3 bucket objects. - -Amazon S3 is an object store that uses unique key-values to store as many objects as you want. - -`bucket_name` _(required)_ - -The bucket name. - -For additional information, including details on parameters and properties, see the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a bucket exists. - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - it { should exist } -end -``` - -## Parameters - -`bucket_name` _(required)_ - -: The bucket name. - -## Properties - -`contents` -: A list of the metadata about each object returned. - -: **Field**: `contents` - -`contents_keys` -: A list of the object names. - -: **Field**: `contents (key)` - -`contents_last_modified` -: A list of creation date of the objects. - -: **Field**: `contents (last_modified)` - -`contents_sizes` -: A list of the sizes of the objects in bytes. - -: **Field**: `contents (size)` - -`contents_etags` -: A list of the entity tags which are a hash of the objects. - -: **Field**: `contents (etag)` - -`contents_storage_classes` -: A list of the classes of storage used to store the objects. - -: **Field**: `contents (storage_class)` - -`contents_owners` -: A list of the owners of the objects. - -: **Field**: `contents (owners)` - -`names` -: The bucket name. - -: **Field**: `name` - -`prefixes` -: A list of keys that begin with the indicated prefix. - -: **Field**: `prefix` - -`delimiters` -: A list of delimiters, which are a character used to group keys. - -: **Field**: `delimiter` - -`max_keys` -: The maximum number of keys returned in the response. By default the action returns up to 1,000 key names. - -: **Field**: `max_keys` - -`common_prefixes` -: A list of containers for the specified common prefix. - -: **Field**: `common_prefixes (prefix)` - -`encoding_types` -: A list of the encoding types used by Amazon S3 to encode object key names in the XML response. - -: **Field**: `encoding_type` - -`key_counts` -: The number of keys returned with this request. - -: **Field**: `key_count` - -## Examples - -**Ensure whether the bucket is truncated.** - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - its ('is_truncated') { should include true } -end -``` - -**Verify the bucket name.** - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - its ('names') { should include "BUCKET_NAME" } -end -``` - -**Ensure an object name exists.** - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - its('contents_keys') { should include 'OBJECT_NAME' } -end -``` - -**Ensure an object has a last modified date.** - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - its('contents_last_modified') { should include Time.parse("2021-05-05 06:22:04.000000000 +0000") } -end -``` - -**Ensure a storage class of an object exists.** - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - its('contents_storage_classes') { should include "STANDARD") } -end -``` - -**Verify the key counts of a bucket.** - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - its('key_counts') { should include 2 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_s3_bucket_objects(bucket_name: 'BUCKET_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="S3:Client:ListObjectsV2Output" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_policy.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_policy.md deleted file mode 100644 index a7c0d52206..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_bucket_policy.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_s3_bucket_policy Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_bucket_policy" -identifier = "inspec/resources/aws/aws_s3_bucket_policy Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_bucket_policy` Chef InSpec audit resource to test properties of a single AWS S3 bucket policy. - -The `AWS::S3::BucketPolicy` resource type applies an Amazon S3 bucket policy to an Amazon S3 bucket. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::S3::BucketPolicy` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an S3 bucket policy exists. - -```ruby -describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do - it { should exist } -end -``` - -## Parameters - -`bucket` _(required)_ - -: The name of the Amazon S3 bucket to which the policy applies. - -## Properties - -`Effect` -: The effect of the policy. - -`Sid` -: The policy statement ID of the S3 bucket. - -`Condition` -: The policy condition key of the S3 bucket. - -`Action` -: The policy action of the S3 bucket. - -`Resource` -: The policy resource type of the S3 bucket. - -`Principal` -: The policy principal of the S3 bucket. - -## Examples - -**Ensure a policy is available.** - -```ruby -describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do - its('Sid') { should eq 'SID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="S3:Client:GetBucketPolicyOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_buckets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_buckets.md deleted file mode 100644 index a78b0dbf1d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_s3_buckets.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "aws_s3_buckets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_s3_buckets" -identifier = "inspec/resources/aws/aws_s3_buckets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_s3_buckets` InSpec audit resource to list all buckets in a single account. - -For additional information, including details on parameters and properties, see the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_s3_buckets` resource block takes no arguments - -```ruby -describe aws_s3_buckets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`bucket_names` -: An Array of bucket names. - -`tags` -: An hash with each key-value pair corresponding to a tag associated with the entity. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -**Examine what buckets have been created.** - -```ruby -describe aws_s3_buckets do - its('bucket_names') { should eq ['my_bucket'] } -**OR.** - - its('bucket_names') { should include 'my_bucket' } -end -``` - -**Check the tags on buckets .** - -```ruby -describe aws_s3_buckets.where( bucket_names: 'my-bucket' ) do - its('tags') { should include(:Environment => 'env-name', - :Name => 'bucket-name')} -end -``` - -## Matchers - -### exist - -The control will pass if the resource contains at least one bucket. - - # Test if there are any buckets -```ruby -describe aws_s3_buckets - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="S3:Client:ListBucketsOutput" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sdb_domains.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sdb_domains.md deleted file mode 100644 index 4457095311..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sdb_domains.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "aws_sdb_domains Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sdb_domains" -identifier = "inspec/resources/aws/aws_sdb_domains Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sdb_domains` InSpec audit resource to test multiple SimpleDB domain names. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a domain exists. - -```ruby -describe aws_sdb_domains do - it { should exist } -end -``` - -For additional information, see the [AWS documentation on AWS SDB Domains.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-simpledb.html). - - -## Parameters - -This resource does not require any parameters. - -## Properties - -`domain_names` -: A list of domain names that match the expression. - -: **Field**: `domain_names` - -## Examples - -**Ensure a domain name is available.** - -```ruby -describe aws_sdb_domains do - its('domain_names') { should include 'DOMAIN_NAME')' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_sdb_domains do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_sdb_domains do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SimpleDB:Client:ListDomainsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_secretsmanager_secret.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_secretsmanager_secret.md deleted file mode 100644 index ce9090f5e8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_secretsmanager_secret.md +++ /dev/null @@ -1,141 +0,0 @@ -+++ -title = "aws_secretsmanager_secret Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_secretsmanager_secret" -identifier = "inspec/resources/aws/aws_secretsmanager_secret Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_secretsmanager_secret` InSpec audit resource to test properties of a single AWS Secret Manager secret. - -The `AWS::SecretsManager::Secret` resource creates a secret and stores it in Secrets Manager. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Secret Manager Secret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a secret ID exists. - -```ruby -describe aws_secretsmanager_secret(secret_id: 'SECRET_ID') do - it { should exist } -end -``` - -## Parameters - -`secret_id` _(required)_ - -## Properties - -`arn` -: The Amazon Resource Name (ARN) of the secret. - -`name` -: The friendly name of the secret. - -`description` -: The user-provided description of the secret. - -`kms_key_id` -: The ARN or alias of the AWS KMS customer master key (CMK) used to encrypt the `SecretString` and `SecretBinary` fields in each version of the secret. - -`rotation_enabled` -: Indicates whether automatic, scheduled rotation is enabled for this secret. - -`rotation_lambda_arn` -: The ARN of an AWS Lambda function invoked by Secrets Manager to rotate and expire the secret either automatically per the schedule or manually by a call to `RotateSecret`. - -`rotation_rules (automatically_after_days)` -: Specifies the number of days between automatic scheduled rotations of the secret. - -`last_rotated_date` -: The most recent date and time that the Secrets Manager rotation process was successfully completed. This value is `null` if the secret hasn't ever rotated. - -`last_changed_date` -: The last date and time that this secret was modified in any way. - -`last_accessed_date` -: The last date that this secret was accessed. This value is truncated to midnight of the date and therefore shows only the date, not the time. - -`deleted_date` -: The date and time the deletion of the secret occurred. Not present on active secrets. The secret can be recovered until the number of days in the recovery window has passed, as specified in the `RecoveryWindowInDays` parameter of the `DeleteSecret` operation. - -`tags` -: The list of user-defined tags associated with the secret. - -`secret_versions_to_stages` -: A list of all of the currently assigned `SecretVersionStage` staging labels and the `SecretVersionId` attached to each one. Staging labels are used to keep track of the different versions during the rotation process. - -`owning_service` -: Returns the name of the service that created the secret. - -`created_date` -: The date and time when a secret was created. - -`primary_region` -: The region where Secrets Manager originated the secret. - -## Examples - -**Ensure the ARN is available.** - -```ruby -describe aws_secretsmanager_secret(secret_id: 'SECRET_ID') do - its('arn') { should eq 'arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3' } -end -``` - -**Ensure the name is available.** - -```ruby -describe aws_secretsmanager_secret(secret_id: 'SECRET_ID') do - its('name') { should eq 'MyTestDatabaseSecret' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_secretsmanager_secret(secret_id: 'SECRET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_secretsmanager_secret(secret_id: 'SECRET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the secret ID is available. - -```ruby -describe aws_secretsmanager_secret(secret_id: 'SECRET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SecretsManager:Client:DescribeSecretResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_secretsmanager_secrets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_secretsmanager_secrets.md deleted file mode 100644 index f4f078a8d0..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_secretsmanager_secrets.md +++ /dev/null @@ -1,141 +0,0 @@ -+++ -title = "aws_secretsmanager_secrets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_secretsmanager_secrets" -identifier = "inspec/resources/aws/aws_secretsmanager_secrets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_secretsmanager_secrets` InSpec audit resource to test properties of multiple AWS Secret Manager secrets. - -The `AWS::SecretsManager::Secret` resource creates a secret and stores it in Secrets Manager. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Secret Manager Secret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a secret exists. - -```ruby -describe aws_secretsmanager_secrets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arns` -: The Amazon Resource Name (ARN) of the secret. - -`names` -: The friendly name of the secret. - -`descriptions` -: The user-provided description of the secret. - -`kms_key_ids` -: The ARN or alias of the AWS KMS customer master key (CMK) used to encrypt the `SecretString` and `SecretBinary` fields in each version of the secret. - -`rotation_enabled` -: Indicates whether automatic, scheduled rotation is enabled for this secret. - -`rotation_lambda_arns` -: The ARN of an AWS Lambda function invoked by Secrets Manager to rotate and expire the secret either automatically per the schedule or manually by a call to `RotateSecret`. - -`rotation_rules` -: A structure that defines the rotation configuration for the secret. - -`last_rotated_dates` -: The most recent date and time that the Secrets Manager rotation process was successfully completed. This value is `null` if the secret hasn't ever rotated. - -`last_changed_dates` -: The last date and time that this secret was modified in any way. - -`last_accessed_dates` -: The last date that this secret was accessed. This value is truncated to midnight of the date and therefore shows only the date, not the time. - -`deleted_dates` -: The date and time the deletion of the secret occurred. Not present on active secrets. The secret can be recovered until the number of days in the recovery window has passed, as specified in the `RecoveryWindowInDays` parameter of the `DeleteSecret` operation. - -`tags` -: The list of user-defined tags associated with the secret. - -`secret_versions_to_stages` -: A list of all of the currently assigned `SecretVersionStage` staging labels and the `SecretVersionId` attached to each one. Staging labels are used to keep track of the different versions during the rotation process. - -`owning_services` -: Returns the name of the service that created the secret. - -`created_dates` -: The date and time when a secret was created. - -`primary_regions` -: The region where Secrets Manager originated the secret. - -## Examples - -**Ensure an ARN is available.** - -```ruby -describe aws_secretsmanager_secrets do - its('arns') { should include 'SECRETS_MANAGER_SECRET_ARN' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_secretsmanager_secrets do - its('names') { should include 'SECRET_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_secretsmanager_secrets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_secretsmanager_secrets do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the secret is available. - -```ruby -describe aws_secretsmanager_secrets do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SecretsManager:Client:ListSecretsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_security_group.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_security_group.md deleted file mode 100644 index a56a7d3a43..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_security_group.md +++ /dev/null @@ -1,332 +0,0 @@ -+++ -title = "aws_security_group Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_security_group" -identifier = "inspec/resources/aws/aws_security_group Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG). - -SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security. - -### Limitations - -While this resource provides facilities for searching inbound and outbound rules on a variety of criteria, there is currently no support for performing matches based on: - - * References to VPC peers or other AWS services (that is, no support for searches based on 'prefix lists'). - -This resource requires one of the following parameters: -- `group_id` -- `group_name` -- `vpc_id` -- `resource_data` - -##### group_id _(required if no other parameter provided)_ - -The Security Group ID which uniquely identifies the SG. -This can be passed either as a string or as a `group_id: 'value'` key-value entry in a hash. - -##### group_name _(required if no other parameter provided)_ - -The Security Group name. -This can be passed either as a string or as a `group_name: 'value'` key-value entry in a hash. - -##### vpc_id _(required if no other parameter provided)_ - -The ID of the VPC associated with the SG. -This can be passed either as a string or as a `vpc_id: 'value'` key-value entry in a hash. - -### resource_data _(required if no other parameter provided)_ - -The cached resource data object of a security group. -This must be passed as a key-value entry in a hash. For example, `resource_data: AWS_SECURITY_GROUP_OBJECT` . - -For additional information, including details on parameters and properties, see the [AWS documentation on Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_security_group('sg-12345678') do - it { should exist } -end -``` - - # May also use hash syntax -```ruby -describe aws_security_group(group_id: 'sg-12345678') do - it { should exist } -end -``` - - # Ensure you have a Security Group with a specific name. Names are - # unique within a VPC but not across VPCs. - # Using only Group returns an error if multiple SGs match. -```ruby -describe aws_security_group(group_name: 'my-group') do - it { should exist } -end -``` - - # Add vpc_id to ensure uniqueness. -```ruby -describe aws_security_group(group_name: 'my-group', vpc_id: 'vpc-12345678') do - it { should exist } -end -``` - - # Using only resource data for a cached AWS security group. -```ruby -describe aws_security_group(resource_data: 'AWS_SECURITY_GROUP_OBJECT') do - it { should exist } -end -``` - -## Parameters - -This resource requires one of the following parameters: -- `group_id` -- `group_name` -- `vpc_id` -- `resource_data` - -`group_id` _(required if no other parameter provided)_ - -: The Security Group ID which uniquely identifies the SG. - This can be passed either as a string or as a `group_id: 'value'` key-value entry in a hash. - -`group_name` _(required if no other parameter provided)_ - -: The Security Group name. - This can be passed either as a string or as a `group_name: 'value'` key-value entry in a hash. - -`vpc_id` _(required if no other parameter provided)_ - -: The ID of the VPC associated with the SG. - This can be passed either as a string or as a `vpc_id: 'value'` key-value entry in a hash. - -`resource_data` _(required if no other parameter provided)_ - -: The cached resource data object of a security group. - This must be passed as a key-value entry in a hash. For example, `resource_data: AWS_SECURITY_GROUP_OBJECT` . - -## Properties - -`description` -: A String reflecting the human-meaningful description that was given to the SG at creation time. - -`group_id` -: Provides the Security Group ID. - -`group_name` -: A String reflecting the name that was given to the SG at creation time. - -`inbound_rules` -: A list of the rules that the Security Group applies to incoming network traffic. - -`inbound_rules_count` -: A Number totalling the number of individual rules defined - It is a sum of the combinations of port, protocol, IPv4 rules, IPv6 rules and security group rules. - -`outbound_rules` -: A list of the rules that the Security Group applies to outgoing network traffic initiated by the AWS resource in the Security Group. - -`outbound_rules_count` -: A Number totalling the number of individual rules defined - It is a sum of the combinations of port, protocol, IPv4 rules, IPv6 rules and security group rules. - -`vpc_id` -: A String in the format `vpc-` followed by 8 hexadecimal characters reflecting VPC that contains the Security Group. - -`tags` -: The tags of the security group. - -## Examples - -**Test outbound rules.** - -```ruby -describe aws_security_group(group_name: isolated_servers) do - its('outbound_rules.last') { should_not include(ip_ranges:['0.0.0.0/0']) } -end -``` - -**Test a rule that allows All Traffic.** - -```ruby -describe aws_security_group(group_name: my_group) do - it { should allow_in(ipv4_range: ["10.1.2.0/24", "10.3.2.0/24"], protocol: 'all') } -end -``` - -**Ensure a SG only allows SSH from a specific range.** - -```ruby -describe aws_security_group(group_name: linux_servers) do - it { should allow_in(port: 22, ipv4_range: '10.5.0.0/16') } - it { should_not allow_in(port: 22, ipv4_range: '0.0.0.0/0') } -end -``` - -**Ensure that the careful_updates Security Group may only initiate contact with specific IPs.** - -```ruby -describe aws_security_group(group_name: 'careful_updates') do -``` - -```ruby -**If you have two rules, with one CIDR each:.** - -[ '10.7.23.12/32', '10.8.23.12/32' ].each do |allowed_destination| -**This doesn't care about which ports are enabled.** - - it { should allow_out(ipv4_range: allowed_destination) } -end -``` - -```ruby -**If you have one rule with two CIDRs:.** - -it { should allow_out(ipv4_range: [ '10.7.23.12/32', '10.8.23.12/32' ]) } -``` - -```ruby -**Expect exactly three rules.** - -its('outbound_rules.count') { should cmp 3 } - end -``` - -**Ensure that the canary_deployments Security Group only allows access from one specific security group id on port 443.** - -```ruby -describe aws_security_group(group_name: 'canary_deployments') do - it { should allow_in_only(port: 443, security_group: "sg-33334444") } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of additional available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - - -#### allow_in - -#### allow_out - -#### allow_in_only - -#### allow_out_only - -The `allow` series of matchers enable you to perform queries about what network traffic would be permitted through the Security Group rule set. - -`allow_in` and `allow_in_exactly` examine inbound rules, and `allow_out` and `allow_out_exactly` examine outbound rules. - -`allow_in` and `allow_out` examine if at least one rule that matches the criteria exists. `allow_in` and `allow_out` also perform inexact (ie, range-based or subset-based) matching on ports and IP addresses ranges, allowing you to specify a candidate port or IP address and determine if it is covered by a rule. - -`allow_in_only` and `allow_out_only` examines if exactly one rule exists (but see `position`, below), and if it matches the criteria (this is useful for ensuring no unexpected rules have been added). Additionally, `allow_in_only` and `allow_out_only` do _not_ perform inexact matching; you must specify exactly the port range or IP address(es) you wish to match. - -### Matchers search criteria - -The matchers accept a key-value list of search criteria. For a rule to match, it must match all provided criteria. - - * `from_port` - Determines if a rule exists whose port range begins at the specified number. The word `from_` does *not* relate to inbound/outbound directionality; it relates to the port range ("counting _from_"). `from_port` is an exact criterion; so if the rule allows 1000-2000 and you specify a `from_port` of 1001, it does not match. - * `ipv4_range` - Specifies an IPv4 address or subnet as a CIDR, or a list of them, to be checked as a permissible origin (for `allow_in`) or destination (for `allow_out`) for traffic. Each AWS Security Group rule may have multiple allowed source IP ranges. - * ipv6_range - Specifies an IPv6 address or subnet as a CIDR, or a list of them, to be checked as a permissible origin (for `allow_in`) or destination (for `allow_out`) for traffic. Each AWS Security Group rule may have multiple allowed source IP ranges. - * `port` - Determines if a particular TCP/IP port is reachable. `allow_in` and `allow_out` examine whether the specified port is included in the port range of a rule, while `allow_in`. You may specify the port as a string (`'22'`) or as a number. - * `position` - A one-based index into the list of rules. If provided, this restricts the evaluation to the rule at that position. You may also use the special values `:first` and `:last`. `position` may also be used to enable `allow_in_only` and `allow_out_only` to work with multi-rule Security Groups. - * `protocol` - Specifies the IP protocol. `tcp`, `udp`, and `icmp` are some typical values. The string `"-1"` or `any` is used to indicate any protocol. - * `to_port` - Determines if a rule exists whose port range ends at the specified number. The word `to_` does *not* relate to inbound/outbound directionality; it relates to the port range ("counting _to_"). `to_port` is an exact criterion; so if the rule allows 1000-2000 and you specify a `to_port` of 1999, it does not match. - * `security_group` - Specifies a security-group id, to be checked as permissible origin (for `allow_in`) or destination (for `allow_out`) for traffic. Each AWS Security Group rule may have multiple allowed source or destination security groups. - -```ruby -describe aws_security_group(group_name: 'mixed-functionality-group') do - # Allow RDP from defined range - it { should allow_in(port: 3389, ipv4_range: '10.5.0.0/16') } - it { should allow_in(port: 3389, ipv6_range: '2001:db8::/122') } -``` - -```ruby -# Allow SSH from two ranges -it { should allow_in(port: 22, ipv4_range: ['10.5.0.0/16', '10.2.3.0/24']) } -``` - -```ruby -# Check Bacula port range -it { should allow_in(from_port: 9101, to_port: 9103, ipv4_range: '10.6.7.0/24') } -``` - -```ruby -# Assuming the AWS SG allows 9001-9003, use inexact matching to check 9002 -it { should allow_in(port: 9002) } -``` - -```ruby -# Assuming the AWS SG allows 10.2.1.0/24, use inexact matching to check 10.2.1.33/32 -it { should allow_in(ipv4_range: '10.2.1.33/32') } -``` - -```ruby -# Ensure the 3rd outbound rule is TCP-based -it { should allow_in(protocol: 'tcp', position: 3') } -``` - -```ruby -# Do not allow unrestricted IPv4 access. -it { should_not allow_in(ipv4_range: '0.0.0.0/0') } -``` - -```ruby -# Allow unrestricted access from security-group. -it { should allow_in(security_group: 'sg-11112222') } - end -``` - -```ruby -# Suppose you have a Group that should allow SSH and RDP from -# the admin network, 10.5.0.0/16. The resource has 2 rules to -# allow this, and you want to ensure no others have been added. -describe aws_security_group(group_name: 'admin-group') do - # Allow RDP from a defined range and nothing else - # The SG must have this rule in position 1 and it must match this exactly - it { should allow_in_only(port: 3389, ipv4_range: '10.5.0.0/16', position: 1) } -``` - -```ruby -# Specify position 2 for the SSH rule. Without `position`, -# allow_in_only only allows one rule, total. -it { should allow_in_only(port: 22, ipv4_range: '10.5.0.0/16', position: 2) } -``` - -```ruby -# Because this is an _only matcher, this fails - _only matchers -# use exact IP matching. -it { should allow_in_only(port: 3389, ipv4_range: '10.5.1.34/32', position: 1) } - end -``` - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeSecurityGroupsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_security_groups.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_security_groups.md deleted file mode 100644 index 55b5971ad1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_security_groups.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "aws_security_groups Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_security_groups" -identifier = "inspec/resources/aws/aws_security_groups Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups. - -Security groups are a networking construct that contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security. - -For additional information, including details on parameters and properties, see the [AWS documentation on Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group. - -```ruby -describe aws_security_groups do - its('entries.count') { should be > 1 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`group_ids` -: The name of the auto scaling launch configuration associated with the auto scaling group. - -`group_names` -: An integer indicating the maximum number of instances in the auto scaling group. - -`vpc_ids` -: An integer indicating the desired number of instances in the auto scaling group. - -`ip_permissions` -: A list of the rules that the Security Group applies to incoming network traffic. - -`ip_permissions_egress` -: A list of the rules that the Security Group applies to outgoing network traffic initiated by the AWS resource in the Security Group. - -`descriptions` -: Description for the rule, which can help to identify it later. A description can be up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*. - -`tags` -: An integer indicating the minimum number of instances in the auto scaling group. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Look for a particular security group in just one VPC.** - -```ruby -describe aws_security_groups.where( vpc_id: 'vpc-12345678') do - its('group_ids') { should include('sg-abcdef12')} -end -``` - -**Examine the default security group in all VPCs.** - -```ruby -describe aws_security_groups.where( group_name: 'default') do - it { should exist } -end -``` - -**Allow at most 100 security groups on the account.** - -```ruby -describe aws_security_groups do - its('entries.count') { should be <= 100} -end -``` - -**Pass entry resource data from security groups to the singular resource for testing.** - -Use the `security_group_objects` resource to pass resource data to the singular resource for testing. -This method uses local in-memory caching for quicker execution of large sets of test cases. - -```ruby -aws_security_groups.entries.each do |entry| - describe aws_security_group(resource_data: entry) do - it { should exist } - its('count') { should be >= 4 } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the filter returns at least one result. - -Use `should_not` if you expect zero matches. - - # You will always have at least one SG, the VPC default SG -```ruby -describe aws_security_groups - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeSecurityGroupsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_securityhub_hub.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_securityhub_hub.md deleted file mode 100644 index cb9bb70a70..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_securityhub_hub.md +++ /dev/null @@ -1,102 +0,0 @@ -+++ -title = "aws_securityhub_hub Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_securityhub_hub" -identifier = "inspec/resources/aws/aws_securityhub_hub Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_securityhub_hub` InSpec audit resource to test properties of a single AWS Security Hub. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Security Hub](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeHub.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the hub exists. - -```ruby -describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do - it { should exist } -end -``` - -## Parameters - -`hub_arn` _(required)_ - -: The ARN of the Hub resource that was retrieved. - -## Properties - -`hub_arn` -: The ARN of the Hub resource that was retrieved. - -`subscribed_at` -: The date and time when Security Hub was enabled in the account. - -`auto_enable_controls` -: Whether to automatically enable new controls when they are added to standards that are enabled. - -## Examples - -**Ensure an auto enable controls is true.** - -```ruby -describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do - its('auto_enable_controls') { should eq true } -end -``` - -**Ensure a hub ARN is available.** - -```ruby -describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do - its('hub_arn') { should eq 'HUB_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SecurityHub:Client:DescribeHubResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_cloud_formation_product.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_cloud_formation_product.md deleted file mode 100644 index 60db77b701..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_cloud_formation_product.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "aws_servicecatalog_cloud_formation_product Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_cloud_formation_product" -identifier = "inspec/resources/aws/aws_servicecatalog_cloud_formation_product Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_cloud_formation_product` InSpec audit resource to test properties of a single AWS Service Catalog CloudFormation product. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Service Catalog CloudFormation product](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-cloudformationproduct.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a product exists. - -```ruby -describe aws_servicecatalog_cloud_formation_product(name: 'PRODUCT_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The name of the product. - -## Properties - -`id` -: The product view identifier. - -`product_id` -: The product identifier. - -`name` -: The name of the product. - -`owner` -: The owner of the product. - -`short_description` -: Short description of the product. - -`type` -: The product type. - -`distributor` -: The distributor of the product. - -`has_default_path` -: Indicates whether the product has a default path. - -`support_email` -: The email contact information to obtain support for this product. - -`support_description` -: The description of the support for this product. - -`support_url` -: The URL information to obtain support for this product. - -## Examples - -**Ensure a product name is available.** - -```ruby -describe aws_servicecatalog_cloud_formation_product(name: 'PRODUCT_NAME') do - its('name') { should eq 'PRODUCT_NAME' } -end -``` - -**Ensure a owner is available.** - -```ruby -describe aws_servicecatalog_cloud_formation_product(name: 'PRODUCT_NAME') do - its('owner') { should eq 'PRODUCT_OWNER' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_cloud_formation_product(name: 'PRODUCT_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_cloud_formation_product(name: 'PRODUCT_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_servicecatalog_cloud_formation_product(name: 'PRODUCT_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:DescribeProductAsAdminOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_launch_role_constraint.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_launch_role_constraint.md deleted file mode 100644 index 615d5e4c20..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_launch_role_constraint.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_servicecatalog_launch_role_constraint Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_launch_role_constraint" -identifier = "inspec/resources/aws/aws_servicecatalog_launch_role_constraint Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_launch_role_constraint` InSpec audit resource to test properties of a single specific AWS Service Catalog launch constraint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Service Catalog launch role constraint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-launchroleconstraint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a constraint exists. - -```ruby -describe aws_servicecatalog_launch_role_constraint(id: 'CONSTRAINT_ID') do - it { should exist } -end -``` - -## Parameters - -`id` _(required)_ - -: The identifier of the constraint. - -## Properties - -`constraint_detail (constraint_id)` -: The identifier of the constraint. - -`constraint_detail (type)` -: The type of constraint. Valid values are: `LAUNCH`, `NOTIFICATION`, `RESOURCE_UPDATE`, `STACKSET`, and `TEMPLATE`. - -`constraint_detail (description)` -: The description of the constraint. - -`constraint_detail (owner)` -: The owner of the constraint. - -`constraint_detail (product_id)` -: The identifier of the product the constraint applies to. Note that a constraint applies to a specific instance of a product within a certain portfolio. - -`constraint_detail (portfolio_id)` -: The identifier of the portfolio the product resides in. The constraint applies only to the instance of the product that lives within this portfolio. - -`constraint_parameters` -: The constraint parameters. - -`status` -: The status of the current request. Valid values are: `AVAILABLE`, `CREATING`, and `FAILED`. - -## Examples - -**Ensure a product name is available.** - -```ruby -describe aws_servicecatalog_launch_role_constraint(id: 'CONSTRAINT_ID') do - its('constraint_detail.constraint_id') { should eq 'ID' } -end -``` - -**Ensure a status is available.** - -```ruby -describe aws_servicecatalog_launch_role_constraint(id: 'CONSTRAINT_ID') do - its('status') { should eq 'AVAILABLE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_launch_role_constraint(id: 'CONSTRAINT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_launch_role_constraint(id: 'CONSTRAINT_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_servicecatalog_launch_role_constraint(id: 'CONSTRAINT_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:DescribeConstraintOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_launch_role_constraints.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_launch_role_constraints.md deleted file mode 100644 index 68977325df..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_launch_role_constraints.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_servicecatalog_launch_role_constraints Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_launch_role_constraints" -identifier = "inspec/resources/aws/aws_servicecatalog_launch_role_constraints Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_launch_role_constraints` InSpec audit resource to test properties of multiple AWS Service Catalog launch constraint. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS ServiceCatalog LaunchRoleConstraint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-launchroleconstraint.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a portfolio exists. - -```ruby -describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do - it { should exist } -end -``` - -## Parameters - -`portfolio_id` _(required)_ - -: The identifier of the portfolio the product resides in. - -## Properties - -`constraint_ids` -: The identifier of the constraint. - -`types` -: The type of constraint. Valid values are: `LAUNCH`, `NOTIFICATION`, `RESOURCE_UPDATE`, `STACKSET`, and `TEMPLATE`. - -`descriptions` -: The description of the constraint. - -`owners` -: The owner of the constraint. - -`product_ids` -: The identifier of the product the constraint applies to. Note that a constraint applies to a specific instance of a product within a certain portfolio. - -`portfolio_ids` -: The identifier of the portfolio the product resides in. The constraint applies only to the instance of the product that lives within this portfolio. - -## Examples - -**Ensure a constraint is available.** - -```ruby -describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do - its('constraint_ids') { should include 'ID' } -end -``` - -**Ensure that the type is 'LAUNCH'.** - -```ruby -describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do - its('types') { should include 'LAUNCH' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:ListConstraintsForPortfolioOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_principal_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_principal_association.md deleted file mode 100644 index c632838467..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_principal_association.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "aws_servicecatalog_portfolio_principal_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_portfolio_principal_association" -identifier = "inspec/resources/aws/aws_servicecatalog_portfolio_principal_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_portfolio_principal_association` InSpec audit resource to test properties of a single specific AWS Service Catalog portfolio principal association. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Service Catalog Portfolio Principal Association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-portfolioprincipalassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a portfolio is available. - -```ruby -describe aws_servicecatalog_portfolio_principal_association(portfolio_id: 'PORTFOLIO_ID') do - it { should exist } -end -``` - -## Parameters - -`portfolio_id` _(required)_ - -: The ID of the portfolio. - -## Properties - -`principal_arn` -: The ARN of the principal (IAM user, role, or group). - -`principal_type` -: The principal type. The supported value is `IAM`. - -## Examples - -**Ensure a principal ARN is available.** - -```ruby -describe aws_servicecatalog_portfolio_principal_association(portfolio_id: 'PORTFOLIO_ID') do - its('principal_arn') { should eq 'principal_arn' } -end -``` - -**Ensure a principal type is 'IAM'.** - -```ruby -describe aws_servicecatalog_portfolio_principal_association(portfolio_id: 'PORTFOLIO_ID') do - its('principal_type') { should eq 'IAM' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_portfolio_principal_association(portfolio_id: 'PORTFOLIO_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_portfolio_principal_association(portfolio_id: 'PORTFOLIO_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_servicecatalog_portfolio_principal_association(portfolio_id: 'PORTFOLIO_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:ListPrincipalsForPortfolioOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_principal_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_principal_associations.md deleted file mode 100644 index 496fc08803..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_principal_associations.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "aws_servicecatalog_portfolio_principal_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_portfolio_principal_associations" -identifier = "inspec/resources/aws/aws_servicecatalog_portfolio_principal_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_portfolio_principal_associations` InSpec audit resource to test properties of a single specific AWS Service Catalog portfolio principal association. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Service Catalog Portfolio Principal Association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-portfolioprincipalassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that portfolio are available. - -```ruby -describe aws_servicecatalog_portfolio_principal_associations(portfolio_id: 'PORTFOLIO_ID') do - it { should exist } -end -``` - -## Parameters - -`portfolio_id` _(required)_ - -: The ID of the portfolio. - -## Properties - -`principal_arns` -: The ARN of the principal (IAM user, role, or group). - -`principal_types` -: The principal type. The supported value is `IAM`. - -## Examples - -**Ensure a principal ARN is available.** - -```ruby -describe aws_servicecatalog_portfolio_principal_associations(portfolio_id: 'PORTFOLIO_ID') do - its('principal_arns') { should include 'PRINCIPAL_ARN' } -end -``` - -**Ensure a principal type is 'IAM'.** - -```ruby -describe aws_servicecatalog_portfolio_principal_associations(portfolio_id: 'PORTFOLIO_ID') do - its('principal_types') { should include 'IAM' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_portfolio_principal_associations(portfolio_id: 'PORTFOLIO_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_portfolio_principal_associations(portfolio_id: 'PORTFOLIO_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:ListPrincipalsForPortfolioOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_product_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_product_association.md deleted file mode 100644 index 71ae7c0a26..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_product_association.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_servicecatalog_portfolio_product_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_portfolio_product_association" -identifier = "inspec/resources/aws/aws_servicecatalog_portfolio_product_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_portfolio_product_association` InSpec audit resource to test properties of a single specific AWS Service Catalog portfolio product association. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Service Catalog Portfolio Product Association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-portfolioproductassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a portfolio exists. - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - it { should exist } -end -``` - -## Parameters - -`product_id` _(required)_ - -: The product identifier. - -## Properties - -`id` -: The portfolio identifier. - -`arn` -: The ARN assigned to the portfolio. - -`display_name` -: The name to use for display purposes. - -`description` -: The description of the portfolio. - -`created_time` -: The UTC time stamp of the creation time. - -`provider_name` -: The name of the portfolio provider. - -## Examples - -**Ensure a product name is available.** - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - its('id') { should eq 'PORTFOLIO_ID' } -end -``` - -**Ensure a status is available.** - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - its('provider_name') { should eq 'PORTFOLIO_PROVIDER_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:ListPortfoliosForProductOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_product_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_product_associations.md deleted file mode 100644 index 1b8cb44221..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_servicecatalog_portfolio_product_associations.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_servicecatalog_portfolio_product_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_servicecatalog_portfolio_product_associations" -identifier = "inspec/resources/aws/aws_servicecatalog_portfolio_product_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_servicecatalog_portfolio_product_associations` InSpec audit resource to test properties of a single specific AWS Service Catalog portfolio product association. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Service Catalog Portfolio Product Association](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-portfolioproductassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a portfolio exists. - -```ruby -describe aws_servicecatalog_portfolio_product_associations(product_id: 'PRODUCT_ID') do - it { should exist } -end -``` - -## Parameters - -`product_id` _(required)_ - -: The product identifier. - -## Properties - -`ids` -: The portfolio identifier. - -`arns` -: The ARN assigned to the portfolio. - -`display_names` -: The name to use for display purposes. - -`descriptions` -: The description of the portfolio. - -`created_times` -: The UTC time stamp of the creation time. - -`provider_names` -: The name of the portfolio provider. - -## Examples - -**Ensure a product name is available.** - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - its('ids') { should include 'PORTFOLIO_ID' } -end -``` - -**Ensure a status is available.** - -```ruby -describe aws_servicecatalog_portfolio_product_association(product_id: 'PRODUCT_ID') do - its('provider_names') { should include 'PORTFOLIO_PROVIDER_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_servicecatalog_portfolio_product_associations(product_id: 'PRODUCT_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_servicecatalog_portfolio_product_associations(product_id: 'PRODUCT_ID') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="ServiceCatalog:Client:ListPortfoliosForProductOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule.md deleted file mode 100644 index ffebc1bb81..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule.md +++ /dev/null @@ -1,177 +0,0 @@ -+++ -title = "aws_ses_receipt_rule Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ses_receipt_rule" -identifier = "inspec/resources/aws/aws_ses_receipt_rule Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ses_receipt_rule` InSpec audit resource to test properties of the singular resource of AWS Simple Email Service (SES) receipt rule. - -The `AWS::SES::ReceiptRule` resource specifies a receipt rule. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SES ReceiptRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ses-receiptrule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the rule exists. - -```ruby -describe aws_ses_receipt_rule(rule_set_name: 'RULE_SET_NAME', rule_name: 'RULE_NAME') do - it { should exist } -end -``` - -## Parameters - -`rule_set_name` _(required)_ - -: The name of the receipt rule set that the receipt rule belongs to. - -`rule_name` _(required)_ - -: The name of the receipt rule. - -## Properties - -`name` -: The name of the receipt rule. - -`enabled` -: If `true`, the receipt rule is active. The default value is false. - -`tls_policy` -: Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). - -`recipients` -: The recipient domains and email addresses that the receipt rule applies to. - -`actions` -: An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule. - -`s3_action_topic_arns` -: The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. - -`s3_action_bucket_names` -: The name of the Amazon S3 bucket that incoming email will be saved to. - -`s3_action_object_key_prefixes` -: The key prefix of the Amazon S3 bucket. - -`s3_action_kms_key_arns` -: The customer master key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. - -`bounce_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. - -`bounce_action_smtp_reply_codes` -: The SMTP reply code, as defined by RFC 5321. - -`bounce_action_status_codes` -: The SMTP enhanced status code, as defined by RFC 3463. - -`bounce_action_messages` -: Human-readable text to include in the bounce message. - -`bounce_action_senders` -: The email address of the sender of the bounced email. - -`workmail_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. - -`workmail_action_organization_arns` -: The ARN of the Amazon WorkMail organization. - -`lambda_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is taken. - -`lambda_action_function_arns` -: The Amazon Resource Name (ARN) of the AWS Lambda function. - -`lambda_action_invocation_types` -: The invocation type of the AWS Lambda function. - -`stop_action_scopes` -: The scope of the StopAction. The only acceptable value is RuleSet. - -`stop_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. - -`add_header_action_header_names` -: The name of the header to add. Must be between 1 and 50 characters, inclusive, and consist of alphanumeric (a-z, A-Z, 0-9) characters and dashes only. - -`add_header_action_header_values` -: Must be less than 2048 characters, and must not contain newline characters ("r" or "n"). - -`sns_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. - -`sns_action_encodings` -: The encoding to use for the email within the Amazon SNS notification. - -`scan_enabled` -: If `true`, then messages that this receipt rule applies to are scanned for spam and viruses. The default value is `false`. - -## Examples - -**Ensure a rule is available.** - -```ruby -describe aws_ses_receipt_rule(rule_set_name: 'RULE_SET_NAME', rule_name: 'RULE_NAME') do - its('name') { should eq 'RULE_NAME' } -end -``` - -**Ensure that `scan_enabled` is `true` so that messages that this receipt rule is applied to are scanned for spam and viruses.** - -```ruby -describe aws_ses_receipt_rule(rule_set_name: 'RULE_SET_NAME', rule_name: 'RULE_NAME') do - its('scan_enabled') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ses_receipt_rule(rule_set_name: 'RULE_SET_NAME', rule_name: 'RULE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ses_receipt_rule(rule_set_name: 'RULE_SET_NAME', rule_name: 'RULE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ses_receipt_rule(rule_set_name: 'RULE_SET_NAME', rule_name: 'RULE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SES:Client:DescribeReceiptRuleResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule_set.md deleted file mode 100644 index 098412d562..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule_set.md +++ /dev/null @@ -1,173 +0,0 @@ -+++ -title = "aws_ses_receipt_rule_set Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ses_receipt_rule_set" -identifier = "inspec/resources/aws/aws_ses_receipt_rule_set Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ses_receipt_rule_set` InSpec audit resource to test properties of a single AWS Simple Email Service (SES) receipt rule set. - -The `AWS::SES::ReceiptRuleSet` resource specifies a receipt rule set. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SES ReceiptRuleSet](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ses-receiptruleset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the rule set exists. - -```ruby -describe aws_ses_receipt_rule_set(rule_set_name: 'RULE_SET_NAME') do - it { should exist } -end -``` - -## Parameters - -`rule_set_name` _(required)_ - -: The name of the receipt rule set to describe. - -## Properties - -`name` -: The name of the receipt rule. - -`enabled` -: If `true`, the receipt rule is active. The default value is `false`. - -`tls_policy` -: Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). - -`recipients` -: The recipient domains and email addresses that the receipt rule applies to. - -`actions` -: An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule. - -`s3_action_topic_arns` -: The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. - -`s3_action_bucket_names` -: The name of the Amazon S3 bucket that incoming email will be saved to. - -`s3_action_object_key_prefixes` -: The key prefix of the Amazon S3 bucket. - -`s3_action_kms_key_arns` -: The customer master key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. - -`bounce_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. - -`bounce_action_smtp_reply_codes` -: The SMTP reply code, as defined by RFC 5321. - -`bounce_action_status_codes` -: The SMTP enhanced status code, as defined by RFC 3463. - -`bounce_action_messages` -: Human-readable text to include in the bounce message. - -`bounce_action_senders` -: The email address of the sender of the bounced email. - -`workmail_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. - -`workmail_action_organization_arns` -: The ARN of the Amazon WorkMail organization. - -`lambda_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is taken. - -`lambda_action_function_arns` -: The Amazon Resource Name (ARN) of the AWS Lambda function. - -`lambda_action_invocation_types` -: The invocation type of the AWS Lambda function. - -`stop_action_scopes` -: The scope of the StopAction. The only acceptable value is RuleSet. - -`stop_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. - -`add_header_action_header_names` -: The name of the header to add. Must be between 1 and 50 characters, inclusive, and consist of alphanumeric (a-z, A-Z, 0-9) characters and dashes only. - -`add_header_action_header_values` -: Must be less than 2048 characters, and must not contain newline characters ("r" or "n"). - -`sns_action_topic_arns` -: The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. - -`sns_action_encodings` -: The encoding to use for the email within the Amazon SNS notification. - -`scan_enabled` -: If `true`, then messages that this receipt rule applies to are scanned for spam and viruses. The default value is `false`. - -## Examples - -**Ensure a rule set is available.** - -```ruby -describe aws_ses_receipt_rule_set(rule_set_name: 'RULE_SET_NAME') do - its('name') { should eq 'RULE_NAME' } -end -``` - -**Ensure that `scan_enabled` is `true` so that messages that this receipt rule is applied to are scanned for spam and viruses.** - -```ruby -describe aws_ses_receipt_rule_set(rule_set_name: 'RULE_SET_NAME') do - its('scan_enabled') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ses_receipt_rule_set(rule_set_name: 'RULE_SET_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ses_receipt_rule_set(rule_set_name: 'RULE_SET_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ses_receipt_rule_set(rule_set_name: 'RULE_SET_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SES:Client:DescribeReceiptRuleSetResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule_sets.md deleted file mode 100644 index bcbac49be3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_receipt_rule_sets.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "aws_ses_receipt_rule_sets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ses_receipt_rule_sets" -identifier = "inspec/resources/aws/aws_ses_receipt_rule_sets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ses_receipt_rule_sets` InSpec audit resource to test properties of multiple AWS Simple Email Service (SES) receipt rule sets. - -The `AWS::SES::ReceiptRuleSet` resource specifies a receipt rule set. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SES ReceiptRuleSet](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ses-receiptruleset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the rule set exists. - -```ruby -describe aws_ses_receipt_rule_sets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The name of the receipt rule set. - -: **Field**: `name` - -`created_timestamps` -: The date and time the receipt rule set was created. - -: **Field**: `created_timestamp` - -## Examples - -**Ensure a rule set name is available.** - -```ruby -describe aws_ses_receipt_rule_sets do - its('names') { should include 'RULE_SET_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ses_receipt_rule_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ses_receipt_rule_sets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SES:Client:ListReceiptRuleSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_template.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_template.md deleted file mode 100644 index 4258f2cf58..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_template.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_ses_template Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ses_template" -identifier = "inspec/resources/aws/aws_ses_template Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ses_template` InSpec audit resource to test properties of a single AWS Simple Email Service (SES) template. - -The `AWS::SES::Template` resource specifies an email template. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SES Template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ses-template.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the template exists. - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - it { should exist } -end -``` - -## Parameters - -`template_name` _(required)_ - -: The name of the template. - -## Properties - -`template_name` -: The name of the template. - -`subject_part` -: The subject line of the email. - -`text_part` -: The email body that will be visible to recipients whose email clients do not display HTML. - -`html_part` -: The HTML body of the email. - -## Examples - -**Ensure a template name is available.** - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - its('template_name') { should eq 'TEMPLATE_NAME' } -end -``` - -**Ensure a subject is available in the template.** - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - its('subject_part') { should eq 'HTML_SUBJECT' } -end -``` - -**Ensure a text part is available in the template.** - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - its('text_part') { should eq 'HTML_TEXT_PART' } -end -``` - -**Ensure an HTML body is available in the template.** - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - its('html_part') { should eq 'HTML_PART' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ses_template(template_name: 'TEMPLATE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SES:Client:GetTemplateResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_templates.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_templates.md deleted file mode 100644 index 5be093c6af..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ses_templates.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "aws_ses_templates Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ses_templates" -identifier = "inspec/resources/aws/aws_ses_templates Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ses_templates` InSpec audit resource to test properties of multiple AWS Simple Email Service (SES) templates. - -The `AWS::SES::Template` resource specifies an email template. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SES Template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ses-template.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the template exists. - -```ruby -describe aws_ses_templates do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: The name of the template. - -: **Field**: `name` - -`created_timestamps` -: The time and date the template was created. - -: **Field**: `created_timestamp` - -## Examples - -**Ensure a template name is available.** - -```ruby -describe aws_ses_templates do - its('names') { should include 'TEMPLATE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ses_templates do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ses_templates do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SES:Client:ListTemplatesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_shield_subscription.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_shield_subscription.md deleted file mode 100644 index 4647bfd06d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_shield_subscription.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "aws_shield_subscription Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_shield_subscription" -identifier = "inspec/resources/aws/aws_shield_subscription Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_shield_subscription` InSpec audit resource to test properties of an AWS Shield Advanced subscription. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_shield_subscription` resource block returns a Shield Advanced subscription. - -```ruby -describe aws_shield_subscription do - it { should exist } -end -``` - - -## Parameters - -This resource does not require any parameters. - -## Properties - -`auto_renew` -: If `ENABLED`, the subscription will be automatically renewed at the end of the existing subscription period. Valid values: `ENABLED` or `DISABLED`. - -`end_time` -: The date and time your subscription will end. - -`limits` -: Specifies how many protections of a given type you can create. This is an array containing the Type of protection and the maximum number of protections that can be created for the specified Type. - -`proactive_engagement_status` -: Valid values: `ENABLED`, `DISABLED`, `PENDING`.
If ENABLED, the DDoS Response Team (DRT) will use email and phone to notify contacts about escalations to the DRT and to initiate proactive customer support.
If `PENDING`, you have requested proactive engagement and the request is pending. The status changes to `ENABLED` when your request is fully processed.
If `DISABLED`, the DRT will not proactively notify contacts about escalations or to initiate proactive customer support. - -`start_time` -: The start time of the subscription, in Unix time in seconds. - -`time_commitment_in_seconds` -: The length, in seconds, of the AWS Shield Advanced subscription for the account. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_Subscription.html) - -## Examples - -**Check the automatic renewal status of a Shield Subscription.** - -```ruby -describe aws_shield_subscription do - its('auto_renew') { should eq 'ENABLED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Shield:Client:DescribeSubscriptionResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Shield](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsshield.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_profile_permissions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_profile_permissions.md deleted file mode 100644 index cb6b8e77bc..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_profile_permissions.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_signer_profile_permissions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_signer_profile_permissions" -identifier = "inspec/resources/aws/aws_signer_profile_permissions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_signer_profile_permissions` InSpec audit resource to test properties of multiple AWS Signer profile permissions. - -The `AWS::Signer::ProfilePermission` resource adds cross-account permissions to a signing profile. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Signer ProfilePermission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-signer-profilepermission.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the profile permission exists. - -```ruby -describe aws_signer_profile_permissions(profile_name: 'PROFILE_NAME') do - it { should exist } -end -``` - -## Parameters - -`profile_name` _(required)_ - -: Name of the signing profile containing the cross-account permissions. - -## Properties - -`actions` -: An AWS Signer action permitted as part of cross-account permissions. - -: **Field**: `action` - -`principals` -: The AWS principal that has been granted a cross-account permission. - -: **Field**: `principal` - -`statement_ids` -: A unique identifier for a cross-account permission statement. - -: **Field**: `statement_id` - -`profile_versions` -: The signing profile version that a permission applies to. - -: **Field**: `profile_version` - -## Examples - -**Ensure a principal is available.** - -```ruby -describe aws_signer_profile_permissions(profile_name: 'PROFILE_NAME') do - its('principals') { should include 'PRINCIPAL' } -end -``` - -**Ensure a statement ID is available.** - -```ruby -describe aws_signer_profile_permissions(profile_name: 'PROFILE_NAME') do - its('statement_ids') { should include 'STATEMENT_ID' } -end -``` - -**Ensure a profile version is available.** - -```ruby -describe aws_signer_profile_permissions(profile_name: 'PROFILE_NAME') do - its('profile_versions') { should include 'PROFILE_VERSION' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_signer_profile_permissions(profile_name: 'PROFILE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_signer_profile_permissions(profile_name: 'PROFILE_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Signer:Client:ListProfilePermissionsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_signing_profile.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_signing_profile.md deleted file mode 100644 index 8ebd1ffc48..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_signing_profile.md +++ /dev/null @@ -1,160 +0,0 @@ -+++ -title = "aws_signer_signing_profile Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_signer_signing_profile" -identifier = "inspec/resources/aws/aws_signer_signing_profile Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_signer_signing_profile` InSpec audit resource to test properties of a single specific AWS Signer signing profile. - -A signing profile is a code signing template that can be used to carry out a pre-defined signing job. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Signer SigningProfile.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-signer-signingprofile.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the signing profile exists. - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - it { should exist } -end -``` - -## Parameters - -`profile_name` _(required)_ - -: The name of the target signing profile. - -## Properties - -`profile_name` -: The name of the target signing profile. - -`profile_version` -: The current version of the signing profile. - -`profile_version_arn` -: The signing profile ARN, including the profile version. - -`revocation_record.revocation_effective_from` -: The time when revocation becomes effective. - -`revocation_record.revoked_at` -: The time when the signing profile was revoked. - -`revocation_record.revoked_by` -: The identity of the revoker. - -`signing_material.certificate_arn` -: The Amazon Resource Name (ARN) of the certificates that is used to sign your code. - -`platform_id` -: The ID of the platform that is used by the target signing profile. - -`platform_display_name` -: A human-readable name for the signing platform associated with the signing profile. - -`signature_validity_period.value` -: The numerical value of the time unit for signature validity. - -`signature_validity_period.type` -: The time unit for signature validity. - -`overrides.signing_configuration.encryption_algorithm` -: A specified override of the default encryption algorithm that is used in a code signing job. - -`overrides.signing_configuration.hash_algorithm` -: A specified override of the default hash algorithm that is used in a code signing job. - -`overrides.signing_image_format` -: profile_name. - -`signing_parameters` -: A map of key-value pairs for signing operations that is attached to the target signing profile. - -`status` -: The status of the target signing profile. - -`status_reason` -: Reason for the status of the target signing profile. - -`arn` -: The Amazon Resource Name (ARN) for the signing profile. - -`tags` -: A list of tags associated with the signing profile. - -## Examples - -**Ensure a profile name is available.** - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - its('profile_name') { should eq 'PROFILE_NAME' } -end -``` - -**Ensure a profile version is available.** - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - its('profile_version') { should eq 'PROFILE_VERSION' } -end -``` - -**Ensure a status is `Active`.** - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - its('status') { should eq 'Active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Signer:Client:GetSigningProfileResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_signing_profiles.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_signing_profiles.md deleted file mode 100644 index 777d6e614e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_signer_signing_profiles.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "aws_signer_signing_profiles Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_signer_signing_profiles" -identifier = "inspec/resources/aws/aws_signer_signing_profiles Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_signer_signing_profiles` InSpec audit resource to test properties of multiple AWS Signer signing profiles. - -A signing profile is a code signing template that can be used to carry out a pre-defined signing job. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS Signer SigningProfile.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-signer-signingprofile.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the signing profile exists. - -```ruby -describe aws_signer_signing_profiles do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`profile_names` -: The name of the target signing profile. - -: **Field**: `profile_name` - -`profile_versions` -: The current version of the signing profile. - -: **Field**: `profile_version` - -`profile_version_arns` -: The signing profile ARN, including the profile version. - -: **Field**: `profile_version_arn` - -`signing_materials` -: The ACM certificate that is available for use by a signing profile. - -: **Field**: `signing_material` - -`signature_validity_periods` -: The validity period for a signing job created using this signing profile. - -: **Field**: `signature_validity_period` - -`platform_ids` -: The ID of the platform that is used by the target signing profile. - -: **Field**: `platform_id` - -`platform_display_names` -: A human-readable name for the signing platform associated with the signing profile. - -: **Field**: `platform_display_name` - -`signing_parameters` -: A map of key-value pairs for signing operations that is attached to the target signing profile. - -: **Field**: `signing_parameters` - -`statuses` -: The status of the target signing profile. - -: **Field**: `status` - -`status_reasons` -: Reason for the status of the target signing profile. - -: **Field**: `status_reason` - -`arns` -: The Amazon Resource Name (ARN) for the signing profile. - -: **Field**: `arn` - -`tags` -: A list of tags associated with the signing profile. - -: **Field**: `tags` - -## Examples - -**Ensure a profile name is available.** - -```ruby -describe aws_signer_signing_profiles do - its('profile_names') { should include 'PROFILE_NAME' } -end -``` - -**Ensure a profile version is available.** - -```ruby -describe aws_signer_signing_profiles do - its('profile_versions') { should include 'PROFILE_VERSION' } -end -``` - -**Ensure a status is `Active`.** - -```ruby -describe aws_signer_signing_profiles do - its('statuses') { should include 'Active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_signer_signing_profiles do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_signer_signing_profiles do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Signer:Client:ListSigningProfilesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_subscription.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_subscription.md deleted file mode 100644 index 9c11847aee..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_subscription.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_sns_subscription Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sns_subscription" -identifier = "inspec/resources/aws/aws_sns_subscription Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sns_subscription` InSpec audit resource to test detailed properties of a AWS SNS Subscription. - -For additional information, including details on parameters and properties, see the [AWS documentation on SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_sns_subscription` resource block uses resource parameters to search for a SNS Subscription, and then tests that subscriptions properties. If no Subscriptions match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. - -```ruby -describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do - it { should exist } -end -``` - -## Parameters - -`subscription_arn` _(required)_ - -: This resource accepts a single parameter, the subscription_arn. - This can be passed either as a string or as a `subscription_arn: 'value'` key-value entry in a hash. - -## Properties - -`arn` -: The subscription's ARN. - -`owner` -: The subscription's owner. - -`raw_message_delivery` -: Indicates whether the subscription is raw or JSON. - -`topic_arn` -: The ARN of the subscription's topic. - -`protocol` -: The subscription's protocol. - -`confirmation_was_authenticated` -: Indicates whether the subscription confirmation request was authenticated. - -## Examples - -**Inspect the endpoint.** - -```ruby -describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do -**If protocol is 'sms', this should be a phone number:.** - - its('endpoint') { should cmp '+16105551234' } -**If protocol is 'email' or 'email-json', endpoint should be an email address.** - - its('endpoint') { should cmp 'myemail@example.com' } -**If protocal is 'http', endpoint should be a URL beginning with 'https://'.** - - its('endpoint') { should cmp 'https://www.exampleurl.com' } -**If the protocol is 'lambda', its endpoint should be the ARN of a AWS Lambda function.** - - its('endpoint') { should cmp 'rn:aws:lambda:us-east-1:account-id:function:myfunction' } -end -``` - -**Inspect the owners ID.** - -```ruby -describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do - its('owner') { should cmp '12345678' } -end -``` - -**Inspect the endpoint.** - -```ruby -describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do - its('protocol') { should cmp 'sqs' } -end -``` - -## Matchers - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -it { should exist } -``` - -```ruby -it { should_not exist } -``` - -#### be_confirmation_authenticated - -Provides whether or not the subscription confirmation request was authenticated. - -```ruby -describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6') - it { should be_confirmation_authenticated } -end -``` - -#### have_raw_message_delivery - -Provides whether or not the original message is passed as is, not formatted as a json or yaml. - -```ruby -describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6') - it { should have_raw_message_delivery } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SNS:Client:GetSubscriptionAttributesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_subscriptions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_subscriptions.md deleted file mode 100644 index 404408c30d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_subscriptions.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "aws_sns_subscriptions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sns_subscriptions" -identifier = "inspec/resources/aws/aws_sns_subscriptions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sns_subscriptions` InSpec audit resource to test properties of an AWS Simple Notification Service (SNS) subscription VPN route. - -The `AWS::SNS::Subscription` resource subscribes an endpoint to an Amazon SNS topic. For a subscription to be created, the owner of the endpoint must confirm the subscription. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SNS subscriptions.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the subscription exists. - -```ruby -describe aws_sns_subscriptions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`subscription_arns` -: The subscription's ARN. - -: **Field**: `subscription_arn` - -`owners` -: The subscription's owner. - -: **Field**: `owner` - -`protocols` -: The subscription's protocol. - -: **Field**: `protocol` - -`endpoints` -: The subscription's endpoint (format depends on the protocol). - -: **Field**: `endpoint` - -`topic_arns` -: The ARN of the subscription's topic. - -: **Field**: `topic_arn` - -## Examples - -**Ensure a subscription ARN is available.** - -```ruby -describe aws_sns_subscriptions do - its('subscription_arns') { should include 'SUBSCRIPTION_ARN' } -end -``` - -**Ensure a topic ARN is available.** - -```ruby -describe aws_sns_subscriptions do - its('topic_arns') { should include 'TOPIC_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_sns_subscriptions do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_sns_subscriptions do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_sns_subscriptions do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SNS:Client:ListSubscriptionsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_topic.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_topic.md deleted file mode 100644 index b1a1bb49a7..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_topic.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "aws_sns_topic Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sns_topic" -identifier = "inspec/resources/aws/aws_sns_topic Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS Simple Notification Service Topic. SNS topics are channels for related events. AWS resources place events in the Simple Notification Service (SNS) topic, while other AWS resources subscribe to receive notifications when new events occur. - -For additional information, including details on parameters and properties, see the [AWS documentation on SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do - it { should exist } -end -``` - - # You may also use has syntax to pass the ARN -```ruby -describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do - it { should exist } -end -``` - -## Parameters - -`arn` _(required)_ - -: This resource accepts a single parameter, the ARN of the SNS Topic. - This can be passed either as a string or as a `arn: 'value'` key-value entry in a hash. - -## Properties - -`kms_master_key_id` -: Provides the ID of an AWS-managed customer master key (CMK) for Amazon SNS topic or a custom CMK. - -`confirmed_subscription_count` -: An integer indicating the number of currently active subscriptions. - -## Examples - -**Make sure something is subscribed to the topic.** - -```ruby -describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do - its('confirmed_subscription_count') { should_not be_zero} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_sns_topic('arn:aws:sns:*::good-news') do - it { should exist } -end -``` - -```ruby -describe aws_sns_topic('arn:aws:sns:*::bad-news') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SNS:Client:GetTopicAttributesResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_topics.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_topics.md deleted file mode 100644 index 627b039e7d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sns_topics.md +++ /dev/null @@ -1,80 +0,0 @@ -+++ -title = "aws_sns_topics Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sns_topics" -identifier = "inspec/resources/aws/aws_sns_topics Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sns_topics` InSpec audit resource to test all or a group of the SNS Topic ARNs in an account. - -User the 'aws_sns_topic' InSpec audit resource to test a single SNS Topic in an account. - -For additional information, including details on parameters and properties, see the [AWS documentation on SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - # Get all SNS Topic arns -```ruby -describe aws_sns_topics do - its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`topic_arns` -: The ARNs of the SNS Topics. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Ensure a Topic exists.** - -```ruby -describe aws_sns_topics do - its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' } -end -``` - -## Matchers - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_sns_topics do - it { should exist } -end -``` - -```ruby -describe aws_sns_topics do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SNS:Client:ListTopicsResponse" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sqs_queue.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sqs_queue.md deleted file mode 100644 index ed1182cb07..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sqs_queue.md +++ /dev/null @@ -1,187 +0,0 @@ -+++ -title = "aws_sqs_queue Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sqs_queue" -identifier = "inspec/resources/aws/aws_sqs_queue Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sqs_queue` InSpec audit resource to test properties of a single AWS Simple Queue Service queue. - -For additional information, including details on parameters and properties, see the [AWS documentation on SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_sqs_queue(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - it { should exist } -end -``` - -## Parameters - -`queue_url` _(required)_ - -: This resource accepts a single parameter, the SQS Queue URL. - This can be passed either as a string or as a `queue_url: 'value'` key-value entry in a hash. - -## Properties - -`arn` -: The ARN of the SQS Queue. - -`is_fifo_queue` -: A boolean value indicate if this queue is a FIFO queue. - -`visibility_timeout` -: An integer indicating the visibility timeout of the message in seconds. - -`maximum_message_size` -: An integer indicating the maximum message size in bytes. - -`message_retention_period` -: An integer indicating the maximum retention period for a message in seconds. - -`delay_seconds` -: An integer indicating the delay in seconds for the queue. - -`receive_message_wait_timeout_seconds` -: An integer indicating the number of seconds an attempt to recieve a message will wait before returning. - -`content_based_deduplication` -: A boolean value indicate if content based deduplication is enabled or not. - -`redrive_policy` -: A string indicating the redrive policy. - -`kms_master_id` -: Provides the ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. - -`kms_data_key_reuse_period_seconds` -: Returns the length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. - -`sqs_managed_enabled` -: Returns information about whether the queue is using SSE-SQS encryption using SQS-owned encryption keys. - -`policy` -: Returns the policy of the queue. - -## Examples - -**Ensure that a queue exists and has a visibility timeout of 300 seconds.** - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - it { should exist } - its('visibility_timeout') { should be 300 } -end -``` - -**Ensure maximum message size is set.** - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do -**256 KB .** - -end -``` - -**Test the delay time .** - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - its('delay_seconds') { should be 0 } -end -``` - -**Ensure messages are retained for 4 days.** - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do -**4 days.** - -end -``` - -**Check if queue is fifo.** - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - its('is_fifo_queue') { should be false } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should` to test the entity should exist. - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - it { should exist } -end -``` - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do - it { should_not exist } -end -``` - -### policy_statement_principal_all_permissions_enabled - -The control will pass if at least one Principal has all permissions enabled. - -Use `should` to test when a Principal with all permissions should exist. - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - it { should be_policy_statement_principal_all_permissions_enabled } -end -``` - -Use `should_not` to test that a Principal with all permissions should not exist. - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do - it { should_not be_policy_statement_principal_all_permissions_enabled } -end -``` - -### policy_statement_action_all_permissions_enabled - -The control will pass if at least one action has all permissions enabled. - -Use `should` to test that at least one action has all permissions enabled should exist. - -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - it { should be_policy_statement_action_all_permissions_enabled } -end -```ruby -describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do - it { should_not be_policy_statement_action_all_permissions_enabled } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SQS:Client:GetQueueAttributesResult" %}} -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sqs_queues.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sqs_queues.md deleted file mode 100644 index 2377e00b4c..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sqs_queues.md +++ /dev/null @@ -1,98 +0,0 @@ -+++ -title = "aws_sqs_queues Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sqs_queues" -identifier = "inspec/resources/aws/aws_sqs_queues Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sqs_queues` InSpec audit resource to test properties of some or all AWS Simple Queue Service queues. - -For additional information, including details on parameters and properties, see the [AWS documentation on SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -```ruby -describe aws_sqs_queues() do - it { should exist } -end -``` - - -## Parameters - -This resource does not require any parameters. - -## Properties - -`arns` -: The ARNs of the SQS Queues. - -`is_fifo_queues` -: A boolean value indicate if queues are a FIFO queues. - -`visibility_timeouts` -: An integer indicating the visibility timeout of the message in seconds. - -`maximum_message_sizes` -: An integer indicating the maximum message size in bytes. - -`message_retention_periods` -: An integer indicating the maximum retention period for a message in seconds. - -`delay_seconds` -: An integer indicating the delay in seconds for the queues. - -`receive_message_wait_timeout_seconds` -: An integer indicating the number of seconds an attempt to recieve a message will wait before returning. - -`content_based_deduplications` -: A boolean value indicate if content based dedcuplication is enabled or not. - -## Examples - -**Ensure that a queue exists and has a visibility timeout of 300 seconds.** - -```ruby -describe aws_sqs_queues.where(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do - it { should exist } - its('visibility_timeout') { should be 300 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_sqs_queues() do - it { should exist } -end -``` - -```ruby -describe aws_sqs_queues() do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SQS:Client:GetQueueAttributesResult" %}} -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_activation.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_activation.md deleted file mode 100644 index 058e08701e..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_activation.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "aws_ssm_activation Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_activation" -identifier = "inspec/resources/aws/aws_ssm_activation Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_activation` InSpec audit resource to test properties of a ssm activation. - -For additional information, including details on parameters and properties, see the [AWS documentation on SSM Activations](https://docs.aws.amazon.com/systems-manager/latest/userguide/activations.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - An `aws_ssm_activation` resource block uses the parameter to select a ssm activation. - -```ruby -describe aws_ssm_activation(activation_id: 'ssm-activation-id-1234') do - it { should exist } -end -``` - -## Parameters - -`activation_id` _(required)_ - -: This resource accepts a single parameter, the SSM Activation ID. - This can be passed either as a string or as a `activation_id: 'value'` key-value entry in a hash. - -## Properties - -`activation_id` -: Provides ID created by Systems Manager when you submitted the activation. - -`created_date` -: Provides the date the activation was created. - -`default_instance_name` -: Provides the name for the managed instance when it is created. - -`description` -: Provides a user defined description of the activation. - -`expiration_date` -: Provides the date when this activation can no longer be used to register managed instances. - -`expired` -: Whether or not the activation is expired. - -`iam_role` -: Provides the Amazon Identity and Access Management (IAM) role to assign to the managed instance. - -`registration_limit` -: Provides the maximum number of managed instances that can be registered with this activation. - -`registrations_count` -: Provides the number of managed instances already registered with this activation. - -`tags` -: Provides the tags assigned to the activation. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Activation.html) - -## Examples - -**Check the Activation ID of a SSM Activation.** - -```ruby -describe aws_ssm_activation(activation_id: 'ssm-activation-id-1234') do - its('activation_id') { should eq 'ssm-activation-id-1234' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_activation(activation_id: 'ssm-activation-id-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ssm_activation(activation_id: 'ssm-activation-id-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeActivationsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_activations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_activations.md deleted file mode 100644 index d7b460d17d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_activations.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_ssm_activations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_activations" -identifier = "inspec/resources/aws/aws_ssm_activations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_activations` InSpec audit resource to test properties of a collection of AWS SSM Activations. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 activations - -```ruby -describe aws_ssm_activations do - its('activation_ids.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`activation_ids` -: Provides ID created by Systems Manager when you submitted the activation. - -`created_dates` -: Provides the date the activation was created. - -`default_instance_names` -: Provides the name for the managed instance when it is created. - -`descriptions` -: Provides a user defined description of the activation. - -`expiration_dates` -: Provides the date when this activation can no longer be used to register managed instances. - -`expired` -: Whether or not the activation is expired. - -`iam_roles` -: Provides the Amazon Identity and Access Management (IAM) role to assign to the managed instance. - -`registration_limits` -: Provides the maximum number of managed instances that can be registered with this activation. - -`registrations_count` -: Provides the number of managed instances already registered with this activation. - -`tags` -: Provides the tags assigned to the activation. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Activation.html) - -## Examples - -**Ensure an Activation ID of a SSM Activation exists.** - -```ruby -describe aws_ssm_activations do - its('activation_ids') { should include 'activation-id' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_activations.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ssm_activations.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeActivationsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_association.md deleted file mode 100644 index 79bff2e949..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_association.md +++ /dev/null @@ -1,152 +0,0 @@ -+++ -title = "aws_ssm_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_association" -identifier = "inspec/resources/aws/aws_ssm_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_association` InSpec audit resource to test properties of a ssm association. - -For additional information, including details on parameters and properties, see the [AWS documentation on SSM Associations](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-state-assoc.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - An `aws_ssm_association` resource block uses the parameter to select a ssm association. - -```ruby -describe aws_ssm_association(association_id: 'association-id-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ssm_association(name: 'document-name', instance_id: 'instance-id') do - it { should exist } -end -``` - -## Parameters - -`association_id` _OR_ name _AND_ instance_id _(name and instance_id are required together)_ - -: This resource accepts the association_id, document name and instance id. If not using association_id, name and instance id must both be provided as parameters - This can be passed either as a string or as a `association_id: 'value'` key-value entry in a hash. - -## Properties - -`name` -: The name of the Systems Manager document. - -`instance_id` -: Provides the id of the instance. - -`association_version` -: Provides the version of the association. - -`date` -: The date when the association was made. - -`last_update_association_date` -: The date when the association was last updated. - -`status` -: The association status. - -`overview` -: Provides information about the association. - -`document_version` -: Provides the document version used in the association. - -`automation_target_parameter_name` -: Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls. - -`parameters` -: A description of the parameters for a document. - -`association_id` -: Provides the ID of the association. - -`targets` -: Provides the instances targeted by the request to create an association. - -`schedule_expression` -: A cron expression that specifies a schedule when the association runs. - -`output_location` -: An S3 bucket where you want to store the output details of the request. - -`last_execution_date` -: The date on which the association was last run. - -`last_successful_execution_date` -: The last date on which the association was successfully run. - -`association_name` -: Provides the name of the association. - -`max_errors` -: The number of errors that are allowed before the system stops sending requests to run the association on additional targets. - -`max_concurrency` -: The maximum number of targets allowed to run the association at the same time. - -`compliance_severity` -: The severity level that is assigned to the association. - -`sync_compliance` -: The mode for generating association compliance. You can specify AUTO or MANUAL. - -`apply_only_at_cron_interval` -: By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Association.html) - -## Examples - -**Check the Name of a SSM Association.** - -```ruby -describe aws_ssm_association(association_id: 'association-id-1234') do - its('name') { should eq 'association-name-1234' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_association(association_id: 'association-id-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ssm_association(association_id: 'association-id-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeAssociationResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_associations.md deleted file mode 100644 index fa665575ca..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_associations.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_ssm_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_associations" -identifier = "inspec/resources/aws/aws_ssm_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_associations` InSpec audit resource to test properties of a collection of AWS SSM Associations. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 associations - -```ruby -describe aws_ssm_associations do - its('names.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`association_ids` -: Provides the ID of the association. - -`association_names` -: Provides the name of the association. - -`association_versions` -: Provides the version of the association. - -`document_versions` -: Provides the document version used in the association. - -`instance_ids` -: Provides the id of the instance. - -`last_execution_dates` -: The date on which the association was last run. - -`names` -: The name of the Systems Manager document. - -`overviews` -: Provides information about the association. - -`schedule_expressions` -: A cron expression that specifies a schedule when the association runs. - -`targets` -: Provides the instances targeted by the request to create an association. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Association.html) - -## Examples - -**Ensure an Association ID of a SSM Association exists.** - -```ruby -describe aws_ssm_associations do - its('association_ids') { should include 'association-id' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_associations.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ssm_associations.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:ListAssociationsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_document.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_document.md deleted file mode 100644 index 0d5a5ae9aa..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_document.md +++ /dev/null @@ -1,148 +0,0 @@ -+++ -title = "aws_ssm_document Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_document" -identifier = "inspec/resources/aws/aws_ssm_document Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_document` InSpec audit resource to test properties of a ssm document. - -For additional information, including details on parameters and properties, see the [AWS documentation on SSM Documents](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - An `aws_ssm_document` resource block uses the parameter to select a ssm document. - -```ruby -describe aws_ssm_document(name: 'document-name-1234') do - it { should exist } -end -``` - - -## Parameters - -`name` _(required)_ - -: This resource accepts a single parameter, the SSM Document Name. - This can be passed either as a string or as a `name: 'value'` key-value entry in a hash. - -## Properties - -`sha_1` -: Provides the SHA1 hash of the document, which you can use for verification. - -`hash` -: Provides the Sha256 or Sha1 hash created by the system when the document was created. - -`hash_type` -: Provides the hash type of the document. Valid values include Sha256 or Sha1. - -`name` -: Provides the name of the Systems Manager document. - -`version_name` -: Provides the version of the artifact associated with the document. - -`owner` -: Provides the AWS user account that created the document. - -`created_date` -: Provides the date when the document was created. - -`status` -: Provides the status of the Systems Manager document. - -`status_information` -: Provides a message returned by AWS Systems Manager that explains the Status value. - -`document_version` -: Provides the document version. - -`description` -: Provides a description of the document. - -`parameters` -: Provides a description of the parameters for a document. These parameters include DefaultValue, Description, Name and Type. - -`platform_types` -: Provides the list of OS platforms compatible with this Systems Manager document. - -`document_type` -: Provides the type of the document. - -`schema_version` -: Provides the schema version. - -`latest_version` -: Provides the latest version of the document. - -`default_version` -: Provides the default version. - -`document_format` -: Provides the document format, either JSON or YAML. - -`target_type` -: The target type which defines the kinds of resources the document can run on. - -`tags` -: Provides the tags, or metadata, that have been applied to the document. - -`attachments_information` -: Provides details about the document attachments, including names, locations, sizes, and so on. - -`requires` -: Provides a list of SSM documents required by a document. - - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DocumentDescription.html) - -## Examples - -**Check the Name of a SSM Document.** - -```ruby -describe aws_ssm_document(name: 'document-name-1234') do - its('name') { should eq 'document-name-1234' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_document(name: 'document-name-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ssm_document(name: 'document-name-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeDocumentResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_documents.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_documents.md deleted file mode 100644 index 452606e0e4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_documents.md +++ /dev/null @@ -1,102 +0,0 @@ -+++ -title = "aws_ssm_documents Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_documents" -identifier = "inspec/resources/aws/aws_ssm_documents Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_documents` InSpec audit resource to test properties of a collection of AWS SSM Compliance Items. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 documents - -```ruby -describe aws_ssm_documents do - its('names.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: Provides the name of the Systems Manager document. - -`owners` -: Provides the AWS user account that created the document. - -`platform_types` -: Provides the list of OS platforms compatible with this Systems Manager document. - -`document_versions` -: Provides the document version. - -`document_types` -: Provides the type of the document. - -`schema_versions` -: Provides the schema version. - -`document_formats` -: Provides the document format, either JSON or YAML. - -`target_types` -: The target type which defines the kinds of resources the document can run on. - -`tags` -: Provides the tags, or metadata, that have been applied to the document. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DocumentDescription.html). - -## Examples - -**Ensure a Name of a SSM Document exists.** - -```ruby -describe aws_ssm_documents do - its('names') { should include 'document-name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_documents.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ssm_documents.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:ListDocumentsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window.md deleted file mode 100644 index b91e53b276..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window.md +++ /dev/null @@ -1,158 +0,0 @@ -+++ -title = "aws_ssm_maintenance_window Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_maintenance_window" -identifier = "inspec/resources/aws/aws_ssm_maintenance_window Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_maintenance_window` InSpec audit resource to test properties of a single AWS Systems Manager (SSM) maintenance window. - -The `AWS::SSM::MaintenanceWindow` resource represents general information about a maintenance window for AWS Systems Manager. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::SSM::MaintenanceWindow` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the maintenance window exists. - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - it { should exist } -end -``` - -## Parameters - -`window_id` _(required)_ - -: The ID of the maintenance window for which you want to retrieve information. - -## Properties - -`window_id` -: The ID of the maintenance window for which you want to retrieve information. - -`name` -: The name of the maintenance window. - -`description` -: The description of the maintenance window. - -`start_date` -: The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. - -`end_date` -: The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. - -`schedule` -: The schedule of the maintenance window in the form of a cron or rate expression. - -`schedule_timezone` -: The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. - -`schedule_offset` -: The number of days to wait to run a maintenance window after the scheduled cron expression date and time. - -`next_execution_time` -: The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive. - -`duration` -: The duration of the maintenance window in hours. - -`cutoff` -: The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution. - -`allow_unassociated_targets` -: Whether targets must be registered with the maintenance window before tasks can be defined for those targets. - -`enabled` -: Indicates whether the maintenance window is enabled. - -`created_date` -: The date the maintenance window was created. - -`modified_date` -: The date the maintenance window was last modified. - -## Examples - -**Ensure a window ID is available.** - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - its('window_id') { should eq 'WINDOW_ID' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - its('name') { should eq 'WINDOW_NAME' } -end -``` - -**Ensure a duration is `1`.** - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - its('duration') { should eq 1 } -end -``` - -**Ensure a maintenance window is enabled.** - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - its('enabled') { should eq true } -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:GetMaintenanceWindowResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_target.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_target.md deleted file mode 100644 index 92455942d8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_target.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "aws_ssm_maintenance_window_target Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_maintenance_window_target" -identifier = "inspec/resources/aws/aws_ssm_maintenance_window_target Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_maintenance_window_target` Chef InSpec audit resource to test properties of a single AWS Systems Manager (SSM) maintenance window target. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM MaintenanceWindowTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the maintenance window target exists. - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - it { should exist } -end -``` - -## Parameters - -`window_id` _(required)_ - -: The ID of the maintenance window to register the target with. - -`window_task_id` _(required)_ - -: The ID of the target. - -## Properties - -`window_id` -: The ID of the maintenance window to register the target with. - -`window_target_id` -: The ID of the target. - -`resource_type` -: The type of target that is being registered with the maintenance window. - -`targets` -: The targets, either instances or tags. - -`target_keys` -: User-defined criteria for sending commands that target instances that meet the criteria. - -`target_values` -: User-defined criteria that maps to Key. - -`owner_information` -: A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window. - -`name` -: The name for the maintenance window target. - -`description` -: A description for the target. - -## Examples - -**Verify the description of a maintenance window target.** - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - its('description') { should eq 'MAINTENANCE_TARGET_DESCRIPTION' } -end -``` - -**Ensure a maintenance window target id is available.** - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - its('window_target_id') { should eq 'WINDOW_TARGET_ID' } -end -``` - -**Verify a maintenance resource type is `INSTANCE`.** - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - its('resource_type') { should eq 'INSTANCE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ssm_maintenance_window_target(window_id: 'WINDOW_ID', window_target_id: 'WINDOW_TARGET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeMaintenanceWindowTargetsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_targets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_targets.md deleted file mode 100644 index 88e0f7d3c1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_targets.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "aws_ssm_maintenance_window_targets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_maintenance_window_targets" -identifier = "inspec/resources/aws/aws_ssm_maintenance_window_targets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_maintenance_window_targets` InSpec audit resource to test properties of multiple AWS Systems Manager (SSM) maintenance window targets. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM MaintenanceWindowTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a maintenance window target exists. - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - it { should exist } -end -``` - -## Parameters - -`window_id` _(required)_ - -: The ID of the maintenance window to register the target with. - -## Properties - -`window_ids` -: The ID of the maintenance window to register the target with. - -: **Field**: `window_id` - -`window_target_ids` -: The ID of the target. - -: **Field**: `window_target_id` - -`resource_types` -: The type of target that is being registered with the maintenance window. - -: **Field**: `resource_type` - -`targets` -: The targets, either instances or tags. - -: **Field**: `targets` - -`owner_informations` -: A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window. - -: **Field**: `owner_information` - -`names` -: The name for the maintenance window target. - -: **Field**: `name` - -`descriptions` -: A description for the target. - -: **Field**: `description` - -## Examples - -**Verify that the maintenance window target description exists.** - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - its('descriptions') { should include 'MAINTENANCE_TARGET_DESCRIPTION' } -end -``` - -**Ensure a maintenance window target ID is available.** - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - its('window_target_ids') { should include 'WINDOW_TARGET_ID' } -end -``` - -**Verify a maintenance resource type is `INSTANCE`.** - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - its('resource_types') { should include 'INSTANCE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ssm_maintenance_window_targets(window_id: 'WINDOW_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeMaintenanceWindowTargetsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_task.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_task.md deleted file mode 100644 index 3a1099d539..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_task.md +++ /dev/null @@ -1,159 +0,0 @@ -+++ -title = "aws_ssm_maintenance_window_task Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_maintenance_window_task" -identifier = "inspec/resources/aws/aws_ssm_maintenance_window_task Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_maintenance_window_task` InSpec audit resource to test properties of a single AWS Systems Manager (SSM) maintenance window task. - -The `AWS::SSM::MaintenanceWindowTask` resource defines information about a task for an AWS Systems Manager maintenance window. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM MaintenanceWindowTask](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the maintenance window task exists. - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - it { should exist } -end -``` - -## Parameters - -`window_id` _(required)_ - -: The ID of the maintenance window where the task is registered. - -`window_task_id` _(required)_ - -: The task ID. - -## Properties - -`window_id` -: The ID of the maintenance window where the task is registered. - -`window_task_id` -: The task ID. - -`task_arn` -: The resource that the task uses during execution. - -`type` -: The type of task. - -`targets` -: The targets (either instances or tags). - -`target_keys` -: User-defined criteria for sending commands that target instances that meet the criteria. - -`target_values` -: User-defined criteria that maps to Key. - -`task_parameters` -: The parameters that should be passed to the task when it is run. - -`priority` -: The priority of the task in the maintenance window. - -`logging_info.s3_bucket_name` -: The name of an S3 bucket where execution logs are stored. - -`logging_info.s3_key_prefix` -: The S3 bucket subfolder. - -`logging_info.s3_region` -: The Amazon Web Services Region where the S3 bucket is located. - -`service_role_arn` -: The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks. - -`max_concurrency` -: The maximum number of targets this task can be run for, in parallel. - -`max_errors` -: The maximum number of errors allowed before this task stops being scheduled. - -`name` -: The task name. - -`description` -: A description of the task. - -`cutoff_behavior` -: The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached. - -## Examples - -**Ensure a window task ID is available.** - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - its('window_task_id') { should eq 'WINDOW_TASK_ID' } -end -``` - -**Verify the priority of the maintenance window.** - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - its('priority') { should eq 1 } -end -``` - -**Verify the type of the maintenance window.** - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - its('type') { should eq 'AUTOMATION' } -end -``` - -**Verify the name of the maintenance window.** - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - its('name') { should eq 'WINDOW_TASK_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -aws_ssm_maintenance_window_task(window_id: 'WINDOW_ID', window_task_id: 'WINDOW_TASK_ID') - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeMaintenanceWindowTasksResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_tasks.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_tasks.md deleted file mode 100644 index f09aa168d9..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_window_tasks.md +++ /dev/null @@ -1,171 +0,0 @@ -+++ -title = "aws_ssm_maintenance_window_tasks Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_maintenance_window_tasks" -identifier = "inspec/resources/aws/aws_ssm_maintenance_window_tasks Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_maintenance_window_tasks` InSpec audit resource to test properties of multiple AWS Systems Manager (SSM) maintenance window tasks. - -The `AWS::SSM::MaintenanceWindowTask` resource defines information about a task for an AWS Systems Manager maintenance window. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM MaintenanceWindowTask](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the maintenance window task exists. - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - it { should exist } -end -``` - -## Parameters - -`window_id` _(required)_ - -: The ID of the maintenance window where the task is registered. - -## Properties - -`window_ids` -: The ID of the maintenance window where the task is registered. - -: **Field**: `window_id` - -`window_task_ids` -: The task ID. - -: **Field**: `window_task_id` - -`task_arns` -: The resource that the task uses during execution. - -: **Field**: `task_arn` - -`types` -: The type of task. - -: **Field**: `type` - -`targets` -: The targets (either instances or tags). - -: **Field**: `targets` - -`task_parameters` -: The parameters that should be passed to the task when it is run. - -: **Field**: `task_parameters` - -`priorities` -: The priority of the task in the maintenance window. - -: **Field**: `priority` - -`logging_infos` -: The logging information. - -: **Field**: `logging_info` - -`service_role_arns` -: The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks. - -: **Field**: `service_role_arn` - -`max_concurrencies` -: The maximum number of targets this task can be run for, in parallel. - -: **Field**: `max_concurrency` - -`max_errors` -: The maximum number of errors allowed before this task stops being scheduled. - -: **Field**: `max_errors` - -`names` -: The task name. - -: **Field**: `name` - -`descriptions` -: A description of the task. - -: **Field**: `description` - -`cutoff_behaviors` -: The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached. - -: **Field**: `cutoff_behavior` - -## Examples - -**Ensure a window task ID is available.** - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - its('window_task_ids') { should include 'WINDOW_TASK_ID' } -end -``` - -**Verify the priority of the maintenance window.** - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - its('priorities') { should include 1 } -end -``` - -**Verify the type of the maintenance window.** - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - its('types') { should include 'AUTOMATION' } -end -``` - -**Verify the name of the maintenance window.** - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - its('names') { should include 'WINDOW_TASK_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -aws_ssm_maintenance_window_tasks(window_id: 'WINDOW_ID') - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeMaintenanceWindowTasksResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_windows.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_windows.md deleted file mode 100644 index e2f9696ff4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_maintenance_windows.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "aws_ssm_maintenance_windows Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_maintenance_windows" -identifier = "inspec/resources/aws/aws_ssm_maintenance_windows Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_maintenance_windows` InSpec audit resource to test properties of multiple AWS Systems Manager (SSM) maintenance windows. - -The `AWS::SSM::MaintenanceWindow` resource represents general information about a maintenance window for AWS Systems Manager. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::SSM::MaintenanceWindow` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a maintenance window exists. - -```ruby -describe aws_ssm_maintenance_windows do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`window_ids` -: The ID of the maintenance window. - -: **Field**: `window_id` - -`names` -: The name of the maintenance window. - -: **Field**: `name` - -`descriptions` -: A description of the maintenance window. - -: **Field**: `description` - -`enabled` -: Indicates whether the maintenance window is enabled. - -: **Field**: `enabled` - -`durations` -: The duration of the maintenance window in hours. - -: **Field**: `duration` - -`cutoffs` -: The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution. - -: **Field**: `cutoff` - -`schedules` -: The schedule of the maintenance window in the form of a cron or rate expression. - -: **Field**: `schedule` - -`schedule_timezones` -: The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. - -: **Field**: `schedule_timezone` - -`schedule_offsets` -: The number of days to wait to run a maintenance window after the scheduled cron expression date and time. - -: **Field**: `schedule_offset` - -`end_dates` -: The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. - -: **Field**: `end_date` - -`start_dates` -: The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. - -: **Field**: `start_date` - -`next_execution_times` -: The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive. - -: **Field**: `next_execution_time` - -## Examples - -**Ensure a maintenance window ID is available.** - -```ruby -describe aws_ssm_maintenance_windows do - its('window_ids') { should include 'MAINTENANCE_WINDOW_ID' } -end -``` - -**Ensure a maintenance window name is available.** - -```ruby -describe aws_ssm_maintenance_windows do - its('names') { should include 'MAINTENANCE_WINDOW_NAME' } -end -``` - -**Verify a maintenance window is enabled.** - -```ruby -describe aws_ssm_maintenance_windows do - its('enabled') { should include true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_maintenance_windows do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_maintenance_windows do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeMaintenanceWindowsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_parameter.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_parameter.md deleted file mode 100644 index f107c9db44..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_parameter.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "aws_ssm_parameter Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_parameter" -identifier = "inspec/resources/aws/aws_ssm_parameter Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_parameter` InSpec audit resource to test properties of a ssm parameter. - -For additional information, including details on parameters and properties, see the [AWS documentation on SSM Parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - An `aws_ssm_parameter` resource block uses the parameter to select a ssm parameter. - -```ruby -describe aws_ssm_parameter(name: 'ssm-parameter-name-1234') do - it { should exist } -end -``` - - -## Parameters - -`name` _(required)_ - -: This resource accepts a single parameter, the SSM Parameter Name. - This can be passed either as a string or as a `aws_ssm_parameter: 'value'` key-value entry in a hash. - -`with_decryption` _(optional)_ - -: This decrypts the value associated with the ssm parameter. This must be passed as a string `with_decryption: "true"`. - -## Properties - -`arn` -: Provides the Amazon Resource Name (ARN) of the parameter. - -`data_type` -: Provides the data type of the parameter. - -`last_modified_date` -: Provides the date the parameter was last changed or updated and the parameter version was created. - -`name` -: Provides the name of the parameter. - -`selector` -: Provides the version number or label used to retrieve the parameter value. - -`source_result` -: Applies to parameters that reference information in other AWS services. - -`type` -: Provides the type of the parameter. - -`value` -: Provides the value of the parameter. - -`version` -: Provides the version of the parameter. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Parameter.html) - -## Examples - -**Check the Name of a SSM Parameter.** - -```ruby -describe aws_ssm_parameter(name: 'ssm_parameter-name-1234') do - its('name') { should eq 'ssm_parameter-name-1234' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_parameter(name: 'ssm_parameter-name-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ssm_parameter(name: 'ssm_parameter-name-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:GetParameterResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_parameters.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_parameters.md deleted file mode 100644 index 2c7b799b29..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_parameters.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "aws_ssm_parameters Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_parameters" -identifier = "inspec/resources/aws/aws_ssm_parameters Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_parameters` InSpec audit resource to test properties of a collection of AWS SSM parameters. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 SSM Parameters - -```ruby -describe aws_ssm_parameters do - its('names.count') { should cmp 3 } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`names` -: Provides the name of the parameter. - -`types` -: Provides the type of the parameter. - -`key_ids` -: Provides the key id of the parameter. - -`last_modified_dates` -: Provides the date the parameter was last changed or updated and the parameter version was created. - -`last_modified_users` -: Provides the user that last changed or updated the parameter. - -`descriptions` -: Provides the description of the parameter. - -`versions` -: Provides the version of the parameter. - -`tiers` -: Provides the tier of the parameter. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Parameter.html) - -## Examples - -**Ensure Name of a SSM Parameter exists.** - -```ruby -describe aws_ssm_parameters do - its('names') { should include 'ssm-parameter-name' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_parameters.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ssm_parameters.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribeParametersResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_patch_baseline.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_patch_baseline.md deleted file mode 100644 index 285e58eb70..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_patch_baseline.md +++ /dev/null @@ -1,246 +0,0 @@ -+++ -title = "aws_ssm_patch_baseline Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_patch_baseline" -identifier = "inspec/resources/aws/aws_ssm_patch_baseline Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_patch_baseline` InSpec audit resource to test properties of a single AWS Systems Manager (SSM) patch baseline. - -The `AWS::SSM::PatchBaseline` resource defines the basic information for an AWS Systems Manager patch baseline. A patch baseline defines which patches are approved for installation on your instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM patch baseline](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the baseline exists: - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - it { should exist } -end -``` - -## Parameters - -`baseline_id` _(required)_ - -: The ID of the patch baseline. - -## Properties - -`baseline_id` -: The ID of the patch baseline. - -: **Field**: `baseline_id` - -`name` -: The name of the patch baseline. - -: **Field**: `name` - -`operating_system` -: Returns the operating system specified for the patch baseline. - -: **Field**: `operating_system` - -`patch_filters` -: The set of patch filters that make up the group. - -: **Field**: `patch_filters` - -`patch_filter_keys` -: The key for the filter. - -: **Field**: `patch_filters.key` - -`patch_filter_values` -: The value for the filter key. - -: **Field**: `patch_filters.values` - -`approval_rules.patch_rules` -: The rules that make up the rule group. - -: **Field**: `patch_rules` - -`patch_filters` -: The set of patch filters that make up the group. - -: **Field**: `patch_filter_group.patch_filters` - -`patch_filter_group_keys` -: The key for the filter. - -: **Field**: `patch_filter_group.patch_filters.key` - -`patch_filter_group_values` -: The value for the filter key. - -: **Field**: `patch_filter_group.patch_filters.values` - -`compliance_levels` -: A compliance severity level for all approved patches in a patch baseline. - -: **Field**: `compliance_level` - -`approve_after_days` -: The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. - -: **Field**: `approve_after_days` - -`approve_until_date` -: The cutoff date for auto approval of released patches. - -: **Field**: `approve_until_date` - -`enable_non_security` -: For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. - -: **Field**: `enable_non_security` - -`approved_patches` -: A list of explicitly approved patches for the baseline. - -: **Field**: `approved_patches` - -`approved_patches_compliance_level` -: Returns the specified compliance severity level for approved patches in the patch baseline. - -: **Field**: `approved_patches_compliance_level` - -`approved_patches_enable_non_securities` -: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. - -: **Field**: `approved_patches_enable_non_security` - -`rejected_patches` -: A list of explicitly rejected patches for the baseline. - -: **Field**: `rejected_patches` - -`rejected_patches_action` -: The action specified to take on patches included in the RejectedPatches list. - -: **Field**: `rejected_patches_action` - -`patch_groups` -: Patch groups included in the patch baseline. - -: **Field**: `patch_groups` - -`created_date` -: The date the patch baseline was created. - -: **Field**: `created_date` - -`modified_date` -: The date the patch baseline was last modified. - -: **Field**: `modified_date` - -`descriptions` -: A description of the patch baseline. - -: **Field**: `description` - -`sources` -: Information about the patches to use to update the instances, including target operating systems and source repositories. - -: **Field**: `sources` - -`source_names` -: The name specified to identify the patch source. - -: **Field**: `sources.name` - -`source_products` -: The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". - -: **Field**: `sources.products` - -`source_configurations` -: The value of the yum repo configuration. - -: **Field**: `sources.configuration` - -## Examples - -**Ensure a baseline ID is available.** - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - its('baseline_id') { should eq 'BASELINE_ID' } -end -``` - -**Ensure an operating system is `WINDOWS`.** - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - its('operating_system') { should eq 'WINDOWS' } -end -``` - -**Ensure a source name is empty.** - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - its('source_names') { should be_empty } -end -``` - -**Ensure an approved patches compliance level is `UNSPECIFIED`.** - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - its('approved_patches_compliance_level') { should eq 'UNSPECIFIED' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ssm_patch_baseline(baseline_id: 'BASELINE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:GetPatchBaselineResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_patch_baselines.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_patch_baselines.md deleted file mode 100644 index 14e31f2e5f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_patch_baselines.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "aws_ssm_patch_baselines Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_patch_baseline" -identifier = "inspec/resources/aws/aws_ssm_patch_baselines Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_patch_baseline` InSpec audit resource to test properties of multiple AWS Systems Manager (SSM) patch baselines. - -The `AWS::SSM::PatchBaseline` resource defines the basic information for an AWS Systems Manager patch baseline. A patch baseline defines which patches are approved for installation on your instances. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM patch baseline](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a baseline exists: - -```ruby -describe aws_ssm_patch_baselines do - it { should exist } -end -``` - -## Parameters - -This resource does not expect any required parameters. - -## Properties - -`baseline_ids` -: The ID of the patch baseline. - -: **Field**: `baseline_id` - -`names` -: The name of the patch baseline. - -: **Field**: `name` - -`operating_systems` -: Returns the operating system specified for the patch baseline. - -: **Field**: `operating_system` - -`baseline_descriptions` -: A description of the patch baseline. - -: **Field**: `baseline_description` - -`default_baselines` -: Whether this is the default baseline. - -: **Field**: `default_baseline` - -## Examples - -**Ensure a baseline ID is available.** - -```ruby -describe aws_ssm_patch_baselines do - its('baseline_ids') { should include 'BASELINE_ID' } -end -``` - -**Ensure a baseline name is present.** - -```ruby -describe aws_ssm_patch_baselines do - its('baseline_names') { should include 'BASELINE_NAME' } -end -``` - -**Ensure a patch baseline has the `WINDOWS` operating system.** - -```ruby -describe aws_ssm_patch_baselines do - its('operating_systems') { should include 'WINDOWS' } -end -``` - -**Ensure a baseline description is present.** - -```ruby -describe aws_ssm_patch_baselines do - its('baseline_descriptions') { should include 'BASELINE_DESCRIPTION' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_patch_baselines do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_patch_baselines do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_ssm_patch_baselines do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:DescribePatchBaselinesResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_compliance_summaries.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_compliance_summaries.md deleted file mode 100644 index 049b4f2a39..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_compliance_summaries.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_ssm_resource_compliance_summaries Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_resource_compliance_summaries" -identifier = "inspec/resources/aws/aws_ssm_resource_compliance_summaries Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_resource_compliance_summaries` InSpec audit resource to test properties of a collection of AWS SSM compliance summaries. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - Ensure you have exactly 3 SSM Resource Compliance Summary Types - -```ruby -describe aws_ssm_resource_compliance_summaries do - its('compliance_types.count') { should cmp 3 } -end -``` - -## Parameters - -`compliance_type` _(optional)_ - -: This optional parameter allows you to filter based on compliance type. This must be passed as a string `compliance_type: 'value'`. - -`overall_severity` _(optional)_ - -: This optional parameter allows you to filter based on overall severity. This must be passed as a string `overall_severity: 'value'`. - -See the [AWS documentation on SSM](https://docs.aws.amazon.com/systems-manager/?id=docs_gateway). - -## Properties - -`compliance_types` -: Provides the compliance type. - -`compliant_summaries` -: Provides a list of items that are compliant for the resource. - -`execution_summaries` -: Provides information about the execution. - -`non_compliant_summaries` -: Provides a list of items that aren't compliant for the resource. - -`overall_severity` -: Provides the highest severity item found for the resource. - -`resource_ids` -: Provides the resource id. - -`resource_types` -: Provides the resource type. - -`status` -: Provides the compliance status for the resource. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ResourceComplianceSummaryItem.html) - -## Examples - -**Ensure Compliance Type of a SSM Resource Compliance Summary exists.** - -```ruby -describe aws_ssm_resource_compliance_summaries do - its('compliance_types') { should include 'ssm-compliance-type' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_resource_compliance_summaries.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_ssm_resource_compliance_summaries.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:ListResourceComplianceSummariesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_compliance_summary.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_compliance_summary.md deleted file mode 100644 index b8188a95bf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_compliance_summary.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_ssm_resource_compliance_summary Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_resource_compliance_summary" -identifier = "inspec/resources/aws/aws_ssm_resource_compliance_summary Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_resource_compliance_summary` InSpec audit resource to test properties of a ssm resource compliance summary. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - - An `aws_ssm_resource_compliance_summary` resource block uses the parameter to select a ssm resource compliance summary. - -```ruby -describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234') do - it { should exist } -end -``` - - -## Parameters - -`resource_id` _(required)_ - -: This resource requires the SSM Resource ID parameter. - This can be passed either as a string or as a `resource_id: 'value'` key-value entry in a hash. - -`compliance_type` _(optional)_ - -: This optional parameter allows you to filter based on resource_id and compliance type together. This must be passed as a string `compliance_type: 'value'`. - -`overall_severity` _(optional)_ - -: This optional parameter allows you to filter based on resource_id and overall severity together. This must be passed as a string `overall_severity: 'value'`. - -`status` _(optional)_ - -: This optional parameter allows you to filter based on resource_id and status together. This must be passed as a string `status: 'value'`. - -See the [AWS documentation on SSM Resource Compliance Summary](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html#compliance-view-results). - - -## Properties - -`compliance_type` -: Provides the compliance type. - -`compliant_summary` -: Provides a list of items that are compliant for the resource. - -`execution_summary` -: Provides information about the execution. - -`non_compliant_summary` -: Provides a list of items that aren't compliant for the resource. - -`overall_severity` -: Provides the highest severity item found for the resource. - -`resource_id` -: Provides the resource id. - -`resource_type` -: Provides the resource type. - -`status` -: Provides the compliance status for the resource. - -For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ResourceComplianceSummaryItem.html) - -## Examples - -**Check the Status of a SSM Resource Compliance Summary.** - -```ruby -describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234', status: 'status-1234') do - it { should exist } - its('resource_id') { should include resource_id } - its('status') { should include 'status-1234' } -end -``` - -**Return specific Compliance type for a SSM Resource Compliance Summary.** - -```ruby -describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234', compliance_type: 'compliance-type-1234') do - it { should exist } - its('resource_id') { should include resource_id } - its('compliance_type') { should include 'compliance-type-1234' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234') do - it { should exist } -end -``` - -```ruby -describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-6789') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:ListResourceComplianceSummariesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_data_syncs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_data_syncs.md deleted file mode 100644 index b7f8a88244..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_ssm_resource_data_syncs.md +++ /dev/null @@ -1,141 +0,0 @@ -+++ -title = "aws_ssm_resource_data_syncs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_ssm_resource_data_syncs" -identifier = "inspec/resources/aws/aws_ssm_resource_data_syncs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_ssm_resource_data_syncs` InSpec audit resource to test properties of the plural resource of an AWS Systems Manager (SSM) resource data sync. - -The `AWS::SSM::ResourceDataSync` resource creates, updates, or deletes a resource data sync for AWS Systems Manager. A resource data sync helps you view data from multiple sources in a single location. Systems Manager offers two types of resource data sync: `SyncToDestination` and `SyncFromSource`. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS SSM ResourceDataSync](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the resource data syncs exists: - -```ruby -describe aws_ssm_resource_data_syncs do - it { should exist } -end -``` - -## Parameters - -This resource does not expect any required parameters. - -## Properties - -`sync_names` -: The name of the resource data sync. - -: **Field**: `sync_name` - -`sync_types` -: The type of resource data sync. - -: **Field**: `sync_type` - -`sync_sources` -: Information about the source where the data was synchronized. - -: **Field**: `sync_source` - -`s3_destinations` -: Configuration information for the target S3 bucket. - -: **Field**: `s3_destination` - -`last_sync_times` -: The last time the configuration attempted to sync (UTC). - -: **Field**: `last_sync_time` - -`last_successful_sync_times` -: The last time the sync operations returned a status of SUCCESSFUL (UTC). - -: **Field**: `last_successful_sync_time` - -`sync_last_modified_times` -: The date and time the resource data sync was changed. - -: **Field**: `sync_last_modified_time` - -`last_statuses` -: The status reported by the last sync. - -: **Field**: `last_status` - -`sync_created_times` -: The date and time the configuration was created (UTC). - -: **Field**: `sync_created_time` - -`last_sync_status_messages` -: The status message details reported by the last sync. - -: **Field**: `last_sync_status_message` - -## Examples - -**Ensure a sync name is available.** - -```ruby -describe aws_ssm_resource_data_syncs do - its('sync_names') { should include 'RESOURCE_DATA_SYNC_NAME' } -end -``` - -**Ensure a sync type is available.** - -```ruby -describe aws_ssm_resource_data_syncs do - its('sync_types') { should include 'RESOURCE_DATA_SYNC_TYPE' } -end -``` - -**Ensure a status is `Successful`.** - -```ruby -describe aws_ssm_resource_data_syncs do - its('last_statuses') { should include 'Successful' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_ssm_resource_data_syncs do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_ssm_resource_data_syncs do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="SSM:Client:ListResourceDataSyncResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_activities.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_activities.md deleted file mode 100644 index 346ba8c00a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_activities.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "aws_stepfunctions_activities Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_stepfunctions_activities" -identifier = "inspec/resources/aws/aws_stepfunctions_activities Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_stepfunctions_activity` Chef InSpec audit resource to test properties of multiple AWS Step Functions activities. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::StepFunctions::Activity` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-activity.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an activity exists. - -```ruby -describe aws_stepfunctions_activities do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`activity_arns` -: The Amazon Resource Name (ARN) that identifies the activity. - -: **Field**: `activity_arn` - -`names` -: The name of the activity. - -: **Field**: `name` - -`creation_dates` -: The date the activity is created. - -: **Field**: `creation_date` - -## Examples - -**Ensure an activity ARN is available.** - -```ruby -describe aws_stepfunctions_activities do - its('activity_arns') { should include 'ACTIVITY_ARN' } -end -``` - -**Ensure an activity name is available.** - -```ruby -describe aws_stepfunctions_activities do - its('names') { should include 'ACTIVITY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_stepfunctions_activities do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_stepfunctions_activities do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="States:Client:ListActivitiesOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_activity.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_activity.md deleted file mode 100644 index 6d04d75f95..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_activity.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "aws_stepfunctions_activity Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_stepfunctions_activity" -identifier = "inspec/resources/aws/aws_stepfunctions_activity Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_stepfunctions_activity` Chef InSpec audit resource to test properties of a single AWS Step Functions activity. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::StepFunctions::Activity` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-activity.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the activity exists. - -```ruby -describe aws_stepfunctions_activity(activity_arn: 'ACTIVITY_ARN') do - it { should exist } -end -``` - -## Parameters - -`activity_arn` _(required)_ - -: The Amazon Resource Name (ARN) that identifies the activity. - -## Properties - -`activity_arn` -: The Amazon Resource Name (ARN) that identifies the activity. - -`name` -: The name of the activity. - -`creation_date` -: The date the activity is created. - -## Examples - -**Ensure a activity ARN is available.** - -```ruby -describe aws_stepfunctions_activity(activity_arn: 'ACTIVITY_ARN') do - its('activity_arn') { should eq 'ACTIVITY_ARN' } -end -``` - -**Ensure an activity name is available.** - -```ruby -describe aws_stepfunctions_activity(activity_arn: 'ACTIVITY_ARN') do - its('name') { should eq 'ACTIVITY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_stepfunctions_activity(activity_arn: 'ACTIVITY_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_stepfunctions_activity(activity_arn: 'ACTIVITY_ARN') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="States:Client:DescribeActivityOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_state_machine.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_state_machine.md deleted file mode 100644 index caf89a4ed8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_state_machine.md +++ /dev/null @@ -1,127 +0,0 @@ -+++ -title = "aws_stepfunctions_state_machine Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_stepfunctions_state_machine" -identifier = "inspec/resources/aws/aws_stepfunctions_state_machine Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_stepfunctions_state_machine` InSpec audit resource to test properties of a single specific Step Functions state machine. - -A state machine consists of a collection of states that can do work (Task states), determine which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. - -For additional information, including details on parameters and properties, see the [AWS documentation on Step Functions state machine](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an identity pool exists. - -```ruby -describe aws_stepfunctions_state_machine(state_machine_arn: 'STATE_MACHINE_ARN') do - it { should exist } -end -``` - -## Parameters - -`state_machine_arn` _(required)_ - -: The ARN of the state machine. - -## Properties - -`state_machine_arn` -: The ARN of the state machine. - -`name` -: The name of the state machine. - -`status` -: The current status of the state machine. - -`definition` -: The Amazon States Language definition of the state machine. - -`role_arn` -: The ARN of the IAM role used when creating this state machine. - -`type` -: The type of the state machine. Valid values: `STANDARD` or `EXPRESS`. - -`creation_date` -: The creation date of the state machine. - -`logging_configuration (level)` -: The category of execution history in which events are logged. - -`logging_configuration (include_execution_data)` -: Whether execution data is included in your log. Valid values: `true` or `false`. - -`logging_configuration (destinations)` -: An array of objects that describes where your execution history events will be logged. - -`tracing_configuration (enabled)` -: Selects whether or not the state machine's AWS X-Ray tracing is enabled. Valid values: `true` or `false`. - -## Examples - -**Ensure a state machine ARN is available.** - -```ruby -describe aws_stepfunctions_state_machine(state_machine_arn: 'STATE_MACHINE_ARN') do - its('state_machine_arn') { should eq 'STATE_MACHINE_ARN' } -end -``` - -**Ensure that the status is available.** - -```ruby -describe aws_stepfunctions_state_machine(state_machine_arn: 'STATE_MACHINE_ARN') do - its('status') { should eq 'ACTIVE' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_stepfunctions_state_machine(state_machine_arn: 'STATE_MACHINE_ARN') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_stepfunctions_state_machine(state_machine_arn: 'STATE_MACHINE_ARN') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the identity pool id is available. -```ruby -describe aws_stepfunctions_state_machine(state_machine_arn: 'STATE_MACHINE_ARN') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="States:Client:DescribeStateMachineOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_state_machines.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_state_machines.md deleted file mode 100644 index a842eb5307..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_stepfunctions_state_machines.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_stepfunctions_state_machines Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_stepfunctions_state_machines" -identifier = "inspec/resources/aws/aws_stepfunctions_state_machines Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_stepfunctions_state_machines` InSpec audit resource to test properties of multiple Step Functions state machines. - -A state machine consists of a collection of states that can do work (Task states), determine which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. - -For additional information, including details on parameters and properties, see the [AWS documentation on Step Functions state machine](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a state machine exists. - -```ruby -describe aws_stepfnctions_state_machines do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`state_machine_arns` -: The ARNs of the state machine. - -`names` -: The names of the state machine. - -`types` -: The type of the state machine. Valid values: `STANDARD` or `EXPRESS`. - -`creation_date` -: The creation dates of the state machine. - -## Examples - -**Ensure an state machine ARN is available.** - -```ruby -describe aws_stepfunctions_state_machines do - its('state_machine_arns') { should include 'STATE_MACHINE_ARN' } -end -``` - -**Ensure a name is available.** - -```ruby -describe aws_stepfunctions_state_machines do - its('names') { should include 'STATE_MACHINE_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_stepfunctions_state_machines do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_stepfunctions_state_machines do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the state machine is available. - -```ruby -describe aws_stepfunctions_state_machines do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="States:Client:ListStateMachinesOutput" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sts_caller_identity.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sts_caller_identity.md deleted file mode 100644 index 42c97166a8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_sts_caller_identity.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "aws_sts_caller_identity Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_sts_caller_identity" -identifier = "inspec/resources/aws/aws_sts_caller_identity Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_sts_caller_identity` InSpec audit resource to test properties of AWS IAM identity whose credentials are used in the current InSpec scan. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_sts_caller_identity` resource block may be used to perform tests on details of the AWS credentials being used in the current Inspec scan. You can also test if the credentials belong to a GovCloud account or not. - -```ruby -describe aws_sts_caller_identity do - it { should exist } -end -``` - - -## Parameters - -`name` _(required)_ - -: This resource does not expect any parameters. - -## Properties - -`arn` -: The AWS ARN associated with the calling entity. - -`account` -: The AWS account ID number of the account that owns or contains the calling entity. - -`user_id` -: The unique identifier of the calling entity. - -For more info, see [the API reference documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) - -## Examples - -**Check that the credentials used to run the scan is correct.** - -```ruby -describe aws_sts_caller_identity do - its("arn") { should match "arn:aws:iam::.*:user/service-account-inspec" } -end -``` - -**Test if the account belongs to GovCloud.** - -```ruby -describe aws_sts_caller_identity do - it { should be_govcloud } -end -``` - -**Skip a test if we are using GovCloud.** - -```ruby -if aws_sts_caller_identity.govcloud? - describe 'Skipping Root User MFA check as we are on GovCloud' do - skip - end -else - describe aws_iam_root_user do - it { should have_mfa_enabled } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_govcloud - -The `be_govcloud` matcher tests if the account is a 'GovCloud' AWS Account. - -```ruby -describe aws_sts_caller_identity do - it { should_not be_govcloud } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="STS:Client:GetCallerIdentityResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_subnet.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_subnet.md deleted file mode 100644 index f4c557704d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_subnet.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "aws_subnet Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_subnet" -identifier = "inspec/resources/aws/aws_subnet Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet. - -For additional information, including details on parameters and properties, see the [AWS documentation on Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC. - -```ruby -describe aws_subnet(subnet_id: 'subnet-1234567') do - it { should exist } -end -``` - -## Parameters - -`subnet_id` _(required)_ - -: This resource accepts a single parameter, the Subnet ID. - This can be passed either as a string or as a `subnet_id: 'value'` key-value entry in a hash. - -## Properties - -`subnet_id` -: Provides the ID of the Subnet. - -`vpc_id` -: Provides the ID of the VPC the subnet is in. - -`availability_zone` -: Provides the Availability Zone of the subnet. - -`cidr_block` -: Provides the block of ip addresses specified to the subnet. - -`available_ip_address_count` -: Provides the number of available IPv4 addresses on the subnet. - -## Examples - -**Check availability zone of a subnet.** - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - its('availability_zone') { should eq 'us-east-1c' } -end -``` - -**Check the number of available IP addresses.** - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - its('available_ip_address_count') { should eq 251 } -end -``` - -**Test the block of ip addresses specified to the subnet.** - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - its('cidr_block') { should eq '10.0.1.0/24' } -end -``` - -**Ensure the subnet is in the right VPC.** - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - its('vpc_id') { should eq 'vpc-12345678' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -#### assigning_ipv_6_address_on_creation - -Detects if the network interface on the subnet accepts IPv6 addresses. - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - it { should be_assigning_ipv_6_address_on_creation } -end -``` - -### available - -Provides the current state of the subnet. - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - it { should be_available } -end -``` - -#### default_for_az - -Detects if the subnet is the default subnet for the Availability Zone. - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - it { should be_default_for_az } -end -``` - -#### mapping_public_ip_on_launch - -Provides the VPC ID for the subnet. - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - it { should be_mapping_public_ip_on_launch } -end -``` - -### exist - -The `exist` matcher indicates that a subnet exists for the specified vpc. - -```ruby -describe aws_subnet(subnet_id: 'subnet-12345678') do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeSubnetsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_subnets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_subnets.md deleted file mode 100644 index a6c544f507..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_subnets.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "aws_subnets Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_subnets" -identifier = "inspec/resources/aws/aws_subnets Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets. - -Subnets are networks within a VPC that can have their own block of IP address's and ACL's. -VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone. -Separating IP addresses allows for protection if there is a failure in one availability zone. - -For additional information, including details on parameters and properties, see the [AWS documentation on Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group. - - # Test all subnets within a single vpc -```ruby -describe aws_subnets.where(vpc_id: 'vpc-12345678') do - its('subnet_ids') { should include 'subnet-12345678' } - its('subnet_ids') { should include 'subnet-98765432' } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`subnet_ids` -: The name of the auto scaling launch configuration associated with the auto scaling group. - -`vpc_ids` -: An integer indicating the maximum number of instances in the auto scaling group. - -`cidr_blocks` -: An integer indicating the minimum number of instances in the auto scaling group. - -`availability_zone` -: The availability zone this subnet is part of. - -`map_public_ip_on_launch` -: A boolean indicating if a public IP is automatically mapped to instances launched in this subnet. - -`states` -: An array of strings corresponding to the subnet IDs associated with the auto scaling group. - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -`tags` -: Array of arrays of hashes with existing tags. - -## Examples - -**Look for all subnets within a vpc.** - -```ruby -describe aws_subnets.where(vpc_id: 'vpc-12345678') do - its('subnet_ids') { should include 'subnet-12345678' } - its('subnet_ids') { should include 'subnet-98765432' } -end -``` - -**Examine a specific subnet.** - -```ruby -describe aws_subnets.where(subnet_id: 'subnet-12345678') do - its('cidr_blocks') { should eq ['10.0.1.0/24'] } -end -``` - -**Examine a specific vpcs Subnet IDs.** - -```ruby -describe aws_subnets.where(vpc_id: 'vpc-12345678') do - its('states') { should_not include 'pending' } -end -``` - -**Examine a specific subnets VPC IDS.** - -```ruby -describe aws_subnets.where(subnet_id: 'subnet-12345678') do - its('vpc_ids') { should include 'vpc-12345678' } -end -``` - -**Check existing tags.** - -```ruby -describe aws_subnets.where(vpc_id: vpc_id) do - its('tags') { should include([{key: 'Name', value: 'My favourite subnet'}]) } -end -``` - -## Matchers - -For a full list of available matchers, visit the [InSpec matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_subnets.where( : ) do - it { should exist } -end -``` - -```ruby -describe aws_subnets.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeSubnetsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_synthetics_canaries.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_synthetics_canaries.md deleted file mode 100644 index 0fd8b14f39..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_synthetics_canaries.md +++ /dev/null @@ -1,166 +0,0 @@ -+++ -title = "aws_synthetics_canaries Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_synthetics_canaries" -identifier = "inspec/resources/aws/aws_synthetics_canaries Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_synthetics_canaries` Chef InSpec audit resource to test properties of multiple AWS Synthetics canaries. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::Synthetics::Canary` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-synthetics-canary.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the canary exists. - -```ruby -describe aws_synthetics_canaries do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: The unique ID of this canary. - -: **Field**: `id` - -`names` -: The name of the canary. - -: **Field**: `name` - -`codes` -: This structure contains information about the canary's Lambda handler and where its code is stored by CloudWatch Synthetics. - -: **Field**: `code` - -`execution_role_arns` -: The ARN of the IAM role used to run the canary. This role must include lambda.amazonaws.com as a principal in the trust policy. - -: **Field**: `execution_role_arn` - -`schedules` -: A structure that contains information about how often the canary is to run, and when these runs are to stop. - -: **Field**: `schedule` - -`run_configs` -: A structure that contains information about a canary run. - -: **Field**: `run_config` - -`success_retention_period_in_days` -: The number of days to retain data about successful runs of this canary. - -: **Field**: `success_retention_period_in_days` - -`failure_retention_period_in_days` -: The number of days to retain data about failed runs of this canary. - -: **Field**: `failure_retention_period_in_days` - -`statuses` -: A structure that contains information about the canary's status. - -: **Field**: `status` - -`timelines` -: A structure that contains information about when the canary was created, modified, and most recently run. - -: **Field**: `timeline` - -`artifact_s3_locations` -: The location in Amazon S3 where Synthetics stores artifacts from the runs of this canary. Artifacts include the log file, screenshots, and HAR files. - -: **Field**: `artifact_s3_location` - -`engine_arns` -: The ARN of the Lambda function that is used as your canary's engine. - -: **Field**: `engine_arn` - -`runtime_versions` -: Specifies the runtime version to use for the canary. - -: **Field**: `runtime_version` - -`vpc_configs` -: If this canary is to test an endpoint in a VPC, this structure contains information about the subnets and security groups of the VPC endpoint. - -: **Field**: `vpc_config` - -`visual_references` -: If this canary performs visual monitoring by comparing screenshots, this structure contains the ID of the canary run to use as the baseline for screenshots, and the coordinates of any parts of the screen to ignore during the visual monitoring comparison. - -: **Field**: `visual_reference` - -`tags` -: The list of key-value pairs that are associated with the canary. - -: **Field**: `tags` - -`artifact_configs` -: A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3. - -: **Field**: `artifact_config` - -## Examples - -**Ensure a canary ID is available.** - -```ruby -describe aws_synthetics_canaries do - its('ids') { should include 'CANARY_ID' } -end -``` - -**Ensure a canary name is available.** - -```ruby -describe aws_synthetics_canaries do - its('names') { should include 'CANARY_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_synthetics_canaries do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_synthetics_canaries do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Synthetics:Client:DescribeCanariesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_synthetics_canary.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_synthetics_canary.md deleted file mode 100644 index 15e47db374..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_synthetics_canary.md +++ /dev/null @@ -1,173 +0,0 @@ -+++ -title = "aws_synthetics_canary Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_synthetics_canary" -identifier = "inspec/resources/aws/aws_synthetics_canary Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_synthetics_canary` Chef InSpec audit resource to test properties of a single AWS Synthetics Canary. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::Synthetics::Canary` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-synthetics-canary.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the canary exists. - -```ruby -describe aws_synthetics_canary(name: 'CANARY_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The name of the canary. - -## Properties - -`id` -: The unique ID of this canary. - -`name` -: The name of the canary. - -`code.source_location_arn` -: The ARN of the Lambda layer where Synthetics stores the canary script code. - -`code.handler` -: The entry point to use for the source code when running the canary. - -`execution_role_arn` -: The ARN of the IAM role used to run the canary. - -`schedule.expression` -: A rate expression or a cron expression that defines how often the canary is to run. - -`schedule.duration_in_seconds` -: How long, in seconds, for the canary to continue making regular runs after it was created. The runs are performed according to the schedule in the Expression value. - -`run_config.timeout_in_seconds` -: How long the canary is allowed to run before it must stop. - -`run_config.memory_in_mb` -: The maximum amount of memory available to the canary while it is running, in MB. This value must be a multiple of 64. - -`run_config.active_tracing` -: Displays whether this canary run used active X-Ray tracing. - -`success_retention_period_in_days` -: The number of days to retain data about successful runs of this canary. - -`failure_retention_period_in_days` -: The number of days to retain data about failed runs of this canary. - -`status.state` -: The current state of the canary. - -`status.state_reason` -: If the canary has insufficient permissions to run, this field provides more details. - -`status.state_reason_code` -: If the canary cannot run or has failed, this field displays the reason. - -`timeline.created` -: The date and time the canary was created. - -`timeline.last_modified` -: The date and time the canary was most recently modified. - -`timeline.last_started` -: The date and time that the canary's most recent run started. - -`timeline.last_stopped` -: The date and time that the canary's most recent run ended. - -`artifact_s3_location` -: The location in Amazon S3 where Synthetics stores artifacts from the runs of this canary. - -`engine_arn` -: The ARN of the Lambda function that is used as your canary's engine. - -`runtime_version` -: Specifies the runtime version to use for the canary. - -`vpc_config.vpc_id` -: The IDs of the VPC where this canary is to run. - -`vpc_config.subnet_ids` -: The IDs of the subnets where this canary is to run. - -`vpc_config.security_group_ids` -: The IDs of the security groups for this canary. - -`visual_reference.base_screenshots` -: An array of screenshots that are used as the baseline for comparisons during visual monitoring. - -`visual_reference.base_canary_run_id` -: The ID of the canary run that produced the screenshots that are used as the baseline for visual monitoring comparisons during future runs of this canary. - -`tags` -: The list of key-value pairs that are associated with the canary. - -`artifact_config.s3_encryption.encryption_mode` -: The encryption method to use for artifacts created by this canary. - -`artifact_config.s3_encryption.kms_key_arn` -: The ARN of the customer-managed KMS key to use, if you specify SSE-KMS for EncryptionMode. - -## Examples - -**Ensure a canary name is available.** - -```ruby -describe aws_synthetics_canary(name: 'CANARY_NAME') do - its('name') { should eq 'CANARY_NAME' } -end -``` - -**Ensure a state is `READY`.** - -```ruby -describe aws_synthetics_canary(name: 'CANARY_NAME') do - its('status.state') { should eq 'READY' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_synthetics_canary(name: 'CANARY_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_synthetics_canary(name: 'CANARY_NAME') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Synthetics:Client:GetCanaryResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transfer_user.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transfer_user.md deleted file mode 100644 index 42db1f0463..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transfer_user.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "aws_transfer_user Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transfer_user" -identifier = "inspec/resources/aws/aws_transfer_user Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transfer_user` InSpec audit resource to test properties of a single Transfer user. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transfer user](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-user.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a Transfer user exists. - -```ruby -describe aws_transfer_user(server_id: "SERVER_ID", user_name: 'USER_NAME') do - it { should exist } -end -``` - -## Parameters - -`server_id` _(required)_ - -: The system-assigned unique identifier for a server that this user has been assigned to. - -`user_name` _(required)_ - -: The name of the user assigned to one or more servers. - -## Properties - -`server_id` -: The system-assigned unique identifier for a server that this user has been assigned to. - -`user (home_directory)` -: The landing directory for a user when they log in to the server using the client. - -`user (home_directory_mappings)` -: Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. - -`user (home_directory_mappings (entry))` -: The entry for `HomeDirectoryMappings`. - -`user (home_directory_mappings (target))` -: The map target that is used in a `HomeDirectorymapEntry`. - -`user (home_directory_type)` -: The type of landing directory you want your users' home directory to be when they log into the server. - -`user (policy)` -: A scope-down policy for your user so you can use the same IAM role across multiple users. - -`user (role)` -: The ARN of the IAM role that controls your users' access to your Amazon S3 bucket or EFS file system. - -`user (ssh_public_keys (date_imported))` -: The date that the public key was added to the user account. - -`user (ssh_public_keys (ssh_public_key_body))` -: The content of the SSH public key as specified by the PublicKeyId. - -`user (ssh_public_keys (ssh_public_key_id))` -: The `SshPublicKeyId` parameter contains the identifier of the public key. - -`user (tags)` -: Key-value pairs that can be used to group and search for users. - -`user (user_name)` -: The user name associated with a server as specified by the `ServerId`. - -## Examples - -**Ensure an user is available.** - -```ruby -describe aws_transfer_user(server_id: "SERVER_ID", user_name: 'USER_NAME') do - its('user_name') { should eq 'USER_NAME' } -end -``` - -**Ensure that the server ID is available.** - -```ruby -describe aws_transfer_user(server_id: "SERVER_ID", user_name: 'USER_NAME') do - its('server_id') { should eq 'SERVER_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transfer_user(server_id: "SERVER_ID", user_name: 'USER_NAME') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transfer_user(server_id: "SERVER_ID", user_name: 'USER_NAME') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the user is available. - -```ruby -describe aws_transfer_user(server_id: "SERVER_ID", user_name: 'USER_NAME') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Transfer:Client:DescribeUserResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transfer_users.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transfer_users.md deleted file mode 100644 index 258e19e20a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transfer_users.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "aws_transfer_users Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transfer_users" -identifier = "inspec/resources/aws/aws_transfer_users Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transfer_users` InSpec audit resource to test properties of multiple Transfer users. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transfer user](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-user.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an user exists. - -```ruby -describe aws_transfer_users do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ARNs` -: The ARNs of the user. - -`home_directories` -: The landing directories for users when they log in to the server using the client. - -`home_directory_types` -: The landing directory types you want your users' home directory to be when they log into the server. - -`roles` -: The ARNs of the IAM roles that controls your users' access to your Amazon S3 bucket or EFS file system. - -`ssh_public_key_count` -: The ssh public key count of the user. - -`user_names` -: The user names associated with a server as specified by the `ServerId`. - -## Examples - -**Ensure an ARN is available.** - -```ruby -describe aws_transfer_users do - its('arns') { should include 'USER_ARN' } -end -``` - -**Ensure that the roles is available.** - -```ruby -describe aws_transfer_users do - its('roles') { should include 'USER_ROLE_ARN' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transfer_users do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transfer_users do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the user is available. - -```ruby -describe aws_transfer_users do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="Transfer:Client:ListUsersResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway.md deleted file mode 100644 index bad18eebfe..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway.md +++ /dev/null @@ -1,91 +0,0 @@ -+++ -title = "aws_transit_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway" -identifier = "inspec/resources/aws/aws_transit_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway` InSpec audit resource to test properties of a transit gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on Transit Gateways](https://docs.aws.amazon.com/vpc/latest/tgw/). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_transit_gateway` resource block uses the parameter to select a transit gateway. - -```ruby -describe aws_transit_gateway(transit_gateway_id: 'tgw-1234567') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_id` _(required)_ - -: This resource accepts a single parameter, the Transit Gateway ID. - This can be passed either as a string or as a `transit_gateway_id: 'value'` key-value entry in a hash. - -## Properties - -`transit_gateway_id` -: Provides the ID of the Transit Gateway. - -`transit_gateway_arn` -: Provides the ARN of the Transit Gateway. - -`transit_gateway_owner_id` -: Provides the id of the owner of the Transit Gateway. - -`default_route_table_id` -: Provides the id of the default route table of the Transit Gateway. - -`propagation_default_route_table_id` -: Provides the propagation default route table id for the Transit gateway. - -`dns_support` -: Provides the status of dns support for the Transit Gateway. - -`vpn_ecmp_support` -: Provides the status of vpn ecmp support for the Transit Gateway. - -## Examples - -**Check the owner id zone of the Transit Gateway.** - -```ruby -describe aws_transit_gateway(transit_gateway_id: 'tgw-0e231ae7f5e5e7bd5') do - its('transit_gateway_owner_id') { should eq 'owner_id' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher indicates that a transit gateway exists. - -```ruby -describe aws_transit_gateway(transit_gateway_id: 'tgw-0e231ae7f5e5e7bd5') do - it { should exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_connect.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_connect.md deleted file mode 100644 index ea892b88cf..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_connect.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_transit_gateway_connect Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_connect" -identifier = "inspec/resources/aws/aws_transit_gateway_connect Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_connect` InSpec audit resource to test properties of a single AWS EC2 Transit Gateway Connect. - -The `AWS::EC2::TransitGatewayConnect` resource creates a Connect attachment from a specified transit gateway attachment. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayConnect](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayconnect.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that transit gateway Connect attachment exists. - -```ruby -describe aws_transit_gateway_connect(transit_gateway_attachment_id: 'TRANSIT_GATEWAY_CONNECT_ATTACHMENT_ID') do - it { should exits } -end -``` - -## Parameters - -`transit_gateway_attachment_id` _(required)_ - -: The ID of the transit gateway Connect attachment. - -## Properties - -`transit_gateway_attachment_id` -: The ID of the Connect attachment. - -`transport_transit_gateway_attachment_id` -: The ID of the attachment from which the Connect attachment was created. - -`transit_gateway_id` -: The ID of the transit gateway. - -`state` -: The state of the attachment. - -`creation_time` -: The creation time. - -`options (protocol)` -: The Connect attachment options. The tunnel protocol. - -`tags` -: The tags for the attachment. - -## Examples - -**Ensure a transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_connect(transit_gateway_attachment_id: 'TRANSIT_GATEWAY_CONNECT_ATTACHMENT_ID') do - its('transit_gateway_attachment_id') { should eq 'tgw-attach-1234567890' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_transit_gateway_connect(transit_gateway_attachment_id: 'TRANSIT_GATEWAY_CONNECT_ATTACHMENT_ID') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_connect(transit_gateway_attachment_id: 'TRANSIT_GATEWAY_CONNECT_ATTACHMENT_ID') do - it { should exits } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_connect(transit_gateway_attachment_id: 'TRANSIT_GATEWAY_CONNECT_ATTACHMENT_ID') do - it { should_not exits } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_connect(transit_gateway_attachment_id: 'dummy') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayConnectsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_connects.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_connects.md deleted file mode 100644 index 305a6808b1..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_connects.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "aws_transit_gateway_connects Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_connects" -identifier = "inspec/resources/aws/aws_transit_gateway_connects Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_connects` InSpec audit resource to test properties of multiple AWS EC2 Transit Gateway Connect. - -The `AWS::EC2::TransitGatewayConnect` resource creates a Connect attachment from a specified transit gateway attachment. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayConnect](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayconnect.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that Transit Gateway Connect exists. - -```ruby -describe aws_transit_gateway_connects do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`transit_gateway_attachment_ids` -: The ID of the Connect attachment. - -`transport_transit_gateway_attachment_ids` -: The ID of the attachment from which the Connect attachment was created. - -`transit_gateway_ids` -: The ID of the transit gateway. - -`states` -: The state of the attachment. - -`creation_times` -: The creation time. - -`options` -: The Connect attachment options. The tunnel protocol. - -`tags` -: The tags for the attachment. - -## Examples - -**Ensure a transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_connects do - its('transit_gateway_attachment_ids') { should include 'TRANSIT_GATEWAY_ATTACHMENT_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_transit_gateway_connects do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_connects do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_connects do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_connects do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayConnectsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain.md deleted file mode 100644 index cecc8a7ac3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_domain Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_domain" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_domain Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_domain` Chef InSpec audit resource to test properties of an AWS EC2 transit gateway multicast domain. - -The `AWS::EC2::TransitGatewayMulticastDomain` resource creates a multicast domain using the specified transit gateway. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayConnect](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayconnect.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that transit gateway connect exists. - -```ruby -describe aws_transit_gateway_multicast_domain(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should exits } -end -``` - -## Parameters - -`transit_gateway_attachment_id` _(required)_ - -: The ID of the transit gateway multicast domain. - -## Properties - -`transit_gateway_multicast_domain_id` -: The ID of the transit gateway multicast domain. - -`transit_gateway_id` -: The ID of the transit gateway. - -`transit_gateway_multicast_domain_arn` -: The Amazon Resource Name (ARN) of the transit gateway multicast domain. - -`owner_id` -: The ID of the AWS account that owns the transit gateway multicast domain. - -`options (igmpv_2_support)` -: The options for the transit gateway multicast domain. Indicates whether Internet Group Management Protocol (IGMP) version 2 is turned on for the transit gateway multicast domain. - -`options (static_sources_support)` -: The options for the transit gateway multicast domain. Indicates whether support for statically configuring transit gateway multicast group sources is turned on. - -`options (auto_accept_shared_associations)` -: The options for the transit gateway multicast domain. Indicates whether to automatically cross-account subnet associations that are associated with the transit gateway multicast domain. - -`state` -: The state of the transit gateway multicast domain. - -`creation_time` -: The time the transit gateway multicast domain was created. - -`tags` -: The tags for the transit gateway multicast domain. - -## Examples - -**Ensure a transit gateway multicast domain ID is available.** - -```ruby -describe aws_transit_gateway_multicast_domain(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - its('transit_gateway_multicast_domain_id') { should eq 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_transit_gateway_multicast_domain(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - its('state') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_domain(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should exits } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_domain(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should_not exits } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_domain(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayMulticastDomainsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain_association.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain_association.md deleted file mode 100644 index 3b5f53190d..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain_association.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_domain_association Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_domain_association" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_domain_association Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_domain_association` Chef InSpec audit resource to test properties of a single AWS EC2 transit gateway multicast domain association. - -The `AWS::EC2::TransitGatewayMulticastDomainAssociation` resource associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastDomainAssociation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastdomainassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that the transit gateway multicast domain association exists. - -```ruby -describe aws_transit_gateway_multicast_domain_association(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should exits } -end -``` - -## Parameters - -`transit_gateway_multicast_domain_id` _(required)_ - -: The ID of the transit gateway multicast domain. - -## Properties - -`transit_gateway_attachment_id` -: The ID of the Connect attachment. - -`resource_id` -: The ID of the resource. - -`resource_type` -: The type of resource, for example a VPC attachment. - -`resource_owner_id` -: The ID of the AWS account that owns the transit gateway multicast domain association resource. - -`subnet (subnet_id)` -: The subnet associated with the transit gateway multicast domain. The ID of the subnet. - -`subnet (state)` -: The subnet associated with the transit gateway multicast domain. The state of the subnet association. - -## Examples - -**Ensure a transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_multicast_domain_association(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - its('transit_gateway_attachment_id') { should eq 'tgw-attach-1234567890' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_transit_gateway_multicast_domain_association(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - its('subnet.state') { should eq 'associated' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_domain_association(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should exits } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_domain_association(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should_not exits } -end -``` - -### be_available - -Use `should` to check if the transit gateway multicast domain association is available. - -```ruby -describe aws_transit_gateway_multicast_domain_association(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetTransitGatewayMulticastDomainAssociationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain_associations.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain_associations.md deleted file mode 100644 index 6e0a333fa4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domain_associations.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_domain_associations Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_domain_associations" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_domain_associations Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_domain_associations` Chef InSpec audit resource to test properties of multiple AWS EC2 transit gateway multicast domain associations. - -The `AWS::EC2::TransitGatewayMulticastDomainAssociation` resource associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastDomainAssociation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastdomainassociation.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that transit gateway connect exists. - -```ruby -describe aws_transit_gateway_multicast_domain_associations(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_multicast_domain_id` _(required)_ - -: The ID of the transit gateway multicast domain. - -## Properties - -`transit_gateway_attachment_ids` -: The ID of the transit gateway attachment. - -`resource_ids` -: The ID of the resource. - -`resource_types` -: The type of resource, for example a VPC attachment. - -`resource_owner_ids` -: The ID of the AWS account that owns the transit gateway multicast domain association resource. - -`subnets` -: The subnet associated with the transit gateway multicast domain. - -## Examples - -**Ensure a transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_multicast_domain_associations(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - its('transit_gateway_attachment_ids') { should include 'TRANSIT_GATEWAY_ATTACHMENT_ID' } -end -``` - -**Ensure that the resource type is `vpc`.** - -```ruby -describe aws_transit_gateway_multicast_domain_associations(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - its('resource_types') { should include 'vpc' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_domain_associations(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_domain_associations(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_domain_associations(transit_gateway_multicast_domain_id: 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:GetTransitGatewayMulticastDomainAssociationsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domains.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domains.md deleted file mode 100644 index 86144b3aeb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_domains.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_domains Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_domains" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_domains Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_domains` Chef InSpec audit resource to test properties of multiple AWS EC2 transit gateway multicast domains. - -The `AWS::EC2::TransitGatewayMulticastDomain` resource creates a Connect attachment from a specified transit gateway attachment. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastDomain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastdomain.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that transit gateway multicast domain exists. - -```ruby -describe aws_transit_gateway_multicast_domains do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`transit_gateway_multicast_domain_ids` -: The ID of the transit gateway multicast domain. - -`transit_gateway_ids` -: The ID of the transit gateway. - -`transit_gateway_multicast_domain_arns` -: The Amazon Resource Name (ARN) of the transit gateway multicast domain. - -`owner_ids` -: The ID of the AWS account that owns the transit gateway multicast domain. - -`options` -: The options for the transit gateway multicast domain. - -`states` -: The state of the transit gateway multicast domain. - -`creation_time` -: The time the transit gateway multicast domain was created. - -`tags` -: The tags for the transit gateway multicast domain. - -## Examples - -**Ensure a specific transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_multicast_domains do - its('transit_gateway_multicast_domain_ids') { should include 'TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID' } -end -``` - -**Ensure that the state is `available`.** - -```ruby -describe aws_transit_gateway_multicast_domains do - its('states') { should include 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `describe` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_domains do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_domains do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_domains do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayMulticastDomainsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_member.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_member.md deleted file mode 100644 index c8d926fb6f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_member.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_group_member Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_group_member" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_group_member Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_group_member` InSpec audit resource to test properties of a single specific AWS EC2 transit gateway multicast group member. - -The `AWS::EC2::TransitGatewayMulticastGroupMember` resource registers members (network interfaces) with the transit gateway multicast group. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastGroupMember](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastgroupmember.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that transit gateway group member exists. - -```ruby -describe aws_transit_gateway_multicast_group_member(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_multicast_domain_id` _(required)_ - -: The transit_gateway_multicast_domain_id is the ID of the multicast domain transit gateway. - -## Properties - -`group_ip_address` -: The IP address of the transit gateway multicast group. - -`transit_gateway_attachment_id` -: The attachment ID of the transit gateway. - -`subnet_id` -: The ID of the subnet. - -`resource_id` -: The ID of the resource. - -`resource_type` -: The type of the resource. - -`resource_owner_id` -: The Owner ID of the resource. - -`network_interface_id` -: The network interface ID of the resource. - -`group_member` -: The resource is a group member. Valid values are `true` and `false`. - -`group_source` -: The resource is a group source. Valid values are `true` and `false`. - -`member_type` -: The member type. Valid values are `igmp` and `static`. - -`source_type` -: The source type. Valid values are `igmp` and `static`. - -## Examples - -**Ensure a group IP address is available.** - -```ruby -describe aws_transit_gateway_multicast_group_member(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('group_ip_address') { should eq 'GROUP_IP_ADDRESS' } -end -``` - -**Ensure that the resource type is `vpc`.** - -```ruby -describe aws_transit_gateway_multicast_group_member(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('resource_type') { should eq 'vpc' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `search` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_group_member(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_group_member(transit_gateway_multicast_domain_id: "dummy") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_group_member(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:SearchTransitGatewayMulticastGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_members.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_members.md deleted file mode 100644 index c0abf4dd23..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_members.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_group_members Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_group_members" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_group_members Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_group_members` Chef InSpec audit resource to test properties of multiple AWS EC2 transit gateway multicast group members. - -The `AWS::EC2::TransitGatewayMulticastGroupMember` resource registers members (network interfaces) with the transit gateway multicast group. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastGroupMember](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastgroupmember.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that transit gateway multicast group member exists. - -```ruby -describe aws_transit_gateway_multicast_group_members(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_multicast_domain_id` _(required)_ - -: The ID of the transit gateway multicast domain. - -## Properties - -`group_ip_addresses` -: The IP address of the transit gateway multicast group. - -: **Field**: `group_ip_address` - -`transit_gateway_attachment_ids` -: The attachment id of the transit gateway. - -: **Field**: `transit_gateway_attachment_id` - -`subnet_ids` -: The ID of the subnet. - -: **Field**: `subnet_id` - -`resource_ids` -: The ID of the resource. - -: **Field**: `resource_id` - -`resource_types` -: The type of the resource. - -: **Field**: `resource_type` - -`resource_owner_ids` -: The Owner ID of the resource. - -: **Field**: `resource_owner_id` - -`network_interface_ids` -: The network interface ID of the resource. - -: **Field**: `network_interface_id` - -`group_members` -: The resource is a group member. Valid values are `true` and `false`. - -: **Field**: `group_member` - -`group_sources` -: The resource is a group source. Valid values are `true` and `false`. - -: **Field**: `group_source` - -`member_types` -: The member type. Valid values are `igmp` and `static`. - -: **Field**: `member_type` - -`source_types` -: The source type. Valid values are `igmp` and `static`. - -: **Field**: `source_type` - -## Examples - -**Ensure a transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_multicast_group_members(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('transit_gateway_attachment_ids') { should include 'TRANSIT_GATEWAY_ATTACHMENT_ID' } -end -``` - -**Ensure that the group members are available.** - -```ruby -describe aws_transit_gateway_multicast_group_members(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('group_members') { should include true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `search` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_group_members(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_group_members(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_group_members(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:SearchTransitGatewayMulticastGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_source.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_source.md deleted file mode 100644 index 4e04133ece..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_source.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_group_source Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_group_source" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_group_source Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_group_source` InSpec audit resource to test properties of a single source (network interface) of an AWS EC2 transit gateway multicast domain group. - -The `AWS::EC2::TransitGatewayMulticastGroupSource` resource registers sources (network interfaces) with the specified transit gateway multicast domain. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastGroupSource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastgroupsource.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a transit gateway group source exists. - -```ruby -describe aws_transit_gateway_multicast_group_source(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_multicast_domain_id` _(required)_ - -: The ID of the transit gateway multicast domain. - -## Properties - -`group_ip_address` -: The IP address of the transit gateway multicast group. - -`transit_gateway_attachment_id` -: The attachment ID of the transit gateway. - -`subnet_id` -: The ID of the subnet. - -`resource_id` -: The ID of the resource. - -`resource_type` -: The type of the resource. Valid values are `vpc`, `vpn`, `direct-connect-gateway`, and `tgw-peering`. - -`resource_owner_id` -: The owner ID of the resource. - -`network_interface_id` -: The network interface ID of the resource. - -`group_member` -: Whether the resource is a group member. Valid values are `true` and `false`. - -`group_source` -: Whether the resource is a group source. Valid values are `true` and `false`. - -`member_type` -: The member type. Valid values are `igmp` and `static`. - -`source_type` -: The source type. Valid values are `igmp` and `static`. - -## Examples - -**Ensure a group IP address is available.** - -```ruby -describe aws_transit_gateway_multicast_group_source(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('group_ip_address') { should eq 'IP_ADDRESS' } -end -``` - -**Ensure that the resource type is `vpc`.** - -```ruby -describe aws_transit_gateway_multicast_group_source(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('resource_type') { should eq 'vpc' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `search` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_group_source(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_group_source(transit_gateway_multicast_domain_id: "dummy") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_group_source(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:SearchTransitGatewayMulticastGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_sources.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_sources.md deleted file mode 100644 index 94780bddcb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_multicast_group_sources.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "aws_transit_gateway_multicast_group_sources Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_multicast_group_sources" -identifier = "inspec/resources/aws/aws_transit_gateway_multicast_group_sources Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_multicast_group_sources` InSpec audit resource to test properties of the sources (network interfaces) of multiple AWS EC2 transit gateway multicast domain groups. - -The `AWS::EC2::TransitGatewayMulticastGroupSource` resource registers sources (network interfaces) with the specified transit gateway multicast domain. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS EC2 TransitGatewayMulticastGroupSource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewaymulticastgroupsource.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a transit gateway multicast group source exists. - -```ruby -describe aws_transit_gateway_multicast_group_sources(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -## Parameters - -`transit_gateway_multicast_domain_id` _(required)_ - -: The ID of the transit gateway multicast domain. - -## Properties - -`group_ip_addresses` -: The IP address of the transit gateway multicast group. - -: **Field**: `group_ip_address` - -`transit_gateway_attachment_ids` -: The attachment ID of the transit gateway. - -: **Field**: `transit_gateway_attachment_id` - -`subnet_ids` -: The ID of the subnet. - -: **Field**: `subnet_id` - -`resource_ids` -: The ID of the resource. - -: **Field**: `resource_id` - -`resource_types` -: The type of the resource. Valid values are `vpc`, `vpn`, `direct-connect-gateway`, and `tgw-peering`. - -: **Field**: `resource_type` - -`resource_owner_ids` -: The Owner ID of the resource. - -: **Field**: `resource_owner_id` - -`network_interface_ids` -: The network interface ID of the resource. - -: **Field**: `network_interface_id` - -`group_members` -: Wether the resource is a group member. Valid values are `true` and `false`. - -: **Field**: `group_member` - -`group_sources` -: Wether the resource is a group source. Valid values are `true` and `false`. - -: **Field**: `group_source` - -`member_types` -: The member type. Valid values are `igmp` and `static`. - -: **Field**: `member_type` - -`source_types` -: The source type. Valid values are `igmp` and `static`. - -: **Field**: `source_type` - -## Examples - -**Ensure a transit gateway attachment ID is available.** - -```ruby -describe aws_transit_gateway_multicast_group_sources(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('transit_gateway_attachment_ids') { should include 'ATTACHMENT_ID' } -end -``` - -**Ensure that a group source is available.** - -```ruby -describe aws_transit_gateway_multicast_group_sources(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - its('group_sources') { should include true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `search` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_transit_gateway_multicast_group_sources(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_transit_gateway_multicast_group_sources(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_transit_gateway_multicast_group_sources(transit_gateway_multicast_domain_id: "TRANSIT_GATEWAY_MULTICAST_DOMAIN_ID") do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:SearchTransitGatewayMulticastGroupsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_route.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_route.md deleted file mode 100644 index 090567cbb4..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_route.md +++ /dev/null @@ -1,176 +0,0 @@ -+++ -title = "aws_transit_gateway_route Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_route" -identifier = "inspec/resources/aws/aws_transit_gateway_route Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_route` InSpec audit resource to test the properties of a single AWS transit gateway route. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_transit_gateway_route` resource block declares the tests for a single AWS transit gateway route by `transit_gateway_route_table_id`. - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - it { should exist } -end -``` - -## Parameters - -To set the parameters of the AWS transit gateway route table, **ID** and **CIDR** block is required. - -`transit_gateway_route_table_id` _(required)_ - -: The **ID** of the AWS transit gateway route table: - -: - must contain alphanumeric characters between 1 to 50, or hyphens - - should start with `tgw-rtb-` - - cannot end with a hyphen or contain two consecutive hyphens - -: The ID of the AWS transit gateway route table should be passed as a `transit_gateway_route_table_id: 'value'` key-value entry in a hash. - -`cidr_block` _(required)_ - -: The **CIDR** block range of the route is associated to the AWS transit gateway route table. It should be passed as a `cidr_block: 'value'` key-value entry in a hash. - -## Properties - -`cidr_block` -: The CIDR block used for destination matches. - -`prefix_list_id` -: The ID of the prefix list used for destination matches. - -`type` -: The type of route. Valid values: `propagated` or `static`. - -`state` -: The state of the route. Valid values: `active` or `blackhole`. - -`attachment_resource_id` -: The resource ID of the transit gateway attachment. Identifiers of relevant resource type. - -`attachment_id` -: The ID of the transit gateway attachment. - -`attachment_resource_type` -: The attachment resource type. Valid values are `vpc`, `vpn`, `direct-connect-gateway`, `peering`, `connect`. - -## Examples - -**Test if a transit gateway route exists for a transit gateway route table and CIDR block range.** - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - it { should exist } -end -``` - -**Test that the ID of the attached VPC is `vpc-00727fc4213acee4a`.** - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - its('attachment_resource_id') { should eq 'vpc-00727fc4213acee4a' } -end -``` - -**Test that the ID of the Transit Gateway Attachment is `tgw-attach-0aab89f748131532e`.** - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - its('attachment_id') { should eq 'tgw-attach-0aab89f748131532e' } -end -``` - -**Test that the attachment resource type is `vpc`.** - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - its('attachment_resource_type') { should eq 'vpc' } -end -``` - -**Test that the prefix list ID is `pl-4ca54025`.** - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - its('prefix_list_id') { should eq 'pl-4ca54025' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a complete list of available matchers, visit [matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - it { should exist } -end -``` - -### be_static - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - it { should be_static } -end -``` - -### be_propagated - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e911', cidr_block: '0.0.0.0/16') do - it { should be_propagated } -end -``` - -### be_active - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - it { should be_active } -end -``` - -### be_blackhole - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e911', cidr_block: '0.0.0.0/17') do - it { should be_blackhole } -end -``` - -### be_vpc_attachment - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: '0.0.0.0/16') do - it { should be_vpc_attachment } -end -``` - -### be_vpn_attachment - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e711', cidr_block: '0.0.0.0/16') do - it { should be_vpn_attachment } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayRouteTablesResult" %}} - -Get the detailed document at [Actions, Resources, and Condition Keys for transit gateway route](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_routes.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_routes.md deleted file mode 100644 index 0e91d92d2f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_transit_gateway_routes.md +++ /dev/null @@ -1,215 +0,0 @@ -+++ -title = "aws_transit_gateway_routes Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_transit_gateway_routes" -identifier = "inspec/resources/aws/aws_transit_gateway_routes Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_transit_gateway_routes` InSpec audit resource to test the properties of all Route for a AWS transit gateway route table. -To audit a single gateway route, use the `aws_transit_gateway_route` (singular) resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_transit_gateway_routes` resource block collects a group of transit gateway routes' descriptions and tests that group. - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589') - it { should exist } -end -``` - -## Parameters - -To set the parameters of the AWS transit gateway route table, **ID** is required. - -The following additional parameters are optional: - -- `exact_match` -- `longest_prefix_match` -- `subnet_of_match` -- `supernet_of_match` - -`transit_gateway_route_table_id` _(required)_ - -: The **ID** of the AWS transit gateway route table: - -: - must contain alphanumeric characters between 1 to 50, or hyphens - - should start with `tgw-rtb-` - - cannot end with a hyphen or contain two consecutive hyphens - -: The ID of the AWS transit gateway route table should be passed as a `transit_gateway_route_table_id: 'value'` key-value entry in a hash. - -`exact_match` - -: The exact match of the **CIDR** block is used for destination matches. It could be passed as a `exact_match: 'value'` key-value entry in a hash. - -`longest_prefix_match` - -: The longest prefix that matches the route. It could be passed as a `longest_prefix_match: 'value'` key-value entry in a hash. - -`subnet_of_match` - -: The routes with a subnet that match the specified CIDR filter. It could be passed as a `subnet_of_match: 'value'` key-value entry in a hash. - -`supernet_of_match` - -: The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29. - It could be passed as a `supernet_of_match: 'value'` key-value entry in a hash. - -## Properties - -`cidr_blocks` -: All the CIDR blocks used for destination matches. - -: **Field**: `cidr_block` - -`prefix_list_ids` -: The IDs of the prefix list used for destination matches. - -: **Field**: `prefix_list_id` - -`types` -: The type of all routes. Valid values: `propagated` or `static`. - -: **Field**: `type` - -`states` -: The state of the routes. Valid values: `active` or `blackhole`. - -: **Field**: `state` - -`static` -: Boolean flag to determine whether the route type is static. - -: **Field**: `static` - -`propagated` -: Boolean flag to determine whether the route type is propagated. - -: **Field**: `propagated` - -`active` -: Boolean flag to determine whether the route state is active. - -: **Field**: `active` - -`blackhole` -: Boolean flag to determine whether the route state is blackhole. - -: **Field**: `blackhole` - -`attachment_ids` -: The id of the transit gateway attachment. - -: **Field**: `attachment_id` - -`attachment_resource_ids` -: The resource IDs of all the transit gateway attachments. Identifiers of relevant resource types. - -: **Field**: `attachment_resource_id` - -`attachment_resource_types` -: The attachment resource type. Valid values are `vpc`, `vpn`, `direct-connect-gateway`, `peering` `connect`. - -: **Field**: `attachment_resource_type` - -`attached_vpc_ids` -: The VPC IDs of all the transit gateway attachments. - -: **Field**: `attached_vpc_id` - -## Examples - -**Ensure that exactly three transit gateway routes exist.** - -```ruby -describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589') do - its('count') { should eq 3 } -end -``` - -**Filter all transit gateway routes whose CIDR block matches `0.0.0.0/16`.** - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', exact_match: '0.0.0.0/16') do - it { should exist } -end -``` - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589').where(cidr_block: '0.0.0.0/16') do - it { should exist } -end -``` - -**Filter all static transit gateway routes.** - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589').where(static: true) do - it { should exist } -end -``` - -**Filter all static transit gateway blackhole routes.** - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589').where(static: true, blackhole: true) do - it { should exist } -end -``` - -**Filter all transit gateway routes with destination CIDR blocks matching `10.3.0.0/18`.** - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', supernet_of_match: 10.3.0.0/19) do - it { should exist } - its('cidr_blocks') { should include '10.3.0.0/18' } -end -``` - -**Request the CIDR blocks of all transit gateway routes, then test in-depth using `aws_transit_gateway_route`.** - -```ruby -aws_transit_gateway_routes(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589').cidr_blocks.each do |cidr_block| - describe aws_transit_gateway_route(transit_gateway_route_table_id: 'tgw-rtb-08acd74550c99e589', cidr_block: cidr_block) do - it { should exist } - end -end -``` - -## Matchers - -For a complete list of available matchers, visit [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the 'describe' method returns at least one result. - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: ).where( : ) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_transit_gateway_routes(transit_gateway_route_table_id: ).where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeTransitGatewayRouteTablesResult" %}} - -Get the detailed document at [Actions, Resources, and Condition Keys for transit gateway route](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc.md deleted file mode 100644 index 64d09f5995..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc.md +++ /dev/null @@ -1,304 +0,0 @@ -+++ -title = "aws_vpc Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc" -identifier = "inspec/resources/aws/aws_vpc Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc` InSpec audit resource to test the properties of a single AWS Virtual Private Cloud (VPC) and the CIDR Block that is used within the VPC. - -Each VPC is uniquely identified by its ID. In addition, each VPC has a non-unique CIDR IP address range (such as 10.0.0.0/16), which it manages. - -Every AWS account has at least one VPC, the "default" VPC, in every region. - -For additional information, including details on parameters and properties, see the [AWS documentation on VPCs](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpc` resource block identifies a VPC by ID. If no VPC ID is provided, the default VPC is used. - - # Find the default VPC -```ruby -describe aws_vpc do - it { should exist } -end -``` - - # Find a VPC by ID -```ruby -describe aws_vpc('VPC-12345678987654321') do - it { should exist } -end -``` - - # Hash syntax for ID -```ruby -describe aws_vpc(vpc_id: 'VPC-12345678') do - it { should exist } -end -``` - -## Parameters - -If no parameter is provided, the subscription's default VPC will be returned. - -`vpc_id` _(optional)_ - -: This resource accepts a single parameter, the VPC ID. - This can be passed either as a string or as a `vpc_id: 'VALUE'` key-value entry in a hash. - -## Properties - -`cidr_block` -: The IPv4 address range that is managed by the VPC. - -`dhcp_options_id` -: The ID of the set of DHCP options associated with the VPC (or `default` if the default options are associated with the VPC). - -`instance_tenancy` -: The allowed tenancy of the instances launched into the VPC. - -`state` -: The state of the VPC. Valid values: `pending` and `available`. - -`vpc_id` -: The ID of the VPC. - -`tags` -: The tags of the VPC. - -`associated_cidr_blocks` -: The associated CIDR blocks. - -`disassociated_cidr_blocks` -: The CIDR blocks that are disassociated. - -`failed_cidr_blocks` -: The failed CIDR block associations. - -`associating_cidr_blocks` -: The CIDR block associations that are yet in the pending stage. - -`disassociating` -: The CIDR block associations that are yet in the disassociating stage. - -`failing` -: The CIDR block associations that are yet in failing stage. - -## Examples - -The following examples show how to use this InSpec audit resource. - -**Test the CIDR Block of a named VPC.** - -```ruby -describe aws_vpc('VPC-87654321') do - its('cidr_block') { should cmp '10.0.0.0/16' } -end -``` - -**Test the state of the VPC.** - -```ruby -describe aws_vpc do - its ('STATE') { should eq 'AVAILABLE' } -**or equivalently.** - - it { should be_available } -end -``` - -**Test the allowed tenancy of instances launched into the VPC.** - -```ruby -describe aws_vpc do - its ('INSTANCE_TENANCY') { should eq 'DEFAULT' } - it { should be_default_instance } - it { should_not be_dedicated_instance } - it { should_not be_host_instance } -end -``` - -**Test tags on the VPC.** - -```ruby -describe aws_vpc do - its('TAGS') { should include(:Environment => 'ENV-NAME', - :Name => 'VPC-NAME')} -end -``` - -**Test if the IPV6 CIDR Block is associated to a named VPC.** - -```ruby -describe aws_vpc do - it { should have_ipv6_cidr_block_associated?(aws_ipv_6_cidr_block_association_set_ipv_6_cidr_block) } -end -``` - -**Test if the CIDR Block is associated to a named VPC.** - -```ruby -describe aws_vpc do - it { should have_cidr_block_associated?(aws_cidr_block) } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a complete list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). - -### be_default - -The test will pass if the identified VPC is the default VPC for the region. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should be_default } -end -``` - -### be_available - -The test will pass if the identified VPC has a `available` state. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should be_available } -end -``` - -### be_pending - -Check if the identified VPC has a `pending` state. - -```ruby -describe aws_vpc('VPC-123456') do - it { should be_pending } -end -``` - -### be_default_instance - -Check if the identified VPC has a `default` instance tendency. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should be_default_instance } -end -``` - -### be_dedicated_instance - -Check if the identified VPC has a `dedicated` instance tendency. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should be_dedicated_instance } -end -``` - -### be_host_instance - -Check if the identified VPC has a `host` instance tendency. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should be_host_instance } -end -``` - -### have_cidr_block_associated - -Check if a cidr block is associated to the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_cidr_block_associated('10.0.0.0/27') } -end -``` - -### have_cidr_block_association_failed - -Check if a cidr block has failed to associated to the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_cidr_block_failed('10.0.0.0/27') } -end -``` - -### have_cidr_block_disassociated - -Check if a cidr block has failed to associated to the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_cidr_block_disassociated('10.0.0.0/27') } -end -``` - -### have_ipv6_cidr_block_associated - -Check if the IPV6 cidr block is associated to the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_ipv6_cidr_block_associated('2600:1f16:409:6700::/56') } -end -``` - -### have_ipv6_cidr_block_disassociated - -Check if the IPV6 cidr block is disassociated to the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_ipv6_cidr_block_disassociated('2600:1f16:409:6700::/56') } -end -``` - -### have_ipv6_cidr_block_association_failed - -Check if the IPV6 cidr block failed to associate to the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_ipv6_cidr_block_association_failed('2600:1f16:409:6700::/56') } -end -``` - -### have_network_border_group_value - -Check if the associated IPV6 cidr block has valid network border group value for the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_network_border_group_value(ipv6_cidr_block: '2600:1f16:409:6700::/56', network_border_group: 'us-east-2a') } -end -``` - -### have_ipv6_pool_value - -Check if the associated IPV6 cidr block has valid IPv6 Pool value for the identified VPC. - -```ruby -describe aws_vpc('VPC-87654321') do - it { should have_ipv6_pool_value(ipv6_cidr_block: '2600:1f16:409:6700::/56', ipv6_pool: 'Amazon') } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcsResult" %}} - -You can find the detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint.md deleted file mode 100644 index a8c5c40265..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint.md +++ /dev/null @@ -1,225 +0,0 @@ -+++ -title = "aws_vpc_endpoint Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc_endpoint" -identifier = "inspec/resources/aws/aws_vpc_endpoint Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint` InSpec audit resource to test properties of a single specific AWS VPC Endpoint. - -A VPC Endpoint is uniquely identified by the VPC Endpoint ID (e.g vpce-123456abcdef12345) - -For additional information, including details on parameters and properties, see the [AWS documentation on VPC Endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a VPC Endpoint exists. - - # Find a VPC Endpoint by ID -```ruby -describe aws_vpc_endpoint('vpce-12345678987654321') do - it { should exist } -end -``` - - # Hash syntax for ID -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should exist } -end -``` - -Ensure that a VPC Endpoint is available. - -```ruby -describe aws_vpc_endpoint('vpce-12345678987654321') do - its('state') { should be 'available' } -end -``` - - # Alternative using a matcher -```ruby -describe aws_vpc_endpoint('vpce-12345678987654321') do - its('state') { should be_available } -end -``` - -Confirm that the route table configured to a VPC Endpoint is as expected. - -```ruby -describe aws_vpc_endpoint('vpce-12345678987654321') do - its('route_table_ids') { should include 'rtb-1234456123456abcde' } -end -``` - -Confirm that the type of a VPC Endpoint is as expected. - -```ruby -describe aws_vpc_endpoint('vpce-12345678987654321') do - its('vpc_endpoint_type') { should be 'Gateway' } -end -``` - - # Alternative using a matcher -```ruby -describe aws_vpc_endpoint('vpce-12345678987654321') do - its('vpc_endpoint_type') { should be_gateway } -end -``` - -## Parameters - -`vpc_endpoint_id` - -: The VPC endpoint ID. - This can be passed either as a string or as a `vpc_endpoint_id: 'value'` key-value entry in a hash. - -## Properties - -`vpc_endpoint_id` -: The ID of the endpoint. - -`vpc_endpoint_type` -: One of "Interface", "Gateway". - -`vpc_id` -: The ID of the VPC in which the endpoint resides. - -`state` -: State of the VPC Endpoint. One of "pendingacceptance", "pending", "available", "deleting", "deleted", "rejected", "failed", "expired". - -`route_table_ids` -: The route table IDs for the Gateway type endpoint. - -`subnet_ids` -: The subnet IDs for the Interface type endpoint. - -`groups` -: The Security Groups for the Interface type endpoint. - -`private_dns_enabled` -: Boolean value for Private DNS enable status. - -`network_interface_ids` -: The Network Interface IDs for the Interface type endpoint. - -`dns_entries` -: The DNS Entries for the VPC Endpoint. - -`tags` -: The key/value combination of a tag assigned to the resource. - -## Examples - -**Ensure a VPC Endpoint is available.** - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - its('state') { should eq 'available' } -end -``` - -**Ensure that the endpoint is of Gateway type.** - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - its('vpc_endpoint_type') { should eq 'Gateway' } -end -``` - -**Check tags .** - -```ruby -describe aws_vpc_endpoint do - its('tags') { should include(:Environment => 'env-name', - :Name => 'vpce-name')} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the describe returns at least one result. - -### exist - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should exist } -end -``` - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should_not exist } -end -``` - -### be_available - -Checks if the VPC Endpoint is in available state. -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should be_available } -end -``` - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should_not be_available } -end -``` - -### be_interface - -Checks if the VPC Endpoint type is Interface. -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should be_interface } -end -``` - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should_not be_interface } -end -``` - -### be_gateway - -Checks if the VPC Endpoint type is Gateway. -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should be_gateway } -end -``` - -```ruby -describe aws_vpc_endpoint(vpc_endpoint_id: 'vpce-12345678987654321') do - it { should_not be_gateway } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_notification.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_notification.md deleted file mode 100644 index 5801f21987..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_notification.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "aws_vpc_endpoint_connection_notification Resource" -platform = "AWS" -draft = false -gh_repo = "inspec-AWS" - -[menu.inspec] -title = "aws_vpc_endpoint_connection_notification" -identifier = "inspec/resources/aws/aws_vpc_endpoint_connection_notification Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint_connection_notification` Inspec audit resource to test the properties of a single specific AWS VPC endpoint connection notification. - -For additional information, including details on parameters and properties, see the [AWS VPC endpoint connection notification documentation](https://docs.AWS.amazon.com/AWSCloudFormation/latest/UserGuide/AWS-resource-ec2-vpcendpointconnectionnotification.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an AWS VPC endpoint connection notification exists. - - # Find a AWS VPC endpoint connection notification by ID -```ruby -describe aws_vpc_endpoint_connection_notification('VPCE-NFN-12345678987654321') do - it { should exist } -end -``` - - # Hash syntax for ID -```ruby -describe aws_vpc_endpoint_connection_notification(connection-notification-id: 'VPCE-NFN-12345678987654321') do - it { should exist } -end -``` - -## Parameters - -`connection_notification_id` _(required)_ - -: This resource expects the AWS VPC endpoint connection notification ID as a parameter. - This can be passed either as a string or as a `connection_notification_id: 'VALUE'` key-value entry in a hash. - -## Properties - -`vpc_endpoint_id` -: The ID of the endpoint. - -`connection_notification_id` -: The ID of the AWS VPC endpoint connection notification. - -`service_id` -: The ID of the endpoint service. - -`connection_notification_type` -: The type of notification. - -`connection_notification_arn` -: The ARN of the SNS topic for the notifications. - -`connection_events` -: The endpoint events to receive a notification about. Valid values: `Accept`, `Connect`, `Delete`, and `Reject`. - -`connection_notification_state` -: The state of the AWS VPC endpoint connection notification. Valid values: `Enabled`, `Disabled`. - -## Examples - -**Ensure an AWS VPC endpoint connection notification's ARN is available.** - -```ruby -describe aws_vpc_endpoint_connection_notification(connection_notification_id: 'VPCE-NFN-12345678987654321') do - its('CONNECTION_NOTIFICATION_ARN') { should eq 'ARN:AWS:SNS:US-EAST-2:112758395563:AWS-SNS-TOPIC-ENCRYPTION-BLOIXLVRSNFYBLZXNBGCBVHJU' } -end -``` - -**Ensure that the VPC endpoint connection notification has a type using a key-value hash.** - -```ruby -describe aws_vpc_endpoint_connection_notification(connection_notification_id: 'VPCE-NFN-12345678987654321') do - its('connection_notification_type') { should eq 'TOPIC' } -end -``` - -**Verify the ARN of a VPC endpoint connection notification.** - -```ruby -describe aws_vpc_endpoint_connection_notification('VPCE-NFN-12345678987654321') do - its('CONNECTION_NOTIFICATION_ARN') { should eq 'ARN:AWS:SNS:US-EAST-2:112758395563:AWS-SNS-TOPIC-ENCRYPTION-BLOIXLVRSNFYBLZXNBGCBVHJU' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For the complete list of the available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The controls will pass if the `describe` returns at least one result. - -### exist - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoint_connection_notification(connection-notification-id: 'VPCE-NFN-12345678987654321') do - it { should exist } -end -``` - -Use `should` to test the entity should not exists. - -```ruby -describe aws_vpc_endpoint_connection_notification(connection-notification-id: 'VPCE-NFN-12345678987654321') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointConnectionNotificationsResult" %}} - -You can find the detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.AWS.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_notifications.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_notifications.md deleted file mode 100644 index 2051cbafd6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_notifications.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "aws_vpc_endpoint_connection_notifications Resource" -platform = "AWS" -draft = false -gh_repo = "inspec-AWS" - -[menu.inspec] -title = "aws_vpc_endpoint_connection_notifications" -identifier = "inspec/resources/aws/aws_vpc_endpoint_connection_notifications Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint_connection_notifications` InSpec audit resource to test the properties of multiple AWS VPC endpoint connection notification. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an AWS VPC endpoint connection notification exists. - -```ruby -describe aws_vpc_endpoint_connection_notifications do - it { should exist } -end -``` - -See the [AWS VPC endpoint connection notification documentation](https://docs.AWS.amazon.com/AWSCloudFormation/latest/UserGuide/AWS-resource-ec2-vpcendpointconnectionnotification.html). - -## Parameters - -This resource does not require any parameters. - -## Properties - -`vpc_endpoint_id` -: The ID of the endpoint. - -`connection_notification_id` -: The ID of the AWS VPC endpoint connection notification. - -`service_id` -: The ID of the endpoint service. - -`connection_notification_type` -: The type of notification. - -`connection_notification_arn` -: The ARN of the SNS topic for the notifications. - -`connection_events` -: The endpoint events to receive a notification about. Valid values: `Accept`, `Connect`, `Delete`, and `Reject`. - -`connection_notification_state` -: The state of the AWS VPC endpoint connection notification. Valid values: `Enabled`, `Disabled`. - -## Examples - -**Verify an AWS VPC endpoint connection notification exists using the VPC endpoint ID.** - -```ruby -describe aws_vpc_endpoint_connection_notifications.where( vpc_endpoint_id: vpc-12345678 ) - it { should exist } -end -``` - -**Ensure a AWS VPC endpoint connection notification exists.** - -```ruby -describe aws_vpc_endpoint_connection_notifications.where( connection_notification_id: 'VPCE-NFN-03AD3532A5C71F8AF' ) do - it { should exist } -end -``` - -**Confirm that the AWS VPC endpoint connection notification ARN is as expected.** - -```ruby -describe aws_vpc_endpoint_connection_notifications do - its('CONNECTION_NOTIFICATION_ARNS') { should include 'ARN:AWS:SNS:US-EAST-2:112758395563:AWS-SNS-TOPIC-ENCRYPTION-BLOIXLVRSNFYBLZXNBGCBVHJU' } -end -``` - -**Confirm that the type of AWS VPC endpoint connection notification is as expected.** - -```ruby -describe aws_vpc_endpoint_connection_notifications do - its('CONNECTION_NOTIFICATION_TYPES') { should include 'TOPIC' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of the available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -The controls will pass if the `describe` returns at least one result. - -### exist - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoint_connection_notifications(connection-notification-id: 'VPCE-NFN-12345678987654321') do - it { should exist } -end -``` - -Use `should` to test the entity should not exists. - -```ruby -describe aws_vpc_endpoint_connection_notifications(connection-notification-id: 'VPCE-NFN-12345678987654321') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointConnectionNotificationsResult" %}} - -You can find the detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.AWS.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service.md deleted file mode 100644 index e7e9641817..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service.md +++ /dev/null @@ -1,159 +0,0 @@ -+++ -title = "aws_vpc_endpoint_service Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc_endpoint_service" -identifier = "inspec/resources/aws/aws_vpc_endpoint_service Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint_service` InSpec audit resource to test the properties of a single AWS VPC endpoint service. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpc_endpoint_service` resource block declares the tests for a single AWS VPC endpoint service by `service_name`. - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - it { should exist } -end -``` - -## Parameters - -`service_name` _(required)_ - -: The name of the AWS VPC endpoint service. - -: The AWS VPC endpoint service name is required. - It should be passed as a `service_name: 'value'` key-value entry in a hash. - -## Properties - -`service_name` -: The Amazon Resource Name (ARN) of the service. - -`service_id` -: The ID of the endpoint service. - -`service_type` -: The type of service. - -`availability_zones` -: The Availability Zones in which the service is available. - -`owner` -: The AWS account ID of the service owner. - -`base_endpoint_dns_names` -: The DNS names for the service. - -`private_dns_name` -: The private DNS name for the service. - -## Examples - -**Test whether VPC endpoint service exists.** - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - it { should exist } -end -``` - -**Test whether the ID of the attached VPC is `vpce-svc-04deb776dc2b8e67f`.** - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - its('service_id') { should eq 'vpce-svc-04deb776dc2b8e67f' } -end -``` - -**Test whether the service_type of the endpoint service is .** - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - its('service_type') { should eq 'Interface' } -end -``` - -**Test whether the availability_zones include a zone of interest.** - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - its('availability_zones') { should include 'us-east-2a' } -end -``` - -**Test whether the base endpoint dns_names include a dns of interest.** - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - its('base_endpoint_dns_names') { should eq 'vpce-svc-04deb776dc2b8e67f.us-east-2.vpce.amazonaws.com' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For the complete list of available matchers,visit [matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - it { should exist } -end -``` - -### be_interface - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - it { should be_interface } -end -``` - -### be_vpc_endpoint_policy_supported - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - it { should be_vpc_endpoint_policy_supported } -end -``` - -### be_acceptance_required - -```ruby -describe aws_vpc_endpoint_service(service_name: 'tgw-rtb-08acd74550c99e911', cidr_block: '0.0.0.0/16') do - it { should be_acceptance_required } -end -``` - -### be_manages_vpc_endpoints - -```ruby -describe aws_vpc_endpoint_service(service_name: 'aws.sagemaker.us-east-2.notebook') do - it { should be_manages_vpc_endpoints } -end -``` - -### be_private_dns_name_verified - -```ruby -describe aws_vpc_endpoint_service(service_name: 'tgw-rtb-08acd74550c99e911', cidr_block: '0.0.0.0/17') do - it { should be_private_dns_name_verified } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointServicesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for VPC endpoint services](https://docs.amazonaws.cn/en_us/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service_permission.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service_permission.md deleted file mode 100644 index cf1f383437..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service_permission.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "aws_vpc_endpoint_service_permission Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc_endpoint_service_permission" -identifier = "inspec/resources/aws/aws_vpc_endpoint_service_permission Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint_service_permission` InSpec audit resource to test the properties of a single AWS VPC endpoint service permission. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpc_endpoint_service_permission` resource block declares the tests for a single AWS VPC endpoint service permission by `service_id` and `principal`. - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should exist } -end -``` - -## Parameters - -The AWS VPC endpoint service ID is required. - -`service_id` _(required)_ - -: The ID of the VPC endpoint service: - -: - must contain between 1 and 50 alphanumeric characters or hyphens - - should start with `vpce-svc-` - - cannot end with a hyphen or contain two consecutive hyphens - -: For example, `vpce-svc-04deb776dc2b8e67f`. - -: It can be passed as a `service_id: 'value'` key-value entry in a hash. - -`principal` _(required)_ - -: The ARN of the principal. - It can be passed as a `principal: 'value'` key-value entry in a hash. - -## Properties - -`principal_type` -: The type of principal. - -`principal` -: The Amazon Resource Name (ARN) of the principal. - -## Examples - -**Test that a VPC endpoint service permission is available.** - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should exist } -end -``` - -### Verify that a principal has a user type - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should be_principal_type_user } -end -``` - -### Verify that a principal does not have an all type - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should_not be_principal_type_all } -end -``` - -### Verify that a principal does not have an organization unit type - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should_not be_principal_type_organization_unit } -end -``` - -### Verify that a principal does not have an account type - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should_not be_principal_type_account } -end -``` - -### Verify that a principal does not have a role type - -```ruby -describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'arn:aws:iam::AWS_ACCOUNT_ID:user/USER_NAME') do - it { should_not be_principal_type_role } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointServicePermissionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon VPC endpoint service permissions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServicePermissions.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service_permissions.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service_permissions.md deleted file mode 100644 index d64d13fd0f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_service_permissions.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "aws_vpc_endpoint_service_permissions Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc_endpoint_service_permissions" -identifier = "inspec/resources/aws/aws_vpc_endpoint_service_permissions Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint_service_permissions` InSpec audit resource to test the properties of all Amazon VPC endpoint service permissions. To audit a single AWS VPC Endpoint service, use the `aws_vpc_endpoint_service_permission` (singular) resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpc_endpoint_service_permissions` resource block collects a group of AWS VPC endpoint service permissions descriptions and then tests that group. - -```ruby -describe aws_vpc_endpoint_service_permissions(service_id: 'VPC_SERVICE_ID') - it { should exist } -end -``` - -## Parameters - -The AWS VPC endpoint service ID is required. - -`service_id` _(required)_ - -: The ID of the VPC endpoint service: - -: - must contain between 1 and 50 alphanumeric characters or hyphens - - should start with `vpce-svc-` - - cannot end with a hyphen or contain two consecutive hyphens - -: For example, `vpce-svc-04deb776dc2b8e67f`. - -: It can be passed as a `service_id: 'value'` key-value entry in a hash. - -## Properties - -`principal_types` -: List of types of principal. - -: **Field**: `principal_type` - -`principals` -: List of the Amazon Resource Name (ARN) of the principal. - -: **Field**: `principal` - -## Examples - -**Ensure that exactly three AWS VPC endpoint service permissions exist.** - -```ruby -describe aws_vpc_endpoint_service_permissions(service_id: 'VPC_SERVICE_ID') do - its('count') { should eq 3 } -end -``` - -**Request the principals of all AWS VPC endpoint service permissions, then test in-depth using `aws_vpc_endpoint_service_permission`.** - -```ruby -aws_vpc_endpoint_service_permissions(service_id: 'VPC_SERVICE_ID').principals.each do |principal| - describe aws_vpc_endpoint_service_permission(service_id: 'VPC_SERVICE_ID', principal: 'PRINCIPAL_ARN') do - it { should exists } - it { should be_principal_type_user } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the 'describe' method returns at least one result. - -```ruby -describe aws_vpc_endpoint_service_permissions(service_id: 'VPC_SERVICE_ID').where( PROPERTY: VALUE) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_vpc_endpoint_service_permissions(service_id: 'VPC_SERVICE_ID').where( PROPERTY: VALUE) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointServicePermissionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon VPC endpoint service permissions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServicePermissions.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_services.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_services.md deleted file mode 100644 index b49d3c12fb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoint_services.md +++ /dev/null @@ -1,170 +0,0 @@ -+++ -title = "aws_vpc_endpoint_services Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc_endpoint_services" -identifier = "inspec/resources/aws/aws_vpc_endpoint_services Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoint_services` InSpec audit resource to test the properties of all AWS VPC Endpoint Services. -To audit a single endpoint service, use the `aws_vpc_endpoint_service` (singular) resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpc_endpoint_services` resource block collects a group of VPC endpoint services' descriptions and tests the group. - -```ruby -describe aws_vpc_endpoint_services - it { should exist } -end -``` - -## Properties - -`service_names` -: The Amazon Resource Names (ARN) of the services. - -: **Field**: `service_name` - -`service_ids` -: The IDs of the endpoint services. - -: **Field**: `service_id` - -`service_types` -: The types of services. - -: **Field**: `service_type` - -`availability_zones` -: The Availability Zones in which the services are available. - -: **Field**: `availability_zones` - -`owners` -: The AWS account IDs of the service owners. - -: **Field**: `owner` - -`base_endpoint_dns_names` -: The DNS names for the service. - -: **Field**: `base_endpoint_dns_names` - -`private_dns_name` -: The private DNS name for the service. - -: **Field**: `private_dns_name` - -`vpc_endpoint_policy_supported` -: Whether the service supports endpoint policies. Valid values: `true` or `false`. - -: **Field**: `vpc_endpoint_policy_supported` - -`acceptance_required` -: Whether VPC endpoint connection requests to the service must be accepted by the service owner. Valid values: `true` or `false`. - -: **Field**: `acceptance_required` - -`manages_vpc_endpoints` -: Whether the service manages its VPC endpoints. Valid values: `true` or `false`. - -: **Field**: `manages_vpc_endpoints` - -`tags` -: The tags assigned to the service. - -: **Field**: `tags` - -`private_dns_name_verification_states` -: The verification states of the VPC endpoint service. - -: **Field**: `private_dns_name_verification_states` - -## Examples - -**Ensure that exactly three VPC endpoint services exist.** - -```ruby -describe aws_vpc_endpoint_services do - its('count') { should eq 3 } -end -``` - -**Filter all services in `us-east-2a` availability_zones.** - -```ruby -describe aws_vpc_endpoint_services.where{ availability_zones.include?('us-east-2a') } do - it { should exist } -end -``` - -**Filter all service where acceptance is required from the service owner.** - -```ruby -describe aws_vpc_endpoint_services.where(acceptance_required: true) do - it { should exist } -end -``` - -**Filter all static if it manages its vpc endpoints.** - -```ruby -describe aws_vpc_endpoint_services.where(manages_vpc_endpoints: true) do - it { should exist } -end -``` - -**Filter all private dns name verification states.** - -```ruby -describe aws_vpc_endpoint_services.where(private_dns_name_verification_states: 'verified') do - it { should exist } -end -``` - -**Request all the service names and check if endpoint policies are supported.** - -```ruby -aws_vpc_endpoint_services.service_names.each do |service_name| - describe aws_vpc_endpoint_service(service_name: service_name) do - it { should be_vpc_endpoint_policy_supported } - end -end -``` - -## Matchers - -For the complete list of available matchers, visit [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the 'describe' method returns at least one result. - -```ruby -describe aws_vpc_endpoint_services.where( PROPERTY: VALUE) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_vpc_endpoint_services.where( PROPERTY: VALUE) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointServicesResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for VPC endpoint services](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoints.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoints.md deleted file mode 100644 index 6f495f8fcc..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpc_endpoints.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "aws_vpc_endpoints Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpc_endpoints" -identifier = "inspec/resources/aws/aws_vpc_endpoints Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpc_endpoints` InSpec audit resource to test properties of some or all AWS VPC Endpoints. - -VPC Endpoints can be of two types: 'Gateway' and 'Interface'. - -A Gateway type VPC endpoint accepts a route-table whereas an Interface type VPC endpoint takes one or more subnets and one or more security groups. Hence their properties might differ based on the type. - -For additional information, including details on parameters and properties, see the [AWS documentation on VPC Endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that one or more VPC Endpoints exist. - -```ruby -describe aws_vpc_endpoints do - it { should exist } -end -``` - -An `aws_vpc_endpoints` resource block uses an optional filter to select a group of VPC Endpoints and then tests that group. - -## Parameters - -This resource does not require any parameters. - -## Properties - -`vpc_endpoint_ids` -: This property provides a list of the VPC Endpoint IDs that the matched VPC Endpoints serve as strings. - -`vpc_endpoint_types` -: The type of the VPC Endpoint for the match VPC Endpoints. - -`vpc_ids` -: The IDs of the VPCs in which the endpoints reside. - -`service_names` -: The names of the services that the VPC endpoint is assigned with . - -`states` -: The states of the VPC Endpoints. - -`route_table_ids` -: The route table IDs for the Gateway type endpoints. - -`subnet_ids` -: The subnet IDs for the Interface type endpoints. - -`tags` -: A hash of key-value pairs corresponding to the tags associated with the entity. - -`private_dns_enabled` -: Boolean value for Private DNS enable status. - -## Examples - -**Ensure a VPC has VPC Endpoints.** - -```ruby -describe aws_vpc_endpoints.where( vpc_id: vpc-12345678 ) - it { should exist } -end -``` - -**Match count of VPC Endpoints of Gateway type in a particular VPC.** - -```ruby -describe aws_vpc_endpoints.where( vpc_id: vpc-12345678 ).where(vpc_endpoint_type: "Gateway") do - its('count') { should eq 4 } -end -``` - -**Check tags .** - -```ruby -describe aws_vpc_endpoints do - its('tags') { should include(:Environment => 'env-name', - :Name => 'vpce-name')} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the describe returns at least one result. - -Use `should_not` to test the entity should not exist. - -```ruby -describe aws_vpc_endpoints do - it { should exist } -end -``` - -```ruby -describe aws_vpc_endpoints.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcEndpointsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpcs.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpcs.md deleted file mode 100644 index fb9504286f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpcs.md +++ /dev/null @@ -1,260 +0,0 @@ -+++ -title = "aws_vpcs Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpcs" -identifier = "inspec/resources/aws/aws_vpcs Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpcs` InSpec audit resource to test the properties of some or all AWS Virtual Private Clouds (VPCs) and the CIDR block that is used within the VPC. - -Each VPC is uniquely identified by its `VPC ID`. In addition, each VPC has a non-unique CIDR IP address range (such as 10.0.0.0/16), which it manages. - -Every AWS account has at least one VPC, the "default" VPC, in every region. - -This resource also have the functionality to test the CIDR block. The VPCCidrBlock associates a CIDR block with your VPC. You can only associate a single IPv6 CIDR block with your VPC. The IPv6 CIDR block size is fixed at /56. - -For additional information, including details on parameters and properties, see the [AWS documentation on VPCs](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html). -See the [AWS documentation on VPCCidrBlock](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpcs` resource block uses an optional filter to select a group of VPCs and then tests that group. - - # Since you always have at least one VPC, this will always pass. -```ruby -describe aws_vpcs do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`cidr_blocks` -: The cidr_blocks property provides a list of the CIDR blocks that the matched VPCs serve as strings. - -: **Field**: `cidr_block` - -`dhcp_options_ids` -: The dhcp_option_set_ids property provides a de-duplicated list of the DHCP option set IDs that the matched VPCs use when assigning IPs to resources. - -: **Field**: `dhcp_options_id` - -`vpc_ids` -: The vpc_ids property provides a list of the IDs of the matched VPCs. - -: **Field**: `vpc_id` - -`states` -: The current state of the VPC. - -: **Field**: `state` - -`instance_tenancies` -: The allowed tenancy of instances launched into the VPC. - -: **Field**: `instance_tenancy` - -`is_default` -: Indicates whether the VPC is the default VPC. - -: **Field**: `is_default` - -`defaults` -: List of all the VPCs that are default. - -: **Field**: `defaults` - -`tags` -: A hash of key-value pairs corresponding to the tags associated with the entity. - -: **Field**: `tags` - -`cidr_block_association_ids` -: List of all the association ID of the IPv4 CIDR blocks. - -: **Field**: `cidr_block_association_ids` - -`associated_cidr_blocks` -: List of all the associated CIDR blocks. - -: **Field**: `associated_cidr_blocks` - -`cidr_block_states` -: List of all the states of the CIDR blocks. - -: **Field**: `cidr_block_states` - -`ipv6_cidr_block_association_ids` -: List of all the association ID of the IPv6 CIDR blocks. - -: **Field**: `ipv6_cidr_block_association_ids` - -`ipv6_cidr_blocks` -: List of all the associated IPV6 CIDR blocks. - -: **Field**: `ipv6_cidr_blocks` - -`ipv6_cidr_block_states` -: List of all the states of the IPV6 CIDR blocks. - -: **Field**: `ipv6_cidr_block_states` - -`ipv6_network_border_groups` -: List of all the network border group options. - -: **Field**: `ipv6_network_border_groups` - -`ipv6_pools` -: List of all IDs of the IPv6 address pool from which the IPv6 CIDR block is allocated. - -: **Field**: `ipv6_pools` - -`entries` -: Provides access to the raw results of the query, which can be treated as an array of hashes. - -: **Field**: Not Applicable - -## Examples - -**Ensure all VPCs use the same DHCP option set.** - -```ruby -describe aws_vpcs.where { dhcp_options_id != 'DOPT-12345678' } do - it { should_not exist } -end -``` - -**Check for a Particular VPC ID.** - -```ruby -describe aws_vpcs do - its('vpc_ids') { should include 'VPC-12345678' } -end -``` - -**Use the VPC IDs to get a list of Default Security Groups.** - -```ruby -aws_vpcs.vpc_ids.each do |vpc_id| - describe aws_security_group(vpc_id: vpc_id, group_name: 'DEFAULT') do - it { should_not allow_in(port: 22) } - end -end -``` - -**We shun the `10.0.0.0/8` space.** - -```ruby -describe aws_vpcs.where { cidr_block.start_with?('10') } do - it { should_not exist } -end -``` - -**Check tags.** - -```ruby -describe aws_vpc do - its('tags') { should include(:Environment => 'ENV-NAME', - :Name => 'VPC-NAME')} -end -``` - -**Ensure AWS VPC IPV6 CIDR Block plural resource has the correct properties.** - -```ruby -describe aws_vpcs.where { ipv6_cidr_blocks.include?('2600:1F16:409:6700::/56') } do - it { should exist } -end -``` - -**Ensure AWS VPC CIDR BLOCK failed associations are not fetched.** - -```ruby -describe aws_vpcs.where { cidr_block_states.reject?('FAILED') } do - it { should exist } -end -``` - -**Ensure AWS VPC CIDR Block plural resource has the associated id.** - -```ruby -describe aws_vpcs do - its ('CIDR_BLOCK_ASSOCIATION_IDS') { should include "VPC-CIDR-ASSOC-0123456789" } -end -``` - -**Ensure AWS VPC IPv6 CIDR Block plural resource has the associated id.** - -```ruby -describe aws_vpcs do - its ('IPV6_CIDR_BLOCK_ASSOCIATION_IDS') { should include "VPC-CIDR-ASSOC-0123456789" } -end -``` - -**Ensure AWS VPC CIDR BLOCK disassociated associations are fetched.** - -```ruby -describe aws_vpcs.where { ipv6_cidr_block_states.select?('DISASSOCIATED') } do - it { should exist } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a complete list of the available matchers, visit [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exist - -The control will pass if the `describe` returns at least one result. - -Use `should_not` to test the entity should not exist - -```ruby -describe aws_vpcs do - it { should exist } -end -``` - -```ruby -describe aws_vpcs.where( : ) do - it { should_not exist } -end -``` - -### include - -```ruby -describe aws_vpcs do - its ('IPV_6_CIDR_ASSOCIATION_IDS') { should include "VPC-CIDR-ASSOC-0123456789" } - its ('IPV_6_CIDR_STATES') { should include "ASSOCIATED" } - its ('IPV_6_CIDR_NETWORK_BORDER_GROUPS') { should include "US-EAST-2" } - its ('IPV_6_CIDR_IPV_6_POOLS') { should include "AMAZON" } -end -``` - -### be_empty - -```ruby -describe aws_vpcs do - its ('IPV_6_CIDR_STATUS_MESSAGES') { should be_empty } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpcsResult" %}} - -You can find detailed documentation at the [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_connection.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_connection.md deleted file mode 100644 index 6d2ed4f8ee..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_connection.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_vpn_connection Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpn_connection" -identifier = "inspec/resources/aws/aws_vpn_connection Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpn_connection` InSpec audit resource to test the properties of a single AWS VPN connection. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpn_connection` resource block declares the tests for a single AWS VPN connection by `vpn_connection_id`. - -```ruby -describe aws_vpn_connection(vpn_connection_id: 'vpn-1234567890') do - it { should exist } -end -``` - -```ruby -describe aws_vpn_connection('vpn-1234567890') do - it { should exist } -end -``` - -## Parameters - -`vpn_connection_id` _(required)_ -: The identifier of the AWS VPN connection. It can be passed either as a string or as a `vpn_connection_id: 'value'` hash key-value entry. - -## Properties - -`vpn_connection_id` -: The identifier of the AWS VPN connection. - -`state` -: The current state of the VPN connection. Possible values are: `pending`, `available`, `deleting`, and `deleted`. - -`type` -: The type of VPN connection that the VPN connection supports. - -`vpn_gateway_id` -: The ID of the associated VPN. - -`tags` -: All tags that are associated with the VPN connection. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/Types/VpnConnection.html). - -## Examples - -### Test that a VPN connection is available - -```ruby -describe aws_vpn_connection('vpn-1234567890') do - its('vpn_connection_id') { should eq 'vpn-1234567890' } -end -``` - -### Test that a VPN connection status is available - -```ruby -describe aws_vpn_connection('vpn-1234567890') do - its('status') { should eq 'available' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The control passes if the `get` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_vpn_connection('vpn-1234567890') do - it { should exist } -end -``` - -### not exist - -Use `should_not` to test that the entity does not exist. - -```ruby -describe aws_vpn_connection('vpn-1234567890') do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpnConnectionsResult" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_connections.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_connections.md deleted file mode 100644 index 8f36134bff..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_connections.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "aws_vpn_connections Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpn_connections" -identifier = "inspec/resources/aws/aws_vpn_connections Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpn_connections` InSpec audit resource to test the properties of all AWS VPN connections. - -For additional information, including details on parameters and properties, see the [AWS documentation on VPN Connections](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that one or more VPN connections exist. - -```ruby -describe aws_vpn_connections do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`vpn_connection_ids` -: This property provides all the IDs of the VPN connections. - -`vpn_gateway_ids` -: This property provides all the IDs of the virtual private gateways associated with the VPN connections. - -`outside_ip_addresses` -: This property provides the outside IP addresses of the VPN connections. - -`tunnel_inside_cidrs` -: This property provides the tunnel inside CIDRs of the VPN connections. - -`states` -: This property provides the current state of the VPN connections. - -`types` -: This property provides the current types of VPN connections. - -`tags` -: This property provides the current tags of the VPN connections. - -## Examples - -### Ensure that VPN connections are available - -```ruby -describe aws_vpn_connections do - its('state.uniq') { should eq ['available'] } -end -``` - -### To check tags - -```ruby -describe aws_vpn_connections.where { tags["Name"] == "vpn-connection-example-123" } do - it { should exist } - its('count') { should be 3 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control passes if the describe returns at least one result. - -```ruby -describe aws_vpn_connections do - it { should exist } -end -``` - -### not exists - -Use `should_not` to test whether the entity should not exist. - -```ruby -describe aws_vpn_connections do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpnConnectionsResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_gateway.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_gateway.md deleted file mode 100644 index d3ef430ccb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_gateway.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "aws_vpn_gateway Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpn_gateway" -identifier = "inspec/resources/aws/aws_vpn_gateway Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpn_gateway` InSpec audit resource to test the properties of a single AWS VPN gateway. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpn_gateway` resource block declares the tests for a single AWS VPN gateway by `vpn_gateway_id`. - -```ruby -describe aws_vpn_gateway(vpn_gateway_id: 'vgw-014aef8a0689b8f43') do - it { should exist } -end -``` - -The value of the `vpn_gateway_id` can be provided as a string. - -```ruby -describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do - it { should exist } -end -``` - -## Parameters - -The AWS VPN gateway ID is required. - -`vpn_group_id` _(required)_ - -: The ID of the VPN gateway: - -: - must contain between 1 and 50 alphanumeric characters or hyphens - - should start with `vgw-` - - cannot end with a hyphen or contain two consecutive hyphens - -: It can be passed either as a string or as a `vpn_gateway_id: 'value'` key-value entry in a hash. - -## Properties - -`vpn_gateway_id` -: The identifier of the AWS VPN gateway. - -`state` -: The current state of the VPN gateway. Possible values are: `pending`, `available`, `deleting`, `deleted`. - -`type` -: The type of VPN connection that the VPN gateway supports. - -`availability_zone` -: The Availability Zone where the virtual private gateway was created. If not applicable, this field will be be empty. - -`vpc_id` -: The ID of the associated VPC. - -`amazon_side_asn` -: The private Autonomous System Number (ASN) for the Amazon side of a BGP session. - -`tags` -: All tags that are associated to the VPN gateway. - -There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/Types/VpnGateway.html). - -## Examples - -**Test that a VPN Gateway is available and attached.** - -```ruby -describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do - its('status') { should eq 'available' } - it { should be_attached } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do - it { should exist } -end -``` - -### be_attached to a VPC - -```ruby -describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do - it { should be_attached } - its('vpc_id') { should eq 'vpc-0a510beed76210f2f'} -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpnGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.amazonaws.cn/en_us/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_gateways.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_gateways.md deleted file mode 100644 index 54c4fbb612..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_vpn_gateways.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "aws_vpn_gateways Resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_vpn_gateways" -identifier = "inspec/resources/aws/aws_vpn_gateways Resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_vpn_gateways` InSpec audit resource to test the properties of all Amazon VPN gateways. To audit a single AWS VPN gateway, use the `aws_vpn_gateway` (singular) resource. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -An `aws_vpn_gateways` resource block collects a group of AWS VPN descriptions and then tests that group. - -```ruby -describe aws_vpn_gateways - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`vpn_gateway_ids` -: List of unique identifiers that identifies a AWS VPN gateway. - -`states` -: List of the current state of the VPN gateway. Possible values are: `pending`, `available`, `deleting`, `deleted`. - -`types` -: List of the types of VPN connection the VPN gateway supports. - -`availability_zones` -: List of Availability Zone where the virtual private gateway was created. If not applicable, this field will be be empty. - -`vpc_attachments` -: List of VPCs attached to the virtual private gateway. It has a collection of key-pairs of `state` and `vpc_id`. - -`amazon_side_asns` -: List of all the private Autonomous System Number (ASN) for the Amazon side of a BGP session. - -`tags` -: List of all tags that are associated with the VPN gateway. - -## Examples - -**Ensure that exactly three AWS VPN gateways exist.** - -```ruby -describe aws_vpn_gateways do - its('count') { should eq 3 } -end -``` - -**Request the IDs of all AWS VPN gateways, then test in-depth using `aws_vpn_gateway`.** - -```ruby -aws_vpn_gateways.vpn_gateway_ids.each do |vpn_gateway_id| - describe aws_vpn_gateway(vpn_gateway_id) do - it { should exists } - it { should be_attached } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control will pass if the 'describe' method returns at least one result. - -```ruby -describe aws_vpn_gateways.where( : ) do - it { should exist } -end -``` - -Use `should_not` to test an entity that should not exist. - -```ruby -describe aws_vpn_gateways.where( : ) do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="EC2:Client:DescribeVpnGatewaysResult" %}} - -You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.amazonaws.cn/en_us/vpc/latest/userguide/vpc-policy-examples.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_byte_match_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_byte_match_set.md deleted file mode 100644 index 2a0188df39..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_byte_match_set.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "aws_waf_byte_match_set resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_byte_match_set" -identifier = "inspec/resources/aws/aws_waf_byte_match_set resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_byte_match_set` Chef InSpec audit resource to test the properties of a single AWS (Web Application Firewall) WAF byte match set. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::ByteMatchSet` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-bytematchset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a byte match set exists. - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - it { should exist } -end -``` - -## Parameters - -`aws_waf_byte_match_set` _(required)_ - -: The unique identifier for the byte match set. - -## Properties - -`byte_match_set_id` -: The unique identifier for the byte match set. - -`name` -: The name of the byte match set. - -`byte_match_tuples` -: Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. - -`byte_match_tuples_field_to_matches` -: The part of a web request that you want AWS WAF to search, such as a specified header or a query string. - -`byte_match_tuples_field_to_match_types` -: The part of the web request that you want AWS WAF to search for a specified string. - -`byte_match_tuples_field_to_match_data` -: When the value of Type is HEADER , enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. - -`byte_match_tuples_target_strings` -: The value that you want AWS WAF to search for. - -`byte_match_tuples_text_transformations` -: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. - -`byte_match_tuples_positional_constraints` -: Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. - -## Examples - -**Ensure a byte match set is available.** - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - its('byte_match_set_id') { should eq 'BYTE_MATCH_SET_ID' } -end -``` - -**Ensure a byte match set name is available.** - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - its('name') { should eq 'BYTE_MATCH_SET_NAME' } -end -``` - -**Ensure a byte match set type is `REGULAR`.** - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - its('byte_match_tuples_positional_constraints') { should include 'REGULAR' } -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_byte_match_set(byte_match_set_id: 'BYTE_MATCH_SET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetByteMatchSetResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_byte_match_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_byte_match_sets.md deleted file mode 100644 index 75fc871772..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_byte_match_sets.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "aws_waf_byte_match_sets resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_byte_match_sets" -identifier = "inspec/resources/aws/aws_waf_byte_match_sets resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_byte_match_sets` Chef InSpec audit resource to test the properties of multiple AWS (Web Application Firewall) WAF byte match sets. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::ByteMatchSet` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-bytematchset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -### Ensure that a byte match set exists. - -```ruby -describe aws_waf_byte_match_sets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`byte_match_set_ids` -: The unique identifier for the ByteMatchSet. - -: **Field**: `byte_match_set_id` - -`names` -: The name of the ByteMatchSet. - -: **Field**: `name` - -## Examples - -**Ensure a byte match set is available.** - -```ruby -describe aws_waf_byte_match_sets do - its('byte_match_set_ids') { should include 'BYTE_MATCH_SET_ID' } -end -``` - -**Ensure a byte match set name is available.** - -```ruby -describe aws_waf_byte_match_sets do - its('names') { should include 'BYTE_MATCH_SET_NAME' } -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_byte_match_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_byte_match_sets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListByteMatchSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_ip_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_ip_set.md deleted file mode 100644 index 7810636901..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_ip_set.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "aws_waf_ip_set resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_ip_set" -identifier = "inspec/resources/aws/aws_waf_ip_set resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_ip_set` Chef InSpec audit resource to test the properties of a single AWS Web Application Firewall (WAF) IP set. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS WAF IPSet](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-ipset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that IP set exists. - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - it { should exist } -end -``` - -## Parameters - -`ip_set_id` _(required)_ - -: The ID for an IP set. - -## Properties - -`ip_set_id` -: The IPSetId for an IP set. - -`name` -: A friendly name or description of the IP set. - -`ip_set_descriptors` -: The IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR notation) that web requests originate from. - -`ip_set_descriptors_types` -: Specify IPV4 or IPV6. - -`ip_set_descriptors_values` -: Specify an IPv4 address by using CIDR notation. - -## Examples - -**Ensure an IP set is available.** - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - its('ip_set_id') { should eq 'IP_SET_ID' } -end -``` - -**Ensure an IP set name is available.** - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - its('name') { should eq 'IP_SET_NAME' } -end -``` - -**Ensure an IP set descriptors type is `IPV4`.** - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - its('ip_set_descriptors_types') { should include 'IPV4' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetIPSetResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_ip_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_ip_sets.md deleted file mode 100644 index 72aca4c6d6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_ip_sets.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "aws_waf_ip_sets resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_ip_sets" -identifier = "inspec/resources/aws/aws_waf_ip_sets resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_ip_sets` Chef InSpec audit resource to test the properties of multiple AWS Web Application Firewall (WAF) IP sets. - -For additional information, including details on parameters and properties, see the [AWS documentation on `AWS::WAF::IPSet` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-ipset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that IP set exists. - -```ruby -describe aws_waf_ip_sets do - it { should exist } -end -``` - -## Parameters - -`ip_set_id` _(required)_ - -: The ID for an IP set. - -## Properties - -`ip_set_ids` -: The IPSetId for an IPSet. - -: **Field**: `ip_set_id` - -`names` -: A friendly name or description of the IPSet. - -: **Field**: `name` - -## Examples - -**Ensure an IP set is available.** - -```ruby -describe aws_waf_ip_sets do - its('ip_set_ids') { should include 'IP_SET_ID' } -end -``` - -**Ensure an IP set name is available.** - -```ruby -describe aws_waf_ip_sets do - its('names') { should include 'IP_SET_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_ip_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_ip_sets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListIPSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_rule.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_rule.md deleted file mode 100644 index 0c4caa5706..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_rule.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "aws_waf_rule resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_rule" -identifier = "inspec/resources/aws/aws_waf_rule resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_rule` Chef InSpec audit resource to test the properties of a single AWS WAF (web application firewall) rule. - -The `AWS::WAF::Rule` resource type creates a firewall rule that identifies the web requests that you want to allow, block, or count. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::Rule` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-rule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a WAF rule exists. - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - it { should exist } -end -``` - -## Parameters - -`rule_id` _(required)_ - -: A unique identifier for a WAF rule. - -## Properties - -`rule_id` -: A unique identifier for a rule. - -`name` -: The name of the rule. - -`metric_name` -: The name of the metrics for this rule. - -`predicates_negated` -: `False` if the AWS WAF rule will allow, block, or count requests based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, `RegexMatchSet`, `GeoMatchSet`, or `SizeConstraintSet` object. - -`predicates_type` -: The type of predicate in a rule, such as `ByteMatch` or `IPSet`. - -`predicates_data_id` -: A unique identifier for a predicate in a rule, such as `ByteMatchSetId` or `IPSetId`. - -## Examples - -**Ensure a rule is available.** - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - its('rule_id') { should eq 'RULE_ID' } -end -``` - -**Ensure a rule name is available.** - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - its('name') { should eq 'RULE_ID_NAME' } -end -``` - -**Ensure a metric name type is `METRIC_NAME`.** - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - its('metric_name') { should include 'METRIC_NAME' } -end -``` - -**Verify the type of data ID should be 'DATA_ID'.** - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - its('predicates_data_id') { should include 'DATA_ID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_rule(rule_id: 'RULE_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetRuleResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_rules.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_rules.md deleted file mode 100644 index acf4fc3656..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_rules.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_waf_rules resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_rules" -identifier = "inspec/resources/aws/aws_waf_rules resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_rules` Chef InSpec audit resource to test the properties of multiple AWS WAF (web application firewall) rules. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::Rule` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-rule.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a WAF rule exists. - -```ruby -describe aws_waf_rules do - it { should exist } -end -``` - -## Parameters - -No required parameters. - -## Properties - -`rule_ids` -: The unique identifier for the rule. - -: **Field**: `rule_id` - -`names` -: A friendly name or description of the rule. - -: **Field**: `name` - -## Examples - -**Ensure a rule is available by rule ID.** - -```ruby -describe aws_waf_rules do - its('rule_ids') { should include 'RULE_ID' } -end -``` - -**Ensure a rule is available by name.** - -```ruby -describe aws_waf_rules do - its('names') { should include 'RULE_NAMES' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_rules do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_rules do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_rules do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListRulesResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_size_constraint_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_size_constraint_set.md deleted file mode 100644 index fe79fc12ff..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_size_constraint_set.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "aws_waf_size_constraint_set resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_size_constraint_set" -identifier = "inspec/resources/aws/aws_waf_size_constraint_set resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_size_constraint_set` Chef InSpec audit resource to test the properties of a single AWS Web Application Firewall (WAF) size constraint set. - -For additional information, including details on parameters and properties, see the [AWS documentation on `AWS::WAF::SizeConstraintSet` resource type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-sizeconstraintset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a size constraint set exists. - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - it { should exist } -end -``` - -## Parameters - -`size_constraint_set_id` _(required)_ - -: A unique identifier for a size constrain set. - -## Properties - -`size_constraint_set_id` -: A unique identifier for a size constrain set. - -`name` -: The name of the size constrain set. - -`size_constraints` -: Specifies the parts of web requests that you want to inspect for cross-site scripting attacks. - -`size_constraints_field_to_match_types` -: The part of the web request that you want AWS WAF to search for a specified string. - -`size_constraints_field_to_match_data` -: When the value of Type is `HEADER`, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. - -`size_constraints_text_transformations` -: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. - -`size_constraints_comparison_operators` -: The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the provided Size and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". - -`size_constraints_sizes` -: The size in bytes that you want AWS WAF to compare against the size of the specified FieldToMatch. - -## Examples - -**Ensure a size constraint set is available.** - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - its('size_constraint_set_id') { should eq 'SIZE_CONSTRAINT_SET_ID' } -end -``` - -**Ensure a size constraint set name is available.** - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - its('name') { should eq 'SIZE_CONSTRAINT_SET_NAME' } -end -``` - -**Ensure an a size constraint set type is `HEADER`.** - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - its('size_constraints_field_to_match_types') { should include 'HEADER' } -end -``` - -**Verify the size of the constraint set.** - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - its('size_constraints_sizes') { should include '5' } -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_size_constraint_set(size_constraint_set_id: 'SIZE_CONSTRAINT_SET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetSizeConstraintSetResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_size_constraint_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_size_constraint_sets.md deleted file mode 100644 index 04009ce949..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_size_constraint_sets.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "aws_waf_size_constraint_sets resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_size_constraint_sets" -identifier = "inspec/resources/aws/aws_waf_size_constraint_sets resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_size_constraint_sets` Chef InSpec audit resource to test the properties of multiple AWS Web Application Firewall (WAF) size constraint sets. - -For additional information, including details on parameters and properties, see the [AWS documentation on AWS WAF SizeConstraintSet](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-sizeconstraintset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a size constraint set exists. - -```ruby -describe aws_waf_size_constraint_sets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`size_constraint_set_ids` -: A unique identifier for a size constraint set. - -: **Field**: `size_constraint_set_id` - -`names` -: The name of the size constraint set. - -: **Field**: `name` - -## Examples - -**Ensure a size constraint set is available.** - -```ruby -describe aws_waf_size_constraint_sets do - its('size_constraint_set_ids') { should include 'SIZE_CONSTRAINT_SET_ID' } -end -``` - -**Ensure a size constraint set name is available.** - -```ruby -describe aws_waf_size_constraint_sets do - its('names') { should include 'SIZE_CONSTRAINT_SET_NAME' } -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_size_constraint_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_size_constraint_sets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListSizeConstraintSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_sql_injection_match_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_sql_injection_match_set.md deleted file mode 100644 index 10e04a79e8..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_sql_injection_match_set.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "aws_waf_sql_injection_match_set resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_sql_injection_match_set" -identifier = "inspec/resources/aws/aws_waf_sql_injection_match_set resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_sql_injection_match_set` InSpec audit resource to test the properties of a single AWS WAF `SqlInjectionMatchSet` object. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::SqlInjectionMatchSet` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-sqlinjectionmatchset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a `SqlInjectionMatchSet` object exists. - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - it { should exist } -end -``` - -## Parameters - -`sql_injection_match_set_id` _(required)_ - -: A unique identifier for a `SqlInjectionMatchSet` object. - -## Properties - -`sql_injection_match_set_id` -: A unique identifier for a `SqlInjectionMatchSet`. - -`name` -: The name of the `SqlInjectionMatchSet`. - -`sql_injection_match_tuples` -: Specifies the parts of web requests that you want to inspect for cross-site scripting attacks. - -`sql_injection_match_tuples_field_to_match_types` -: The part of the web request that you want AWS WAF to search for a specified string. - -`sql_injection_match_tuples_field_to_match_data` -: When the value of Type is `HEADER`, enter the name of the header that you want AWS WAF to search, for example, `User-Agent` or `Referer`. - -`sql_injection_match_tuples_text_transformations` -: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. - -## Examples - -**Ensure an injection match set is available.** - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - its('sql_injection_match_set_id') { should eq 'SQL_INJECTION_MATCH_SET_ID' } -end -``` - -**Ensure an injection match set is available..** - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - its('name') { should eq 'SQL_INJECTION_MATCH_SET_NAME' } -end -``` - -**Ensure an injection match set type is `HEADER`.** - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - its('sql_injection_match_tuples_field_to_match_types') { should include 'HEADER' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_sql_injection_match_set(sql_injection_match_set_id: 'SQL_INJECTION_MATCH_SET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetSqlInjectionMatchSetResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_sql_injection_match_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_sql_injection_match_sets.md deleted file mode 100644 index f93388017a..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_sql_injection_match_sets.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "aws_waf_sql_injection_match_sets resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_sql_injection_match_sets" -identifier = "inspec/resources/aws/aws_waf_sql_injection_match_sets resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_sql_injection_match_sets` Chef InSpec audit resource to test the properties of multiple AWS WAF `SqlInjectionMatchSet` objects. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::SqlInjectionMatchSet` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-sqlinjectionmatchset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a `SqlInjectionMatchSet` object exists. - -```ruby -describe aws_waf_sql_injection_match_sets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`sql_injection_match_set_ids` -: A unique identifier for a `SqlInjectionMatchSet`. - -: **Field**: `sql_injection_match_set_id` - -`names` -: The name of the `SqlInjectionMatchSet`. - -: **Field**: `name` - -## Examples - -**Ensure an injection match set is available.** - -```ruby -describe aws_waf_sql_injection_match_sets do - its('sql_injection_match_set_ids') { should include 'SQL_INJECTION_MATCH_SET_ID' } -end -``` - -**Ensure an injection match set is available.** - -```ruby -describe aws_waf_sql_injection_match_sets do - its('names') { should include 'SQL_INJECTION_MATCH_SET_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_sql_injection_match_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_sql_injection_match_sets do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_sql_injection_match_sets do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListSqlInjectionMatchSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_web_acl.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_web_acl.md deleted file mode 100644 index 09fe75cceb..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_web_acl.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "aws_waf_web_acl resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_web_acl" -identifier = "inspec/resources/aws/aws_waf_web_acl resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_web_acl` InSpec audit resource to test the properties of a single AWS WAF web ACL. - -The `AWS::WAFv2::WebACL` AWS resource defines a collection of rules to use to inspect and control web requests. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAFv2::WebACL` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-webacl.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that a web ACL exists. - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - it { should exist } -end -``` - -## Parameters - -`web_acl_id` _(required)_ - -: The unique identifier for the web ACL. - -## Properties - -`web_acl_id` -: The unique identifier for the web ACL. - -`name` -: The name of the web ACL. - -`default_action.type` -: Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. - -`rules` -: An array that contains the action for each Rule in a `WebACL`, the priority of the `Rule`, and the ID of the `Rule`. - -`rules_priorities` -: Specifies the order in which the Rules in a WebACL are evaluated. - -`rules_rule_ids` -: The RuleId for a Rule. - -`rules_actions` -: Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule. - -`rules_action_types` -: Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. - -`rules_override_actions` -: Use the OverrideAction to test your RuleGroup. - -`rules_override_action_types` -: The type of the OverrideAction to test your RuleGroup. - -`rules_types` -: The rule type, either `REGULAR`, as defined by Rule, `RATE_BASED`, as defined by RateBasedRule, or `GROUP`, as defined by RuleGroup. - -`rules_excluded_rules` -: An array of rules to exclude from a rule group. - -`rules_excluded_rules_rule_ids` -: The unique identifier for the rule to exclude from the rule group. - -`web_acl_arn` -: Tha Amazon Resource Name (ARN) of the web ACL. - -## Examples - -**Ensure a web ACL is available.** - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - its('web_acl_id') { should eq 'WEB_ACL_ID' } -end -``` - -**Ensure a web ACL name is available.** - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - its('name') { should eq 'WEB_ACL_NAME' } -end -``` - -**Ensure a web ACL rule type is `REGULAR`.** - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - its('rules_types') { should include 'REGULAR' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_web_acl(web_acl_id: 'WEB_ACL_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetWebACLResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_web_acls.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_web_acls.md deleted file mode 100644 index 237d4e783f..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_web_acls.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "aws_waf_web_acls resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_web_acls" -identifier = "inspec/resources/aws/aws_waf_web_acls resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_web_acls` InSpec audit resource to test the properties of multiple of AWS WAF WebACL. - -The `AWS::WAFv2::WebACL` AWS resource defines a collection of rules to use to inspect and control web requests. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAFv2::WebACL` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-webacl.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that web ACL exists. - -```ruby -describe aws_waf_web_acls do - it { should exist } -end -``` - -## Parameters - -No required parameters. - -## Properties - -`web_acl_ids` -: The unique identifier for the web ACL. - -: **Field**: `web_acl_id` - -`names` -: The name of the web ACL. - -: **Field**: `name` - -## Examples - -**Ensure a web ACL is available.** - -```ruby -describe aws_waf_web_acls do - its('web_acl_ids') { should include 'WEB_ACL_ID' } -end -``` - -**Ensure a web ACL name is available..** - -```ruby -describe aws_waf_web_acls do - its('names') { should include 'WEB_ACL_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_web_acls do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_web_acls do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_web_acls do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListWebACLsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_xss_match_match_set.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_xss_match_match_set.md deleted file mode 100644 index 70dd6eabc6..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_xss_match_match_set.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "aws_waf_xss_match_set resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_xss_match_set" -identifier = "inspec/resources/aws/aws_waf_xss_match_set resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_xss_match_set` InSpec audit resource to test the properties of a single AWS WAF `XssMatchSet` object. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::XssMatchSet` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-xssmatchset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that an `XssMatchSet` object exists. - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - it { should exist } -end -``` - -## Parameters - -`xss_match_set_id` _(required)_ - -: A unique identifier for an `XssMatchSet`. - -## Properties - -`xss_match_set_id` -: A unique identifier for an `XssMatchSet`. - -`name` -: The name of the `XssMatchSet`. - -`xss_match_tuples` -: Specifies the parts of web requests that you want to inspect for cross-site scripting attacks. - -`xss_match_tuples_field_to_match_types` -: The part of the web request that you want AWS WAF to search for a specified string. - -`xss_match_tuples_field_to_match_data` -: When the value of Type is HEADER , enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. - -`xss_match_tuples_text_transformations` -: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. - -## Examples - -**Ensure an `XssMatchSet` object is available.** - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - its('xss_match_set_id') { should eq 'XSS_MATCH_SET_ID' } -end -``` - -**Verify the name of an `XssMatchSet` object.** - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - its('name') { should eq 'XSS_MATCH_SET_NAME' } -end -``` - -**Verify an `XssMatchSet` object has a type of `URI`.** - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - its('xss_match_tuples_field_to_match_types') { should include 'URI' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - it { should_not exist } -end -``` - -### be_available - -Use `should` to check if the entity is available. - -```ruby -describe aws_waf_xss_match_set(xss_match_set_id: 'XSS_MATCH_SET_ID') do - it { should be_available } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:GetXssMatchSetResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_xss_match_match_sets.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_xss_match_match_sets.md deleted file mode 100644 index a85a105469..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/aws_waf_xss_match_match_sets.md +++ /dev/null @@ -1,91 +0,0 @@ -+++ -title = "aws_waf_xss_match_sets resource" -platform = "aws" -draft = false -gh_repo = "inspec-aws" - -[menu.inspec] -title = "aws_waf_xss_match_sets" -identifier = "inspec/resources/aws/aws_waf_xss_match_sets resource" -parent = "inspec/resources/aws" -+++ - -Use the `aws_waf_xss_match_sets` InSpec audit resource to test the properties of multiple AWS WAF `XssMatchSet` objects. - -For additional information, including details on parameters and properties, see the [AWS documentation on the `AWS::WAF::XssMatchSet` resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-xssmatchset.html). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_aws_install.md" >}} - -## Syntax - -Ensure that any `XssMatchSet` object exists. - -```ruby -describe aws_waf_xss_match_sets do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`xss_match_set_ids` -: A unique identifier for an `XssMatchSet`. - -: **Field**: `xss_match_set_id` - -`names` -: The name of the `XssMatchSet`. - -: **Field**: `name` - -## Examples - -**Verify an `XssMatchSet` object is available by ID.** - -```ruby -describe aws_waf_xss_match_sets do - its('xss_match_set_ids') { should include 'XSS_MATCH_SET_ID' } -end -``` - -**Verify an `XssMatchSet` object name is available.** - -```ruby -describe aws_waf_xss_match_sets do - its('names') { should include 'XSS_MATCH_SET_NAME' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -The controls will pass if the `list` method returns at least one result. - -### exist - -Use `should` to test that the entity exists. - -```ruby -describe aws_waf_xss_match_sets do - it { should exist } -end -``` - -Use `should_not` to test the entity does not exist. - -```ruby -describe aws_waf_xss_match_sets do - it { should_not exist } -end -``` - -## AWS Permissions - -{{% inspec-aws/aws_permissions_principal action="WAF:Client:ListXssMatchSetsResponse" %}} diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/reusable/index.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/reusable/index.md deleted file mode 100644 index 41de90ae49..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/reusable/index.md +++ /dev/null @@ -1,5 +0,0 @@ -+++ -headless = true -## headless = true makes this directory a headless bundle. -## See https://gohugo.io/content-management/page-bundles/#headless-bundle -+++ diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/reusable/md/inspec_aws_install.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/reusable/md/inspec_aws_install.md deleted file mode 100644 index f935fd3fa3..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/content/inspec/resources/reusable/md/inspec_aws_install.md +++ /dev/null @@ -1,4 +0,0 @@ - -This resource is available in the [Chef InSpec AWS resource pack](https://github.com/inspec/inspec-aws). - -For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the [Chef InSpec documentation on the AWS cloud platform](/inspec/cloud/aws/). diff --git a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/layouts/shortcodes/inspec-aws/aws_permissions_principal.md b/_vendor/github.com/inspec/inspec-aws/docs-chef-io/layouts/shortcodes/inspec-aws/aws_permissions_principal.md deleted file mode 100644 index e7740177db..0000000000 --- a/_vendor/github.com/inspec/inspec-aws/docs-chef-io/layouts/shortcodes/inspec-aws/aws_permissions_principal.md +++ /dev/null @@ -1,2 +0,0 @@ - -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `{{ .Get "action" }}` action with `Effect` set to `Allow`. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/assets/release-notes/inspec-azure/release-dates.json b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/assets/release-notes/inspec-azure/release-dates.json deleted file mode 100644 index 1532998974..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/assets/release-notes/inspec-azure/release-dates.json +++ /dev/null @@ -1,4 +0,0 @@ -[ - "2021-10-08", - "2022-01-07" -] diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/config.toml b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/config.toml deleted file mode 100644 index c39b86f5ec..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[params.inspec-azure] -gh_path = "https://github.com/inspec/inspec-azure/tree/main/docs-chef-io/content/" diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md deleted file mode 100644 index 6044f771a2..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_active_directory_domain_service Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_active_directory_domain_service" -identifier = "inspec/resources/azure/azure_active_directory_domain_service Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_active_directory_domain_service` InSpec audit resource to test the properties of an Azure Active Directory service within a tenant. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_active_directory_domain_service(id: 'example.com') do - it { should exist } -end -``` - -## Parameters - -Either one of the following parameters is mandatory. - -`id` -: Domain ID. - -: **Example**: `example.com` - -## Properties - -`id` -: The fully qualified name of the domain. Key, immutable, not nullable, and unique. - -`authenticationType` -: Indicates the configured authentication type for the domain. The value is either `Managed` or `Federated`. - -`availabilityStatus` -: This property is always `null` except when the verify action is used. - -`isAdminManaged` -: The value of the property is `false` if the DNS record management of the domain has been delegated to Microsoft 365. - -`isDefault` -: `true` if this is the default domain used for user creation. There is only one default domain per company. Not nullable. - -`isInitial` -: `true` if this is the initial domain created by Microsoft Online Services (`companyname.onmicrosoft.com`). There is only one initial domain per company. - -`isRoot` -: `true` if the domain is a verified root domain. Otherwise, `false` if the domain is a subdomain or unverified. - -`isVerified` -: `true` if the domain has completed domain ownership verification. - -`passwordNotificationWindowInDays` -: Specifies the number of days before a user receives notification that their password will expire. A default value of `14 days` will be used if the property is not set. - -`passwordValidityPeriodInDays` -: Specifies the length of time that a password is valid before it must be changed. A default value of `90 days` will be used if the property is not set. - -`supportedServices` -: The capabilities assigned to the domain. - -`state` -: Status of asynchronous operations scheduled for the domain. - -## Examples - -### Test if an active directory domain is referenced with a valid ID - -```ruby -describe azure_active_directory_domain_service(id: 'example.com') do - it { should exist } -end -``` - -### Test if an active directory domain is referenced with an invalid ID - -```ruby -describe azure_active_directory_domain_service(id: 'example.com') do - it { should_not exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -describe azure_active_directory_domain_service(id: 'example.onmicrosoft.com') do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md deleted file mode 100644 index b0cc5c708c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md +++ /dev/null @@ -1,165 +0,0 @@ -+++ -title = "azure_active_directory_domain_services Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_active_directory_domain_services" -identifier = "inspec/resources/azure/azure_active_directory_domain_services Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_active_directory_domain_services` InSpec audit resource to test the properties of some or all Azure Active Directory domains within a tenant. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_active_directory_domain_services` resource block returns all Azure Active Directory domains contained within the configured tenant and then tests that group of domains. - -```ruby -describe azure_active_directory_domain_services do - #... -end -``` - -## Parameters - -The following parameters can be passed for targeting specific domains. - -`filter` -: A hash containing the filtering options and their values. The `starts_with_` operator can be used for fuzzy string matching. Parameter names are in the snake case. - -: **Example**: `{ starts_with_given_name: 'J', starts_with_department: 'Core', country: 'United Kingdom', given_name: John}` - -`filter_free_text` -: [OData](https://www.odata.org/getting-started/basic-tutorial/) query string in double quotes, `"`. - -Property names are in camel case. For more information, refer to [Microsoft's query parameters documentation](https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter). - -: **Example**: `"startswith(displayName,'J') and surname eq 'Doe'"` or `"userType eq 'Guest'"` - -It is advised to use these parameters to narrow down the targeted resources at the server side, Azure Graph API, for a more efficient test. - -## Properties - -`ids` -: A list of fully qualified names of the domain. - -: **Field**: `id` - -`authentication_types` -: A list of the configured authentication types for the domain. - -: **Field**: `authenticationType` - -`availability_statuses` -: A list of domain entities when verify action is set. - -: **Field**: `availabilityStatus` - -`is_admin_manageds` -: A list of admin-managed configurations. - -: **Field**: `isAdminManaged` - -`is_defaults` -: A list of flags to indicate if they are default domains. - -: **Field**: `isDefault` - -`is_initials` -: A list of flags to indicate if they are initial domains created by Microsoft Online Services. - -: **Field**: `isInitial` - -`is_roots` -: A list of flags to indicate if they are verified root domains. - -: **Field**: `isRoot` - -`is_verifieds` -: A list of flags to indicate if the domains have completed domain ownership verification. - -: **Field**: `isVerified` - -`password_notification_window_in_days` -: A list of password notification window days. - -: **Field**: `passwordNotificationWindowInDays` - -`password_validity_period_in_days` -: A list of password validity periods in days. - -: **Field**: `passwordValidityPeriodInDays` - -`supported_services` -: A list of capabilities assigned to the domain. - -: **Field**: `supportedServices` - -`states` -: A list of asynchronous operations scheduled. - -: **Field**: `state` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check domains with some filtering parameters applied at the server side using 'filter' - -```ruby -describe azure_active_directory_domain_services(filter: {authenticationType: "authenticationType-value"}) do - it { should exist } -end -``` - -### Check domains with some filtering parameters applied at the server side using 'filter_free_text' - -```ruby -describe azure_active_directory_domain_services(filter_free_text: "startswith(authenticationType,'authenticationType-value')") do - it { should exist } -end -``` - -### Test to ensure there are supported services using client-side filtering - -```ruby -describe azure_active_directory_domain_services.supportedServices do - it { should_not exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_active_directory_domain_services do - it { should_not exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_object.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_object.md deleted file mode 100644 index f43ed12c0e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_object.md +++ /dev/null @@ -1,172 +0,0 @@ -+++ -title = "azure_active_directory_object Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_active_directory_object" -identifier = "inspec/resources/azure/azure_active_directory_object Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_active_directory_object` InSpec audit resource to test the properties of an Azure Active Directory object. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do - it { should exist } -end -``` - -## Parameters - -Parameter `id` is mandatory. - -`id` -: The Active Directory object ID. - -: **Example**: `0bf29229-50d7-433c-b08e-2a5d8b293cb5` - -## Properties - -`id` -: The object's globally unique ID. - -`deletedDateTime` -: The date and time that the object was deleted. - -`classification` -: The classification of the AD object. - -`createdDateTime` -: The created Datetime of the AD object. - -`creationOptions` -: The creationOptions of the AD object. - -`description` -: The description of the AD object. - -`displayName` -: The display name of the AD object. - -`expirationDateTime` -: The expiration Datetime of the AD object. - -`groupTypes` -: The group types of the AD object group. - -`isAssignableToRole` -: The roles assignable to the AD object. - -`mail` -: The configured mail for the AD object. - -`mailEnabled` -: The mail-enabled configuration parameter. - -`mailNickname` -: The mail nickname configuration. - -`membershipRule` -: The membership rule for the AD object. - -`membershipRuleProcessingState` -: The processing state of the membership rule. - -`onPremisesDomainName` -: The specified domain name for the on-premises domain. - -`onPremisesLastSyncDateTime` -: The on-premises latest sync date time. - -`onPremisesNetBiosName` -: The on-premises net bios name. - -`onPremisesSamAccountName` -: The on-premises SAM account name. - -`onPremisesSecurityIdentifier` -: The on-premises security identifier. - -`onPremisesSyncEnabled` -: The on-premises sync enabled configuration. - -`onPremisesProvisioningErrors` -: The on-premises provisioning errors. - -`preferredDataLocation` -: The preferred data location. - -`preferredLanguage` -: The preferred language. - -`proxyAddresses` -: The proxy addresses for the object. - -`renewedDateTime` -: The renewed date time of the AD object. - -`resourceBehaviorOptions` -: The behavior options set for the resource. - -`resourceProvisioningOptions` -: The resource provisioning options set. - -`securityEnabled` -: The security-enabled configured. - -`securityIdentifier` -: The security identifier configured. - -`theme` -: The theme of the object. - -`visibility` -: The visibility status of the object. - -## Examples - -### Test if an Active Directory object is referenced with a valid ID - -```ruby -describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do - it { should exist } -end -``` - -### Test if an Active Directory object is referenced with an invalid ID - -```ruby -describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do - it { should_not exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_objects.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_objects.md deleted file mode 100644 index ed251f64ed..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_active_directory_objects.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "azure_active_directory_objects Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_active_directory_objects" -identifier = "inspec/resources/azure/azure_active_directory_objects Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_active_directory_objects` InSpec audit resource to test the properties and configuration of multiple Azure Active Directory objects. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_active_directory_objects` resource block returns all Active Directory objects for the current service principle. - -```ruby -describe azure_active_directory_objects do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`values` -: A list of the unique directory object values. - -: **Field**: `value` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Iterate over and test the visibility of Active Directory objects - -```ruby - azure_active_directory_objects.values.each do |value| - describe azure_active_directory_object(id: value) do - it { should exist } - its('visibility') { should_not be_empty } - end - end - -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect the current service principle to have AD objects. - -describe azure_active_directory_objects do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the current service principle not to have AD objects. - -describe azure_active_directory_objects do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_aks_cluster.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_aks_cluster.md deleted file mode 100644 index 1fb05cd72e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_aks_cluster.md +++ /dev/null @@ -1,148 +0,0 @@ -+++ -title = "azure_aks_cluster Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_aks_cluster" -identifier = "inspec/resources/azure/azure_aks_cluster Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_aks_cluster` InSpec audit resource to test the properties of an Azure AKS Cluster. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_aks_cluster` resource block identifies an AKS Cluster by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_aks_cluster(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerService/managedClusters/{ClusterName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the AKS cluster to test. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`identity` -: The identity of the managed cluster, if configured. It is a [managed cluster identity object](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedclusteridentity). - -`sku` -: The SKU (pricing tier) of the resource. - -`diagnostic_settings` -: The diagnostic settings for the resource group that the AKS cluster is within. - -`enabled_logging_types` -: The logging types that are enabled for the AKS cluster. - -`disabled_logging_types` -: The logging types that are disabled for the AKS cluster. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedcluster) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that an AKS Cluster has the desired network plug-in - -```ruby -describe azure_aks_cluster('RESOURCE_GROUP', name: 'CLUSTER_NAME') do - its('properties.networkProfile.networkPlugin') { should cmp 'kubenet' } -end -``` - -### Loop through all clusters within the subscription - -```ruby -azure_aks_clusters.ids.each do |resource_id| - describe azure_aks_cluster(resource_id: resource_id) do - its('properties.networkProfile.networkPlugin') { should cmp 'kubenet' } - end -end -``` - -### Test that a specified AKS Cluster has the correct number of nodes in pool - -```ruby -describe azure_aks_cluster('RESOURCE_GROUP', name: 'CLUSTER_NAME') do - its('properties.agentPoolProfiles.first.count') { should cmp 5 } -end -``` - -### Test that a specified AKS Cluster has kube-audit logging enabled - -```ruby -describe azure_aks_cluster('RESOURCE_GROUP', name: 'CLUSTER_NAME') do - its('enabled_logging_types') { should include "kube-audit" } -end -``` - -### Test that a specified AKS Cluster has logging enabled on it and no forms of logging are disabled - -```ruby -describe azure_aks_cluster('RESOURCE_GROUP', name: 'CLUSTER_NAME') do - its('disabled_logging_types.count') { should eq 0 } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_aks_cluster.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect 'CLUSTERNAME' to always exist. - -describe azure_aks_cluster('RESOURCE_GROUP', name: 'CLUSTER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'CLUSTERNAME' to never exist. - -describe azure_aks_cluster('RESOURCE_GROUP', name: 'CLUSTER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_aks_clusters.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_aks_clusters.md deleted file mode 100644 index 48635be6e5..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_aks_clusters.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_aks_clusters Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_aks_clusters" -identifier = "inspec/resources/azure/azure_aks_clusters Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_aks_clusters` InSpec audit resource to test the properties and configuration of multiple Azure AKS Clusters. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_aks_clusters` resource block returns all AKS Clusters, either within a Resource Group (if provided) or within an entire Subscription. - -```ruby -describe azure_aks_clusters do - #... -end -``` - -Or - -```ruby -describe azure_aks_clusters(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that an example Resource Group has the named AKS Cluster - -```ruby -describe azure_aks_clusters(resource_group: 'RESOURCE_GROUP') do - its('names') { should include('ClusterName') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' Resource Group to have AKS Clusters. - -describe azure_aks_clusters(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' Resource Group not to have AKS Clusters. - -describe azure_aks_clusters(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_api_management.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_api_management.md deleted file mode 100644 index 331550e7ab..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_api_management.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "azure_api_management Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_api_management" -identifier = "inspec/resources/azure/azure_api_management Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_api_management` InSpec audit resource to test the properties and configuration of an Azure API Management Service. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_api_management(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_api_management(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ApiManagement/service/{apim01}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the API Management Service. - -`api_management_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `api_management_name` - -## Properties - -`identity` -: Managed service identity of the API Management service. It is an [API Management Service](https://docs.microsoft.com/en-us/rest/api/apimanagement/current-ga/api-management-service/get?tabs=HTTP#apimanagementservicegetservice). - -`sku` -: The SKU (pricing tier) of the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/apimanagement/current-ga/api-management-service/get?tabs=HTTP) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test API Management Service's publisher Email value - -```ruby -describe azure_api_management(resource_group: RESOURCE_GROUP, api_management_name: API_MANAGEMENT_NAME) do - its('properties.publisherEmail') { should eq 'company@inspec.io' } -end -``` - -### Loop through resources via plural resource - -```ruby -azure_api_managements.ids.each do |resource_id| - describe azure_api_management(resource_id: resource_id) do - its('properties.publisherEmail') { should eq 'company@inspec.io' } - end -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_api_management.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect 'APIM01' always to exist. - -describe azure_api_management(resource_group: 'RESOURCE_GROUP', name: 'APIM01') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'APIM01' to never exist. - -describe azure_api_management(resource_group: 'RESOURCE_GROUP', name: 'APIM01') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_api_managements.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_api_managements.md deleted file mode 100644 index 64056c641c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_api_managements.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azure_api_managements Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_api_managements" -identifier = "inspec/resources/azure/azure_api_managements Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_api_managements` InSpec audit resource to test the properties and configuration of Azure API Management Services. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_api_managements` resource block returns all Azure API Management Services, either within a Resource Group (if provided) or an entire Subscription. - -```ruby -describe azure_api_managements do - #... -end -``` - -Or - -```ruby -describe azure_api_managements(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check API Management Services are present - -```ruby -describe azure_api_managements do - it { should exist } - its('names') { should include 'my-apim' } -end -``` - -### Filter the results to include only those with names that match the specified string value - -```ruby -describe azure_api_managements.where{ name.eql?('production-apim-01') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' Resource Group to have API Management Services. - -describe azure_api_managements(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' Resource Group not to have API Management Services. - -describe azure_api_managements(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_application_gateway.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_application_gateway.md deleted file mode 100644 index 39315b9ee4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_application_gateway.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_application_gateway Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_application_gateway" -identifier = "inspec/resources/azure/azure_application_gateway Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_application_gateway` InSpec audit resource to test the properties and configuration of an Azure Application Gateway. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` must be given as a parameter. - -```ruby -describe azure_application_gateway(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_application_gateway(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/applicationGateways/{gatewayName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the targeted resource. - -`application_gateway_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `application_gateway_name` - -## Properties - -`identity` -: The identity of the application gateway, if configured. It is a [managed service identity object](https://docs.microsoft.com/en-us/rest/api/application-gateway/applicationgateways/get#managedserviceidentity). - -`zones` -: A list of availability zones denoting from where the resource needs to come. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/application-gateway/applicationgateways/get#applicationgateway) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the SSL policy name of an application gateway - -```ruby -describe azure_application_gateway(resource_group: 'RESOURCE_GROUP', application_gateway_name: 'APPLICATION_GATEWAY_NAME') do - its('properties.sslPolicy.policyName') { should eq 'AppGwSslPolicy20170401S' } -end -``` - -```ruby -describe azure_application_gateway(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/applicationGateways/{gatewayName}') do - its('properties.sslPolicy.policyName') { should eq 'AppGwSslPolicy20170401S' } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_application_gateway.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect 'APPGW-1' always to exist. - -describe azure_application_gateway(resource_group: 'RESOURCE_GROUP', name: 'APPGW-1') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'APPGW-1' never to exist. - -describe azure_application_gateway(resource_group: 'RESOURCE_GROUP', name: 'APPGW-1') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_application_gateways.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_application_gateways.md deleted file mode 100644 index c02e5a4ecf..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_application_gateways.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "azure_application_gateways Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_application_gateways" -identifier = "inspec/resources/azure/azure_application_gateways Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_application_gateways` InSpec audit resource to test the properties and configuration of Azure Application Gateways. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_application_gateways` resource block returns all Azure Application Gateways, either within a Resource Group (if provided) or an entire Subscription. - -```ruby -describe azure_application_gateways do - #... -end -``` - -Or - -```ruby -describe azure_application_gateways(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check Application Gateways are present - -```ruby -describe azure_application_gateways do - it { should exist } - its('names') { should include 'my-appgw' } -end -``` - -### Filter the results to include only those with names that match the specified string value - -```ruby -describe azure_application_gateways.where{ name.eql?('production-appgw-01') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' Resource Group to have Application Gateways. - -describe azure_application_gateways(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby - -# If we expect 'EMPTYEXAMPLEGROUP' Resource Group not to have Application Gateways. - -describe azure_application_gateways(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_bastion_hosts_resource.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_bastion_hosts_resource.md deleted file mode 100644 index 73c0703393..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_bastion_hosts_resource.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "azure_bastion_hosts_resource Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_bastion_hosts_resource" -identifier = "inspec/resources/azure/azure_bastion_hosts_resource Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_bastion_hosts_resource` InSpec audit resource to test the properties related to a Bastion hosts resource. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and bastion hosts resource `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_bastion_hosts_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the virtual network to test. - -Both the parameter sets should be provided for a valid query: `resource_group` and `name`. - -## Properties - -`name` -: Name of the Azure resource to test. - -`tags` -: A list of `tag:value` pairs defined on the resources. - -`type` -: type of Bastion hostname. - -`provisioning_state` -: State of Bastion host name creation. - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/bastion-hosts/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test to ensure that the Bastion hosts resource is from the same type - -```ruby -describe azure_bastion_hosts_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('type') { should eq 'Microsoft.Network/bastionHosts' } -end -``` - -### Test to ensure that the Bastion hosts resource is in a successful state - -```ruby -describe azure_bastion_hosts_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('provisioning_state') { should include('Succeeded') } -end -``` - -### Test to ensure that the Bastion hosts resource is from the same location - -```ruby -describe azure_bastion_hosts_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('location') { should include df_location } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Bastion hosts resource is found, it will exist. - -describe azure_bastion_hosts_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Bastion hosts resources that are not found, will not exist. - -describe azure_bastion_hosts_resource(resource_group: 'RESOURCE_GROUP', name: 'DOES_NOT_EXIST') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_bastion_hosts_resources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_bastion_hosts_resources.md deleted file mode 100644 index f97f172109..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_bastion_hosts_resources.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azure_bastion_hosts_resources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_bastion_hosts_resources" -identifier = "inspec/resources/azure/azure_bastion_hosts_resources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_bastion_hosts_resources` InSpec audit resource to test the properties of Azure Bastion hosts for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_bastion_hosts_resource` resource block returns all Azure Bastion hosts within a resource group (if provided). - -```ruby -describe azure_bastion_hosts_resources(resource_group: 'RESOURCE_GROUP') do - .. -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`name` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of Bastion hosts IDs. - -: **Field**: `id` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`provisioning_states` -: State of Bastion hosts creation. - -: **Field**: `provisioningState` - -`types` -: Types of all the Bastion hosts. - -: **Field**: `type` - -`properties` -: Properties of all the Bastion hosts. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test to ensure that the Bastion hosts resource is from the same type - -```ruby -describe azure_bastion_hosts_resources(resource_group: 'RESOURCE_GROUP') do - its('type') { should eq 'Microsoft.Network/bastionHosts' } -end -``` - -### Test to ensure that the Bastion hosts resource is in a successful state - -```ruby -describe azure_bastion_hosts_resources(resource_group: 'RESOURCE_GROUP') do - its('provisioning_states') { should include('Succeeded') } -end -``` - -### Test to ensure that the Bastion hosts resource is from the same location - -```ruby -describe azure_bastion_hosts_resources(resource_group: 'RESOURCE_GROUP') do - its('location') { should include df_location } -end -``` - -### Test if any Bastion hosts exist in the resource group - -```ruby -describe azure_bastion_hosts_resources(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Bastion hots are in the resource group. - -describe azure_bastion_hosts_resources(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_blob_service.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_blob_service.md deleted file mode 100644 index c126d73895..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_blob_service.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "azure_blob_service Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_blob_service" -identifier = "inspec/resources/azure/azure_blob_service Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_blob_service` Chef InSpec audit resource to test the properties of an Azure Storage account's Blob service. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_blob_service` resource block identifies an Azure Blob Service by `resource_group`, or the `storage_account_name`. - -```ruby -describe azure_blob_service(resource_group: 'RESOURCE_GROUP', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`storage_account_name` -: Name of the Storage account to test. - -## Properties - -`identity` -: The identity of the managed cluster, if configured. It is a [managed cluster identity object](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedclusteridentity). - -`id` -: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - -`name` -: The name of the resource - -`properties.automaticSnapshotPolicyEnabled` -: Deprecated in favor of isVersioningEnabled property. - -`properties.changeFeed` -: The blob service properties for change feed events. - -`properties.containerDeleteRetentionPolicy` -: The blob service properties for container soft delete. - -`properties.cors` -: Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. - -`properties.defaultServiceVersion` -: DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request's version is not specified. Possible values include version 2008-10-27 and all more recent versions. - -`properties.deleteRetentionPolicy` -: The blob service properties for blob soft delete. - -`properties.isVersioningEnabled` -: Versioning is enabled if set to true. - -`properties.lastAccessTimeTrackingPolicy` -: The blob service property to configure last access time based tracking policy. - -`properties.restorePolicy` -: The blob service properties for blob restore policy. - -`sku` -: Sku name and tier. - -`type` -: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - -See [Azure's documentation on Blob service](https://learn.microsoft.com/en-us/rest/api/storagerp/blob-services/get-service-properties?tabs=HTTP) for a full list of available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test sku name in the Blob Service - -```ruby -describe azure_blob_service(resource_group: 'RESOURCE_GROUP', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - its('sku.name') { should eq 'Standard_RAGRS' } -end -``` - -### Test that type - -```ruby -describe azure_blob_service(resource_group: 'RESOURCE_GROUP', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - its('type') { should eq 'Microsoft.Storage/storageAccounts/blobServices' } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_blob_service.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_blob_service(resource_group: 'RESOURCE_GROUP', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - it { should exist } -end -``` - - -```ruby -describe azure_blob_service(resource_group: 'RESOURCE_GROUP', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_blob_services.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_blob_services.md deleted file mode 100644 index 2cf392763c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_blob_services.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_blob_services Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_blob_services" -identifier = "inspec/resources/azure/azure_blob_services Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_blob_services` Chef InSpec audit resource to test the properties and configuration of multiple Azure storage accounts' Blob services. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_blob_services` resource block returns all Azure Blob Service, either within a Resource Group (if provided) or within an entire Subscription. - -```ruby -describe azure_blob_services(resource_group: 'RESOURCE_GROUP_NAME', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`storage_account_name` -: Name of the Storage account to test. - -## Properties - -`ids` -: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - -: **Field**: `id` - -`names` -: The name of the resource. - -: **Field**: `name` - -`properties` -: The property of the resource. - -: **Field**: `properties` - -`skus` -: Sku name and tier. - -: **Field**: `sku` - -`types` -: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - -: **Field**: `type` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -See [Azure's documentation on Blob services](https://learn.microsoft.com/en-us/rest/api/storagerp/blob-services/list?tabs=HTTP) for a full list of available properties. - -## Examples - -### Test that an example Resource Group has the named storage account - -```ruby -describe azure_blob_services(resource_group: 'RESOURCE_GROUP_NAME', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - its('names') { should include('STORAGE_ACCOUNT_NAME') } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_blob_services.rb) for more examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_blob_services(resource_group: 'RESOURCE_GROUP_NAME', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_blob_services(resource_group: 'RESOURCE_GROUP_NAME', storage_account_name: 'STORAGE_ACCOUNT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cdn_profile.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cdn_profile.md deleted file mode 100644 index d28d72f36f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cdn_profile.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_cdn_profile Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_cdn_profile" -identifier = "inspec/resources/azure/azure_cdn_profile Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_cdn_profile` Chef InSpec audit resource to test the properties and configuration of an Azure CDN profile. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -Either the `resource_group` and `name`, or the `resource_id` are required . - -```ruby -describe azure_cdn_profile(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_cdn_profile(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group that the targeted resource resides in. - -`name` -: The unique name of the CDN profile name. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}`. - -Provide one of the following parameter sets for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`properties.frontDoorId` -: The ID of the frontdoor. - -For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -See the [Azure CDN profile documentation](https://docs.microsoft.com/en-us/rest/api/cdn/profiles/get#profile) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -**Check the resource state of a CDN profile.** - -```ruby -describe azure_cdn_profile(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.resourceState') { should eq 'Active' } -end -``` - -**Check the resource state of all profiles in a subscription.** - -```ruby -azure_cdn_profiles.ids.each do |id| - describe azure_cdn_profile(resource_id: id) do - its('properties.resourceState') { should eq 'Active' } - end -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -Use `exist` if a resource should exist. - -```ruby -describe azure_cdn_profile(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -Use `should_not` for a resource that should not exist. - -```ruby -describe azure_cdn_profile(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cdn_profiles.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cdn_profiles.md deleted file mode 100644 index 6230de7a06..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cdn_profiles.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "azure_cdn_profiles Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_cdn_profiles" -identifier = "inspec/resources/azure/azure_cdn_profiles Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_cdn_profiles` Chef InSpec audit resource to test properties and configuration of Azure CDN profiles. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_cdn_profiles` resource block returns all Azure CDN profiles, either within a resource group (if provided), or within an entire subscription. - -```ruby -describe azure_cdn_profiles do - #... -end -``` - -or - -```ruby -describe azure_cdn_profiles(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource ids. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -`skus` -: A list of the SKUs of the resources being interrogated. - -: **Field**: `sku` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -**Check that a CDN profile is present.** - -````ruby -describe azure_cdn_profiles do - it { should exist } - its('names') { should include 'CDN_PROFILE' } -end -```` - -**Filter the CDN profiles by name and verify that it exists.** - -```ruby -describe azure_cdn_profiles.where{ name.eql?('CDN_PROFILE_NAME') } do - it { should exist } -end -``` - -**Filter the CDN profiles by location and verify that at least one exists.** - -```ruby -describe azure_cdn_profiles.where{ location.eql?('eastus-2') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. - -```ruby -describe azure_cdn_profiles(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_cdn_profiles(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_group.md deleted file mode 100644 index 4ef2f8603f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_group.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "azure_container_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_container_group" -identifier = "inspec/resources/azure/azure_container_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_container_group` InSpec audit resource to test the properties related to an Azure container group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` is a required parameter, and `resource_group` could be provided as an optional parameter. - -```ruby -describe azure_container_group(resource_group: 'RESOURCE_GROUP_NAME', name: 'CONTAINER_GROUP_NAME') do - it { should exist } - its('name') { should cmp 'demo1' } - its('type') { should cmp 'Microsoft.ContainerInstance/containerGroups' } - its('location') { should cmp 'WestUs'} -end -``` - -```ruby -describe azure_container_group(resource_group: 'RESOURCE_GROUP_NAME', name: 'CONTAINER_GROUP_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure container group to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -The parameter sets that should be provided for a valid query are `resource_group` and `name`. - -## Properties - -`id` -: The resource ID. - -`name` -: The container group name. - -`type` -: The resource type. - -`location` -: The resource location. - -`properties` -: The properties of the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/container-instances/container-groups/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that the container group has a public IP address - -```ruby -describe azure_container_group(resource_group: 'RESOURCE_GROUP_NAME', name: 'CONTAINER_GROUP_NAME') do - its('properties.ipAddress.type') { should eq 'Public'} -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a container group is found, it will exist. - -describe azure_container_group(resource_group: 'RESOURCE_GROUP_NAME', name: 'CONTAINER_GROUP_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# container groups that are not found, will not exist. -describe azure_container_group(resource_group: 'RESOURCE_GROUP_NAME', name: 'CONTAINER_GROUP_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_groups.md deleted file mode 100644 index 8851011e55..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_groups.md +++ /dev/null @@ -1,168 +0,0 @@ -+++ -title = "azure_container_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_container_groups" -identifier = "inspec/resources/azure/azure_container_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_container_groups` InSpec audit resource to test the properties related to all Azure container groups within a subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_container_groups` resource block returns all Azure container groups within a subscription. - -```ruby -describe azure_container_groups do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the resources. - -: **Field**: `name` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`locations` -: A list of the resource location for all the resources. - -: **Field**: `location` - -`tags` -: A list of tags for all the resources. - -: **Field**: `tags` - -`properties` -: A list of properties all the resources. - -: **Field**: `properties` - -`containers` -: A list of containers within the container group. - -: **Field**: `containers` - -`init_containers` -: A list of init containers for a container group. - -: **Field**: `init_containers` - -`image_registry_credentials` -: A list of image registry credentials through which the container group is created. - -: **Field**: `image_registry_credentials` - -`ip_address` -: A list of IP address type of the container group. - -: **Field**: `ip_address` - -`os_types` -: A list of operating system types required by the containers in the container group. - -: **Field**: `os_type` - -`provisioning_states` -: A list of provisioning states of the container group. - -: **Field**: `provisioning_state` - -`volumes` -: A list of volumes that can be mounted by containers in this container group. - -: **Field**: `volumes` - -`skus` -: A list SKUs for a container group. - -: **Field**: `sku` - -`restart_policies` -: A list of restart policies for all containers within the container group. - -: **Field**: `restart_policy` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test to loop through container groups by their names - -```ruby -azure_container_groups.names.each do |name| - describe azure_container_group(resource_group: 'RESOURCE_GROUP_NAME', name: 'CONTAINER_GROUP_NAME') do - it { should exist } - end -end -``` - -### Test to ensure there are container groups with valid name - -```ruby -describe azure_container_groups.where(name: 'CONTAINER_GROUP_NAME') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no container groups are present in the subscription. - -describe azure_container_groups do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one container group in the subscription. - -describe azure_container_groups do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_registries.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_registries.md deleted file mode 100644 index 2a736f2372..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_registries.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azure_container_registries Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_container_registries" -identifier = "inspec/resources/azure/azure_container_registries Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_container_registries` InSpec audit resource to test the properties and configuration of Azure Container Registries. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_container_registries` resource block returns all Azure Container Registries, within a Resource Group (if provided) or an entire Subscription. - -```ruby -describe azure_container_registries do - #... -end -``` - -or - -```ruby -describe azure_container_registries(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check container registries are present - -```ruby -describe azure_container_registries do - it { should exist } - its('names') { should include 'my-cr' } -end -``` - -### Filter the results to include only those with names match the given string value - -```ruby -describe azure_container_registries.where{ name.eql?('production-cr-01') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have Container Registries. - -describe azure_container_registries(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group to not have Container Registries. - -describe azure_container_registries(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_registry.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_registry.md deleted file mode 100644 index 829706c6cb..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_container_registry.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_container_registry Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_container_registry" -identifier = "inspec/resources/azure/azure_container_registry Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_container_registry` InSpec audit resource to test the properties and configuration of an Azure Container Registry. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource requires the `resource_group` and `name` parameters, or the `resource_id` parameter. - -```ruby -describe azure_container_registry(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_container_registry(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerRegistry/registries/{registryName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the targeted resource. - -`container_registry_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `container_registry_name` - -## Properties - -`id` -: The identity of the container registry, if configured. - -`sku` -: The SKU of the container registry. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/containerregistry/registries/get#registry) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the status of the retention policy for the container registry - -```ruby -describe azure_container_registry(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.status.retentionPolicy') { should cmp 'enabled' } -end -``` - -```ruby -describe azure_container_registry(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerRegistry/registries/{registryName}') do - its('properties.status.retentionPolicy') { should cmp 'enabled' } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_container_registry.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect 'CR-1' to always exist. - -describe azure_container_registry(resource_group: 'RESOURCE_GROUP', name: 'CR-1') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'CR-1' to never exist. - -describe azure_container_registry(resource_group: 'RESOURCE_GROUP', name: 'CR-1') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md deleted file mode 100644 index 2a52d89dc6..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "azure_cosmosdb_database_account Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_cosmosdb_database_account" -identifier = "inspec/resources/azure/azure_cosmosdb_database_account Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_cosmosdb_database_account` InSpec audit resource to test the properties and configuration of an Azure CosmosDb Database account within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_cosmosdb_database_account(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the targeted resource. - -`cosmosdb_database_account` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `cosmosdb_database_account` - -## Properties - -`location` -: Resource location. For example, `eastus`. - -`kind` -: Indicates the type of database account. For example, `GlobalDocumentDB`, `MongoDB`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/sql/2021-02-01-preview/databases/get?tabs=HTTP) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a GlobalDocumentDB is accessible on public network - -```ruby -describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.publicNetworkAccess') { should cmp 'Enabled' } -end -``` - -```ruby -describe azure_cosmosdb_database_account(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}') do - its('properties.publicNetworkAccess') { should cmp 'Enabled' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect 'MY-COSMOS-DB' to always exist. - -describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'MY-COSMOS-DB) do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'MY-COSMOS-DB' to never exist. - -describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'MY-COSMOS-DB') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factories.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factories.md deleted file mode 100644 index 5694f7dca4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factories.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "azure_data_factories Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factories" -identifier = "inspec/resources/azure/azure_data_factories Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factories` InSpec audit resource to test the properties related to data factories for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_factories` resource block returns all Azure data factories, either within a resource group (if provided) or within an entire Subscription. - -```ruby -describe azure_data_factories do - #... -end -``` - -or - -```ruby -describe azure_data_factories(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -## Properties - -`names` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of data factory IDs. - -: **Field**: `id` - -`tags` -: A list of `tag:value` pairs for the resource. - -: **Field**: `tag` - -`provisioning_states` -: The Data Factory provisioning state. - -: **Field**: `provisioning_state` - -`types` -: The resource type. - -: **Field**: `type` - -`repo_configuration_types` -: The Git or VSTS repository configuration types. - -: **Field**: `repo type` - -`repo_configuration_project_names` -: The VSTS repository project names. - -: **Field**: `project_name` - -`repo_configuration_account_names` -: The Git or VSTS repository account names. - -: **Field**: `account_name` - -`repo_configuration_repository_names` -: The Git or VSTS repository names. - -: **Field**: `repository_name` - -`repo_configuration_collaboration_branches` -: The Git or VSTS repository collaboration branches. - -: **Field**: `collaboration_branch` - -`repo_configuration_root_folders` -: The Git or VSTS repository root folders. - -: **Field**: `root_folder` - -`repo_configuration_tenant_ids` -: The VSTS tenant IDs. - -: **Field**: `tenant_id` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test if any Data Factories exist in the resource group - -```ruby -describe azure_data_factories(resource_group: 'RESOURCE_GROUP') do - it { should exist } - its('names') { should include "factory_name" } -end -``` - -### Test that there are not any Data Factories in a resource group - -```ruby -# Should not exist if no Data Factory is in the resource group. - -describe azure_data_factories(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### Filter Data Factories in a resource group by properties - -```ruby -describe azure_data_factories(resource_group: 'RESOURCE_GROUP') do - its('repo_configuration_type') { should include CONFIGURATION_TYPE } - its('repo_configuration_project_name') { should include PROJECT_NAME } - its('repo_configuration_account_name') { should include ACCOUNT_NAME } - its('repo_configuration_repository_name') { should include REPOSITORY_NAME } - its('repo_configuration_collaboration_branch') { should include COLLABORATION_BRANCH } - its('repo_configuration_root_folder') { should include ROOT_FOLDER } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory.md deleted file mode 100644 index 86d53d1e47..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azure_data_factory Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory" -identifier = "inspec/resources/azure/azure_data_factory Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory` InSpec audit resource to test the properties of an Azure Data Factory. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and Data Factory `name` are required parameters. - -```ruby -describe azure_data_factory(resource_group: RESOURCE_GROUP, name: NAME) do - it { should exist } - its('name') { should eq factory_name } - its('type') { should eq 'Microsoft.DataFactory/factories' } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The factory name. - -Both the parameter sets need to be provided for a valid query: `resource_group` and `name`. - -## Properties - -`resource_group` -: Azure resource group that the targeted resource resides in. - -`name` -: Name of the Azure resource to test. - -`type` -: The resource type. - -`provisioning_state` -: The Data Factory provisioning state. - -`repo_configuration_type` -: The Git or VSTS repository configuration type. - -`repo_configuration_project_name` -: The VSTS repository project name. - -`repo_configuration_account_name` -: The Git or VSTS repository account name. - -`repo_configuration_repository_name` -: The Git or VSTS repository name. - -`repo_configuration_collaboration_branch` -: The Git or VSTS repository collaboration branch. - -`repo_configuration_root_folder` -: The Git or VSTS repository root folder. - -`repo_configuration_tenant_id` -: The VSTS tenant ID. - -## Examples - -### Test that a Data Factory exists - -```ruby -describe azure_data_factory(resource_group: resource_group, name: 'DATA_FACTORY_NAME') do - it { should exist } -end -``` - -### Test that a Data Factory does not exist - -```ruby -describe azure_data_factory(resource_group: resource_group, name: 'DATA_FACTORY_NAME') do - it { should_not exist } -end -``` - -### Test properties of a Data Factory - -```ruby -describe azure_data_factory(resource_group: `RESOURCE_GROUP`, name: 'NAME') do - its('repo_configuration_type') { should include REPO_CONFIGURATION_TYPE } - its('repo_configuration_project_name') { should include REPO_CONFIGURATION_PROJECT_NAME } - its('repo_configuration_account_name') { should include REPO_CONFIGURATION_ACCOUNT_NAME } - its('repo_configuration_repository_name') { should include REPO_CONFIGURATION_REPOSITORY_NAME } - its('repo_configuration_collaboration_branch') { should include REPO_CONFIGURATION_COLLABORATION_BRANCH } - its('repo_configuration_root_folder') { should include REPO_CONFIGURATION_ROOT_FOLDER } - its('repo_configuration_tenant_id') { should include REPO_CONFIGURATION_TENANT_ID } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md deleted file mode 100644 index 39cccbbd29..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_data_factory_dataset Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_dataset" -identifier = "inspec/resources/azure/azure_data_factory_dataset Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_dataset` InSpec audit resource to test the properties related to an Azure Data Factory dataset. - -See the [`Azure Data Factories Dataset documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/datasets/get) for additional information. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`dataset_name` _(required)_ -: Name of the Azure resource to test. - -`factory_name` _(required)_ -: The factory name. - -## Properties - -`name` -: Name of the Azure resource to test. - -`id` -: The azure_sentinel_alert_rule type. - -`properties` -: The properties of the resource. - -`type` -: Azure resource type. - -`description` -: The description of dataset type. - -`properties.linkedServiceName.referenceName` -: Reference LinkedService name. - -`properties.linkedServiceName.type` -: Linked service reference type. - -`properties.type` -: The dataset type.`AmazonMWSObjectDataset`, `AvroDataset`. - -## Examples - -### Test if properties match - -```ruby -describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do - it { should exist } - its('name') { should eq 'DATASET_NAME'} - its('type') { should eq 'Microsoft.DataFactory/factories/datasets' } - its('properties.description') { should eq 'Description of dataset.' } - its('properties.linkedServiceName.referenceName') { should eq 'LINKED_SERVICE_NAME' } - its('properties.linkedServiceName.type') { should eq 'LinkedServiceReference' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If a dataset should exist. - -describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby - -# If a dataset should not exist. - -describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md deleted file mode 100644 index 8b8522fd00..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "azure_data_factory_datasets Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_datasets" -identifier = "inspec/resources/azure/azure_data_factory_datasets Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_datasets` InSpec audit resource to test the properties of multiple Azure Data Factory datasets for a resource group or the entire subscription. - -See the [`Azure Data Factories Dataset documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/datasets/get) for additional information. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_factory_datasets` resource block returns all Azure datasets, either within a resource group (if provided) or within an entire Subscription. - -```ruby -describe azure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`factory_name` _(required)_ -: The Azure Data factory name. - -## Properties - -`names` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of dataset IDs. - -: **Field**: `id` - -`properties` -: A list of properties for the resources. - -: **Field**: `properties` - -`types` -: A list of types for each resource. - -: **Field**: `type` - -`descriptions` -: A list of descriptions of the resources. - -: **Field**: `description` - -`linkedServiceName_referenceNames` -: The list of LinkedService names. - -: **Field**: `linkedServiceName_referenceName` - -`linkedServiceName_types` -: The list of LinkedService types. - -: **Field**: `linkedServiceName_type` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test if properties match - -```ruby -describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - its('names') { should include 'DATASET_NAME' } - its('types') { should include 'Microsoft.SecurityInsights/alertRules' } - its('enableds') { should include true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### Test if any Dataset exists in the Data Factory - -```ruby -describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - it { should exist } -end -``` - -### Test that there are not any Datasets in a Data Factory - -```ruby -# Should not exist if no datasets are in the data factory. - -describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_linked_service.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_linked_service.md deleted file mode 100644 index 4f36637b5f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_linked_service.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "azure_data_factory_linked_service Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_linked_service" -identifier = "inspec/resources/azure/azure_data_factory_linked_service Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_linked_service` InSpec audit resource to test the properties of an Azure Linked service. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `linked_service_name`, and `factory_name` are required parameters. - -```ruby -describe azure_data_factory_linked_service(resource_group: `RESOURCE_GROUP`, factory_name: `FACTORY_NAME`, linked_service_name: `LINKED_SERVICE_NAME`) do -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`factory_name` -: The factory name. - -`linked_service_name` -: The name of the linked service. - -All the parameter sets are required for a valid query: - -- `resource_group` , `factory_name`, and `linked_service_name`. - -## Properties - -`name` -: Name of the Azure resource to test. - -`type` -: The resource type. - -`linked_service_type` -: The linked services type. - -`type_properties` -: The properties of linked service type. - -`properties` -: The properties of the resource. - -## Examples - -### Test that a linked service exists - -```ruby -describe azure_data_factory_linked_service(resource_group: `RESOURCE_GROUP`, factory_name: `FACTORY_NAME`, linked_service_name: `LINKED_SERVICE_NAME`) do - it { should exist } -end -``` - -### Test that a linked service does not exist - -```ruby -describe azure_data_factory_linked_service(resource_group: `RESOURCE_GROUP`, factory_name: `FACTORY_NAME`, linked_service_name: 'should not exit') do - it { should_not exist } -end -``` - -### Test properties of a linked service - -```ruby -describe azure_data_factory_linked_service(resource_group: `RESOURCE_GROUP`, name: 'FACTORY_NAME') do - its('name') { should eq linked_service_name1 } - its('type') { should eq 'Microsoft.DataFactory/factories/linkedservices' } - its('linked_service_type') { should eq 'MYSQL' } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_linked_services.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_linked_services.md deleted file mode 100644 index 14e6c92234..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_linked_services.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azure_data_factory_linked_services Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_linked_services" -identifier = "inspec/resources/azure/azure_data_factory_linked_services Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_linked_services` InSpec audit resource to test the properties related to linked services for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_factory_linked_services` resource block returns all Azure Linked Services, either within a resource group (if provided) or an entire Subscription. - -```ruby -describe (resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - #... -end -``` - -`resource_group` and `factory_name` are required parameters. - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`factory_name` -: Azure factory name for which linked services are retrieved. - -## Properties - -`names` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of Linked Services IDs. - -: **Field**: `id` - -`properties` -: A list of properties for the resource. - -: **Field**: `properties` - -`provisioning_states` -: The linked services provisioning state. - -: **Field**: `provisioning_state` - -`linked_service_types` -: The type of linked service resource. - -: **Field**: `linked_service_type` - -`type_properties` -: The linked service type of properties. - -: **Field**: `type_properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test if any linked services exist in the resource group - -```ruby -describe azure_data_factory_linked_services(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - it { should exist } - its('names') { should include "factory_name" } -end -``` - -### Test that there are not any linked services in a resource group - -```ruby -# Should not exist if no Linked Services are in the resource group. - -describe azure_data_factory_linked_services(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - it { should_not exist } -end -``` - -### Filter linked services in a resource group by properties - -```ruby -describe azure_data_factory_linked_services(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - its('names') { should include linked_service_name1 } - its('types') { should include 'Microsoft.DataFactory/factories/linkedservices' } - its('linked_service_types') { should include('MySql') } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline.md deleted file mode 100644 index fd2b672417..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "azure_data_factory_pipeline Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_pipeline" -identifier = "inspec/resources/azure/azure_data_factory_pipeline Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_pipeline` InSpec audit resource to test the properties of an Azure pipeline. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `pipeline_name`, or `factory_name` are required parameters. - -```ruby -describe azure_data_factory_pipeline(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', pipeline_name: 'PIPELINE_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`factory_name` -: Data factory name where you want to create your pipeline. - -`pipeline_name` -: The pipeline name. - -All the parameter sets need to be provided for a valid query: `resource_group` , `factory_name`, and `pipeline_name` - -## Properties - -`name` -: Name of the Azure resource to test. - -`id` -: The pipeline type. - -`properties` -: The properties of the resource. - -## Examples - -### Test that a pipeline exists - -```ruby -describe azure_data_factory_pipeline(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', pipeline_name: 'PIPELINE_NAME') do - it { should exist } -end -``` - -### Test that a pipeline does not exist - -```ruby -describe azure_data_factory_pipeline(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', pipeline_name: 'PIPELINE_NAME') do - it { should_not exist } -end - ``` - -### Test properties of a pipeline - -```ruby -describe azure_data_factory_pipeline(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', pipeline_name: 'PIPELINE_NAME') do - its('name') { should eq 'PIPELINE_NAME' } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline_run_resource.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline_run_resource.md deleted file mode 100644 index dadc699807..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline_run_resource.md +++ /dev/null @@ -1,102 +0,0 @@ -+++ -title = "azure_data_factory_pipeline_run_resource Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_pipeline_run_resource" -identifier = "inspec/resources/azure/azure_data_factory_pipeline_run_resource Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_pipeline_run_resource` InSpec audit resource to test the properties of an Azure Data Factory pipeline run. - -For additional information, see the [`Azure API documentation on Data Factory pipeline runs`](https://docs.microsoft.com/en-us/rest/api/datafactory/pipeline-runs/query-by-factory). - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_data_factory_pipeline_run_resource(resource_group: `RESOURCE_GROUP`, factory_name: `FACTORY_NAME`, run_id: `RUN_ID`) do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`factory_name` _(required)_ - -: The factory name. - -`run_id` _(required)_ - -: The name of the pipeline runs. - -## Properties - -`invokedBy.name` -: The unique resource names. - -`pipelineName` -: The pipeline name. - -`status` -: The status of a pipeline run. - -`runId` -: Identifiers of a run. - -`runStart` -: Start time of a pipeline run in ISO8601 format. - -`runEnd` -: End time of a pipeline run in ISO8601 format. - -`runStart` -: The properties of the resource. - -## Examples - -### Test properties of a pipeline runs - -```ruby -describe azure_data_factory_pipeline_run_resource(resource_group: `RESOURCE_GROUP`, name: 'FACTORY_NAME', run_id: `RUN_ID`) do - its('invokedBy.name') { should include 'INVOKED_BY_NAME' } - its('pipelineNames') { should include 'PIPELINE_NAME' } - its('status') { should include 'PIPELINE_STATUS' } -end -``` - -## Matchers - -### Test that a pipeline runs exists - -```ruby -describe azure_data_factory_pipeline_run_resource(resource_group: `RESOURCE_GROUP`, factory_name: `FACTORY_NAME`, run_id: `RUN_ID`) do - it { should exist } -end -``` - -### Test that a pipeline runs does not exist - -```ruby -describe azure_data_factory_pipeline_run_resource(resource_group: `RESOURCE_GROUP`, factory_name: `FACTORY_NAME`, run_id: 'RUN_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline_run_resources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline_run_resources.md deleted file mode 100644 index a0d332fd35..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipeline_run_resources.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "azure_data_factory_pipeline_run_resources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_pipeline_run_resources" -identifier = "inspec/resources/azure/azure_data_factory_pipeline_run_resources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_pipeline_run_resources` InSpec audit resource to test the properties of multiple Azure Data Factory pipeline runs for a resource group or the entire subscription. - -For additional information, see the [`API documentation on Azure Data Factory pipeline runs`](https://docs.microsoft.com/en-us/rest/api/datafactory/pipeline-runs/query-by-factory). - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_factory_pipeline_run_resources` resource block returns all Azure Data Factory pipeline runs. - -```ruby -describe azure_data_factory_pipeline_run_resources(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`factory_name` _(required)_ - -: Azure factory name for which pipeline runs are retrieved. - -## Properties - -`invokedBy_names` -: A list of the unique resource names. - -: **Field**: `invokedBy_name` - -`pipelineNames` -: A list of the pipeline names. - -: **Field**: `pipelineName` - -`statuses` -: The statuses of the pipeline runs. - -: **Field**: `status` - -`runIds` -: The list of identifiers of runs. - -: **Field**: `runId` - -`runStart` -: The list of start times of pipeline runs in ISO8601 format. - -: **Field**: `runStart` - -`runEnd` -: The list of end times of pipeline runs in ISO8601 format. - -: **Field**: `runEnd` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Filter pipeline runs in a resource group by properties - -```ruby -describe azure_data_factory_pipeline_run_resources(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - its('invokedBy_names') { should include 'INVOKED_BY_NAME' } - its('pipelineNames') { should include 'PIPELINE_NAME' } - its('statuses') { should include 'PIPELINE_STATUS' } -end -``` - -## Matchers - -### Test if any pipeline runs exist in the resource group - -```ruby -describe azure_data_factory_pipeline_run_resources(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - it { should exist } -end -``` - -### Test that there aren't any pipeline runs in a resource group - -```ruby -# Should not exist if no pipeline runs are in the resource group. - -describe azure_data_factory_pipeline_run_resources(resource_group: `RESOURCE_GROUP`, factory_name: 'FACTORY_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipelines.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipelines.md deleted file mode 100644 index e4f2eac5be..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_factory_pipelines.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "azure_data_factory_pipelines Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_factory_pipelines" -identifier = "inspec/resources/azure/azure_data_factory_pipelines Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_factory_pipelines` InSpec audit resource to test the properties related to a pipeline for a resource group or the entire subscription. - -## Azure Rest API Version, Endpoint, And HTTP Client Parameters - -This resource interacts with API versions supported by the resource provider. The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. For more information, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md" >}}). - -Unless defined, the `azure_cloud` global endpoint and default values for the HTTP client will be used. For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure/blob/main/README.md). For API related information, [`Azure pipeline Docs`](https://docs.microsoft.com/en-us/rest/api/datafactory/pipelines/list-by-factory). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_factory_pipelines` resource block returns all Azure pipelines, either within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_data_factory_pipelines(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - #... -end -``` - -`resource_group` and `factory_name` are required parameters. - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`factory_name` -: Azure Factory Name for which pipeline is being retrieved. - -## Properties - -`names` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of pipeline IDs. - -: **Field**: `id` - -`properties` -: A list of properties for the resource. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test if any pipeline exists in the resource group - -```ruby -describe azure_data_factory_pipelines(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - it { should exist } - its('names') { should include 'pipeline_name' } -end -``` - -### Test that there are not any pipelines in a resource group - -```ruby -# Should not exist if no pipelines is in the resource group. - -describe azure_data_factory_pipelines(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_filesystem.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_filesystem.md deleted file mode 100644 index 38523a384b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_filesystem.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "azure_data_lake_storage_gen2_filesystem Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_lake_storage_gen2_filesystem" -identifier = "inspec/resources/azure/azure_data_lake_storage_gen2_filesystem Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_lake_storage_gen2_filesystem` InSpec audit resource to test the properties related to Azure Data Lake Storage Gen2 Filesystem. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `account_name` are required parameters, and `dns_suffix` is an optional parameter. - -```ruby -describe azure_data_lake_storage_gen2_filesystem(account_name: 'ACCOUNT_NAME', name: 'FILE_SYSTEM') do - it { should exist } -end -``` - -```ruby -describe azure_data_lake_storage_gen2_filesystem(account_name: 'ACCOUNT_NAME', name: 'FILE_SYSTEM') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: Name of the Azure Data Lake Storage Gen2 to test. - -`account_name` _(required)_ - -: Azure storage account name. - -`dns_suffix` _(optional)_ - -: The DNS suffix for the Azure Data Lake Storage endpoint. - -## Properties - -`last_modified` -: Last modified timestamp of the resource. - -`etag` -: HTTP strong entity tag value. - -`x_ms_properties` -: Properties of the filesystem. - -`x_ms_namespace_enabled` -: Boolean string for namespace enablement. - -`x_ms_default_encryption_scope` -: Default encryption scope. - -`x_ms_deny_encryption_scope_override` -: Boolean string for deny encryption scope. - -`x_ms_request_id` -: Request ID. - -`x_ms_version` -: Version of the API. - -`date` -: Date string of the request. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/filesystem/get-properties) for other available properties. - -## Examples - -### Test that the Data Lake Storage Gen2 filesystem has namespace enabled - -```ruby -describe azure_data_lake_storage_gen2_filesystem(account_name: 'ACCOUNT_NAME', name: 'FILE_SYSTEM') do - its('x_ms_namespace_enabled') { should eq 'false' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Data Lake Storage Gen2 Filesystem is found, it exists. - -describe azure_data_lake_storage_gen2_filesystem(account_name: 'ACCOUNT_NAME', name: 'FILE_SYSTEM') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Ff the Data Lake Storage Gen2 Filesystem is not found, it exists. - -describe azure_data_lake_storage_gen2_filesystem(account_name: 'ACCOUNT_NAME', name: 'FILE_SYSTEM') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `contributor` role on the subscription and `Storage Blob Data Contributor` role on the **ADLS Gen2 Storage Account** you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_filesystems.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_filesystems.md deleted file mode 100644 index f8101317c2..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_filesystems.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "azure_data_lake_storage_gen2_filesystems Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_lake_storage_gen2_filesystems" -identifier = "inspec/resources/azure/azure_data_lake_storage_gen2_filesystems Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_lake_storage_gen2_filesystems` InSpec audit resource to test the properties related to all Azure Data Lake Storage Gen2 Filesystems within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_lake_storage_gen2_filesystems` resource block returns all Azure Data Lake Storage Gen2 filesystems within a project. - -```ruby -describe azure_data_lake_storage_gen2_filesystems(account_name: 'ACCOUNT_NAME') do - #... -end -``` - -## Parameters - -`account_name` _(required)_ - -: The Azure Storage account name. - -`dns_suffix` _(optional)_ - -: The DNS suffix for the Azure Data Lake Storage endpoint. - -## Properties - -`names` -: Unique names for all Azure Storage Account Filesystems. - -: **Field**: `name` - -`lastModifieds` -: Last modified timestamps of Azure Storage Account Filesystem. - -: **Field**: `lastModified` - -`eTags` -: A list of eTags for all the Azure Storage Account Filesystems. - -: **Field**: `eTag` - -`DefaultEncryptionScopes` -: A list of all Encryption scopes of the ADLS Filesystems. - -: **Field**: `DefaultEncryptionScope` - -`DenyEncryptionScopeOverrides` -: A list of all Deny Encryption Scope Overrides. - -: **Field**: `DenyEncryptionScopeOverrides` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/filesystem/list) for other available properties. - -## Examples - -### Loop through Data Lake Storage Gen2 Filesystems by their names and verify that each exists - -```ruby -azure_data_lake_storage_gen2_filesystems(account_name: 'ACCOUNT_NAME').names.each do |name| - describe azure_data_lake_storage_gen2_filesystem(account_name: 'ACCOUNT_NAME', name: name) do - it { should exist } - end -end -``` - -### Test To ensure Data Lake Storage Gen2 Filesystems With ‘$account-encryption-key' encryption scope - -```ruby -describe azure_data_lake_storage_gen2_filesystems(account_name: 'ACCOUNT_NAME').where(DefaultEncryptionScope: '$account-encryption-key') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Data Lake Storage Gen2 filesystems are present in the project and the resource group. - -describe azure_data_lake_storage_gen2_filesystems(account_name: 'ACCOUNT_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Data Lake Storage Gen2 filesystem in the project and the resource group. - -describe azure_data_lake_storage_gen2_filesystems(account_name: 'ACCOUNT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_path.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_path.md deleted file mode 100644 index cb9db403e1..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_path.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "azure_data_lake_storage_gen2_path Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_lake_storage_gen2_path" -identifier = "inspec/resources/azure/azure_data_lake_storage_gen2_path Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_lake_storage_gen2_path` InSpec audit resource to test the properties related to Azure Data Lake Storage Gen2 Filesystem. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_data_lake_storage_gen2_path(account_name: 'ACCOUNT_NAME', filesystem: 'FILE_SYSTEM', name: 'PATHNAME') do - it { should exist } -end -``` - -```ruby -describe azure_data_lake_storage_gen2_path(account_name: 'ACCOUNT_NAME', filesystem: 'FILE_SYSTEM', name: 'PATH') do - it { should exist } -end -``` - -## Parameters - -`filesystem` _(required)_ -: The filesystem identifier. - -`account_name` _(required)_ -: Azure Storage account name. - -`name` _(required)_ -: The file or directory path. - -`dns_suffix` _(optional)_ -: The DNS suffix for the Azure Data Lake Storage endpoint. - -## Properties - -`last_modified` -: Last modified timestamp of the resource. - -`etag` -: HTTP strong entity tag value. - -`x_ms_properties` -: Properties of the filesystem. - -`x_ms_request_id` -: Request ID. - -`x_ms_version` -: API version. - -`date` -: Date string of the request. - -`content_length` -: Content-Length of the file. - -`content_type` -: Content type. - -`content_md5` -: MD5 of the content uploaded. - -`accept_ranges` -: File size described measurement. `bytes`. - -`x_ms_resource_type` -: Resource type of the uploaded. `file`. - -`x_ms_lease_state` -: If the file is available or not. - -`x_ms_lease_status` -: Status of the lease. - -`x_ms_server_encrypted` -: If the file is encrypted on the server. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/get-properties) for other available properties. - -## Examples - -### Test that the Data Lake Storage Gen 2 Filesystem Path is server encrypted - -```ruby -describe azure_data_lake_storage_gen2_path(account_name: 'ACCOUNT_NAME', filesystem: 'FILE_SYSTEM', name: 'PATHNAME') do - its('x_ms_server_encrypted') { should eq 'true' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Data Lake Storage Gen 2 Filesystem is found, it will exist. - -describe azure_data_lake_storage_gen2_path(account_name: 'ACCOUNT_NAME', filesystem: 'FILE_SYSTEM', name: 'PATHNAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Data Lake Storage Gen 2 Filesystem is not found, it will not exist. - -describe azure_data_lake_storage_gen2_path(account_name: 'ACCOUNT_NAME', filesystem: 'FILE_SYSTEM', name: 'PATHNAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `contributor` role on the subscription and `Storage Blob Data Contributor` role on the **ADLS Gen2 Storage Account** you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_paths.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_paths.md deleted file mode 100644 index 5c754b473e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_data_lake_storage_gen2_paths.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "azure_data_lake_storage_gen2_paths Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_data_lake_storage_gen2_paths" -identifier = "inspec/resources/azure/azure_data_lake_storage_gen2_paths Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_data_lake_storage_gen2_paths` InSpec audit resource to test the properties related to all Azure Data Lake Storage Gen2 Filesystem paths within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_data_lake_storage_gen2_paths` resource block returns all Azure Data Lake Storage Gen2 Filesystem paths within a project. - -```ruby -describe azure_data_lake_storage_gen2_paths(account_name: 'ACCOUNT_NAME', filesystem: 'ADLS FILESYSTEM') do - #... -end -``` - -## Parameters - -`account_name` _(required)_ -: The Azure Storage account name. - -`filesystem` _(required)_ -: The filesystem identifier. - -`dns_suffix` _(optional)_ -: The DNS suffix for the Azure Data Lake Storage endpoint. - -## Properties - -`names` -: Unique names for all the paths in the Filesystem. - -: **Field**: `name` - -`lastModifieds` -: Last modified timestamps of all the paths in the Filesystem. - -: **Field**: `lastModified` - -`eTags` -: A list of eTags for all the paths in the Filesystem. - -: **Field**: `eTag` - -`contentLengths` -: A list of Content-Length of all the paths in the Filesystem. - -: **Field**: `contentLength` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/list) for other available properties. - -## Examples - -### Loop through Data Lake Storage Gen2 Filesystem paths by their names - -```ruby -azure_data_lake_storage_gen2_paths(account_name: 'ACCOUNT_NAME', filesystem: 'ADLS FILESYSTEM').names.each do |name| - describe azure_data_lake_storage_gen2_path(account_name: 'ACCOUNT_NAME', filesystem: 'ADLS FILESYSTEM', name: name) do - it { should exist } - end -end -``` - -### Test to ensure Data Lake Storage Gen2 Filesystem paths with file size greater than 2 MB - -```ruby -describe azure_data_lake_storage_gen2_paths(account_name: 'ACCOUNT_NAME', filesystem: 'ADLS FILESYSTEM').where{ contentLength > 2097152 } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Data Lake Storage Gen2 Filesystems are present in the project and in the resource group. - -describe azure_data_lake_storage_gen2_paths(account_name: 'ACCOUNT_NAME', filesystem: 'ADLS FILESYSTEM') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate Assessment in the project and in the resource group. - -describe azure_data_lake_storage_gen2_paths(account_name: 'ACCOUNT_NAME', filesystem: 'ADLS FILESYSTEM') do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `contributor` role on the subscription and `Storage Blob Data Contributor` role on the ADLS Gen2 Storage Account you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_db_migration_service.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_db_migration_service.md deleted file mode 100644 index 9d424bda3c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_db_migration_service.md +++ /dev/null @@ -1,140 +0,0 @@ -+++ -title = "azure_db_migration_service Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_db_migration_service" -identifier = "inspec/resources/azure/azure_db_migration_service Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_db_migration_service` InSpec audit resource to test the properties related to a Azure DB Migration Service. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `service_name` are required parameter. - -```ruby -describe azure_db_migration_service(resource_group: 'RESOURCE_GROUP', service_name: 'SERVICE_NAME') do - it { should exist } - its('name') { should cmp 'inspec-cloud-pack-test' } - its('type') { should cmp 'Microsoft.DataMigration/services' } - its('sku.name') { should cmp 'Basic_1vCore' } - its('sku.size') { should cmp '1 vCore' } - its('location') { should cmp 'southcentralus' } -end -``` - -```ruby -describe azure_db_migration_service(resource_group: 'RESOURCE_GROUP', service_name: 'SERVICE_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`service_name` -: Name of the Azure DB Migration service to test. - -The parameter set should be provided for a valid query: `resource_group` and `service_name`. - -## Properties - -`id` -: Resource ID. - -`name` -: DB Migration Service Name. - -`location` -: DB Migration Service Location. - -`type` -: Resource type. - -`kind` -: The resource kind. - -`etag` -: HTTP strong entity tag value. Ignored if submitted. - -`sku.name` -: The unique name of the SKU, such as 'P3'. - -`sku.size` -: The size of the SKU, used when the name alone does not denote a service size or when a SKU has multiple performance classes within a family. For example, 'A1' for virtual machines. - -`sku.tier` -: The tier of the SKU, such as 'Free', 'Basic', 'Standard', or 'Premium'. - -`tags` -: Resource tags. - -`properties.provisioningState` -: The resource's provisioning state. - -`properties.virtualSubnetId` -: The ID of the `Microsoft.Network/virtualNetworks/subnets` resource to which the service should be joined. - -`properties.virtualNicId` -: The ID of the Azure Network Interface. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/datamigration/services/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -```ruby -describe azure_db_migration_service(resource_group: 'RESOURCE_GROUP', service_name: 'NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -```ruby -describe azure_db_migration_service(resource_group: 'RESOURCE_GROUP', service_name: 'NAME') do - its('sku.name') { should 'Standard_1vCores' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a azure_db_migration_service is found, it will exist. - -describe azure_db_migration_service(resource_group: 'RESOURCE_GROUP', service_name: 'NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# azure_db_migration_services that aren't found, will not exist. - -describe azure_db_migration_service(resource_group: 'RESOURCE_GROUP', service_name: 'NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_db_migration_services.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_db_migration_services.md deleted file mode 100644 index 3955b9ea54..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_db_migration_services.md +++ /dev/null @@ -1,168 +0,0 @@ -+++ -title = "azure_db_migration_services Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_db_migration_services" -identifier = "inspec/resources/azure/azure_db_migration_services Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_db_migration_services` InSpec audit resource to test the properties related to Azure DB Migration Service for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_db_migration_services` resource block returns all Azure DB Migration Services within a resource group. - -```ruby -describe azure_db_migration_services(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -or - -```ruby -describe azure_db_migration_services(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the resource names. - -: **Field**: `name` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`locations` -: A list of locations for all the resources. - -: **Field**: `location` - -`kinds` -: A list of kinds for all the resources. - -: **Field**: `kind` - -`etags` -: A list of HTTP strong entity tag values. - -: **Field**: `etag` - -`tags` -: A list of resource tags. - -: **Field**: `tags` - -`sku_names` -: A list of SKU names. - -: **Field**: `sku_name` - -`sku_sizes` -: A list of SKU sizes. - -: **Field**: `sku_sizes` - -`sku_tiers` -: A list of SKU tiers. - -: **Field**: `sku_tiers` - -`provisioning_states` -: A list of provisioning_states from the properties. - -: **Field**: `provisioning_state` - -`virtual_nic_ids` -: A list of virtual nic IDs from the properties. - -: **Field**: `virtual_nic_id` - -`virtual_subnet_ids` -: A list of virtual subnet IDs from the properties. - -: **Field**: `virtual_subnet_id` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through DB Migration Services by their names - -```ruby -azure_db_migration_services(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_db_migration_service(service_name: name) do - it { should exist } - end -end -``` - -### Test that there are DB Migration Services that includes a certain string in their names (Client Side Filtering) - -```ruby -describe azure_db_migration_services(resource_group: 'my-rg').where { name.include?('UAT') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no db migration service are in the resource group. - -describe azure_db_migration_services(resource_group: 'my-rg') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one db migration service. - -describe azure_db_migration_services(resource_group: 'my-rg') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md deleted file mode 100644 index 11afdf7951..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "azure_ddos_protection_resource Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_ddos_protection_resource" -identifier = "inspec/resources/azure/azure_ddos_protection_resource Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_ddos_protection_resource` InSpec audit resource to test the properties of a DDoS protection plan resource. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and the DDoS protection plan resource `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do - it { should exist } -end -``` - -## Parameters - -| Name | Description | -|--------------------------------|--------------------------------------------------------------| -| resource_group | Azure resource group where the targeted resource resides. | -| name | Name of the Azure DDoS protection plan resource to test. | -| resource_id | The Azure DDoS protection plan resource ID to test. | - -## Properties - -`name` -: Name of the Azure DDoS protection plan resource to test. - -`type` -: The resource type. - -`provisioning_state` -: The provisioning state of the DDoS protection plan. Valid values: `Deleting`, `Failed`, `Succeeded`, and `Updating`. - -`virtual_networks` -: The list of virtual networks associated with the DDoS protection plan resource. - -`resource_guid` -: The resource GUID property of the DDoS protection plan resource. It uniquely identifies the resource, even if the user changes its name or migrates the resource across subscriptions or resource groups. - -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/ddos-protection-plans/get) -for other properties available. Access any attribute in the response by separating the key names with a period (`.`). - -## Examples - -### Test to ensure that the DDoS protection plan resource has the correct type - -```ruby -describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do - its('type') { should eq 'Microsoft.Network/ddosProtectionPlans' } -end -``` - -### Test to ensure that the DDoS protection plan resource is in a successful state - -```ruby -describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do - its('provisioning_state') { should eq 'Succeeded' } -end -``` - -### Test to ensure that the DDoS protection plan resource is from the same location - -```ruby -describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do - its('location') { should eq `RESOURCE_LOCATION` } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a DDoS protection plan resource is found, it will exist. - -describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# DDoS protection plan resources that aren't found, will not exist. - -describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md deleted file mode 100644 index 72ce3d4312..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "azure_ddos_protection_resources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_ddos_protection_resources" -identifier = "inspec/resources/azure/azure_ddos_protection_resources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_ddos_protection_resources` InSpec audit resource to test the properties of DDoS protection plans in a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_ddos_protection_resources` resource block returns all Azure bastion hosts, within a resource group (if provided). - -```ruby -describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do - #.... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -## Properties - -`names` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of DDoS protection plan IDs. - -: **Field**: `id` - -`virtual_networks` -: The list of virtual networks associated with the DDoS protection plan resource. - -: **Field**: `virtual_networks` - -`provisioning_states` -: The provisioning states of the DDoS protection plans. - -: **Field**: `provisioning_state` - -`types` -: The types of all the DDoS protection plans. - -: **Field**: `type` - -`resource_guids` -: The resource GUID property of the DDoS protection plan resource. It uniquely identifies the resource, even if the user changes its name or migrates the resource across subscriptions or resource groups. - -: **Field**: `resource_guid` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/ddos-protection-plans/list) for all available properties. Access any attribute in the response by separating the key names with a period (`.`). - -## Examples - -### Test to ensure that the DDoS protection plan resource is in a successful state - -```ruby -describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do - its('provisioning_states') { should include('Succeeded') } -end -``` - -### Test to ensure that a DDoS protection plan resource is from a location - -```ruby -describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do - its('location') { should include `RESOURCE_LOCATION` } -end -``` - -### Test if any DDoS protection plan exists in the resource group - -```ruby -describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no bastion hots are in the resource group. - -describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_dns_zones_resource.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_dns_zones_resource.md deleted file mode 100644 index 520b5c5541..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_dns_zones_resource.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_dns_zones_resource Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_dns_zones_resource" -identifier = "inspec/resources/azure/azure_dns_zones_resource Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_dns_zones_resource` InSpec audit resource to test the properties of an Azure DNS zone. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource requires either the `resource_group`, and DNS zone resource `name` or the `resource_id`. - -```ruby -describe azure_dns_zones_resource(resource_group: 'RESOURCE_GROUP_NAME', name: 'DNS_ZONE_NAME') do - it { should exist } -end -``` - -Or - -```ruby -describe azure_dns_zones_resource(resource_id: 'DNS_ZONE_RESOURCE_ID') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the DNS zone to test. - -`resource_id` -: The resource ID of the DNS zone to test. - -The `resource_group` and `name`, or the `resource_id` are required parameters. - -## Properties - -`name` -: Name of the Azure resource to test. - -`type` -: The type of DNS zone. - -`max_number_of_recordsets` -: The maximum number of record sets that can be created in this DNS zone. - -`number_of_record_sets` -: The current number of record sets in this DNS zone. - -`name_servers` -: The name servers for this DNS zone. - -`properties` -: The properties of the Azure DNS zone resource. - -`location` -: The DNS zone resource location. - -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/dns/zones/get) -for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that the Azure DNS zone resource has the correct resource type - -```ruby -describe azure_dns_zones_resource(resource_group: 'RESOURCE_GROUP_NAME', name: 'DNS_ZONE_NAME') do - its('type') { should eq 'Microsoft.Network/dnszones' } -end -``` - -### Test that the location of the Azure DNS zone resource is 'global' - -```ruby -describe azure_dns_zones_resource(resource_group: 'RESOURCE_GROUP_NAME', name: 'DNS_ZONE_NAME') do - its('location') { should eq 'global' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a DNS Zone resource is found, it will exist. - -describe azure_dns_zones_resource(resource_group: 'RESOURCE_GROUP_NAME', name: 'DNS_ZONE_NAME') do - it { should exist } -end - -# DNS Zone resources that aren't found, will not exist. - -describe azure_dns_zones_resource(resource_group: 'RESOURCE_GROUP_NAME', name: 'DNS_ZONE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_dns_zones_resources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_dns_zones_resources.md deleted file mode 100644 index 44af42f116..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_dns_zones_resources.md +++ /dev/null @@ -1,137 +0,0 @@ -+++ -title = "azure_dns_zones_resources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_dns_zones_resources" -identifier = "inspec/resources/azure/azure_dns_zones_resources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_dns_zones_resources` InSpec audit resource to test the properties related to all Azure DNS zones for a resource group or an entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_dns_zones_resources` resource block returns all Azure DNS Zones within a resource group. - -```ruby -describe azure_dns_zones_resources do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`name` -: A list of the unique resource names. - -: **Field**: `name` - -`ids` -: A list of DNS zone IDs. - -: **Field**: `id` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`types` -: A list of the types of all DNS zones. - -: **Field**: `type` - -`properties` -: A list of the properties of the Azure DNS zone resources. - -: **Field**: `properties` - -`max_number_of_recordsets` -: A list of the maximum number of records per record set that can be created in the DNS zones. - -: **Field**: `max_number_of_recordsets` - -`number_of_record_sets` -: A list of the current number of record sets in the DNS zones. - -: **Field**: `number_of_record_sets` - -`name_servers` -: A list of the name servers for the DNS zones. - -: **Field**: `name_servers` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that a DNS zone has the correct type - -```ruby -describe azure_dns_zones_resources do - its('type') { should include 'Microsoft.Network/dnszones' } -end -``` - -### Test that a DNS zone resource has a 'Succeeded' provisioning state - -```ruby -describe azure_dns_zones_resources do - its('provisioning_states') { should include 'Succeeded' } -end -``` - -### Test that a DNS zone has the 'global' location - -```ruby -describe azure_dns_zones_resources do - its('location') { should include 'global' } -end -``` - -### Test if any Azure DNS zone exists in the resource group - -```ruby -describe azure_dns_zones_resources do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -Test that there are not any Azure DNS zones in the resource group. - -```ruby -describe azure_dns_zones_resources do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_authorization_rule.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_authorization_rule.md deleted file mode 100644 index 370fe6e847..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_authorization_rule.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "azure_event_hub_authorization_rule Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_event_hub_authorization_rule" -identifier = "inspec/resources/azure/azure_event_hub_authorization_rule Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_event_hub_authorization_rule` InSpec audit resource to test the properties and configuration of an Azure Event Hub Authorization Rule within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `namespace_name`, `event_hub_endpoint` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_event_hub_authorization_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', event_hub_endpoint: 'HUB_NAME', name: 'AUTH_RULE') do - it { should exist } -end -``` - -```ruby -describe azure_event_hub_authorization_rule(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}/eventhubs/{eventHubName}/authorizationRules/{authorizationRuleName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`namespace_name` -: The unique name of the Event Hub Namespace. - -`event_hub_endpoint` -: The unique name of the Event Hub Name. - -`name` -: The unique name of the targeted resource. - -`authorization_rule` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `namespace_name`, `event_hub_endpoint`, and `name` -- `resource_group`, `namespace_name`, `event_hub_endpoint`, and `authorization_rule` - -## Properties - -`properties.rights` -: The list of rights associated with the rule. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/stable/authorization-rules-event-hubs/get-authorization-rule?tabs=HTTP) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the name of an Authorization Rule - -```ruby -describe azure_event_hub_authorization_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', event_hub_endpoint: 'HUB_NAME', name: 'AUTH_RULE') do - its('name') { should cmp 'my-auth-rule' } -end -``` - -```ruby -describe azure_event_hub_authorization_rule(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}/eventhubs/{eventHubName}/authorizationRules/{authorizationRuleName}') do - its('name') { should cmp 'my-auth-rule' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_event_hub_authorization_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', event_hub_endpoint: 'HUB_NAME', name: 'AUTH_RULE') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource not to exist. - -describe azure_event_hub_authorization_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', event_hub_endpoint: 'HUB_NAME', name: 'AUTH_RULE') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_event_hub.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_event_hub.md deleted file mode 100644 index ea90ef1ee0..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_event_hub.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "azure_event_hub_event_hub Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_event_hub_event_hub" -identifier = "inspec/resources/azure/azure_event_hub_event_hub Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_event_hub_event_hub` InSpec audit resource to test the properties of an Azure Event Hub description within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `namespace_name` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_event_hub_event_hub(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', name: 'HUB_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_event_hub_event_hub(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}/eventhubs/{eventHubName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`namespace_name` -: The unique name of the Event Hub Namespace. - -`name` -: The unique name of the targeted resource. - -`event_hub_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `namespace_name` and `name` -- `resource_group`, `namespace_name` and `event_hub_name` - -## Properties - -`properties.messageRetentionInDays` -: Number of days to retain the events for this Event Hub. The value should be 1 to 7 days. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/get-event-hub) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the message retention time of an event hub - -```ruby -describe azure_event_hub_event_hub(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', name: 'HUB_NAME') do - its('properties.messageRetentionInDays') { should cmp 4 } -end -``` - -```ruby -describe azure_event_hub_event_hub(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}/eventhubs/{eventHubName}') do - its('properties.messageRetentionInDays') { should cmp 4 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_event_hub_event_hub(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', name: 'HUB_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource not to exist. - -describe azure_event_hub_event_hub(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME', name: 'HUB_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md deleted file mode 100644 index 06e4d4e447..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "azure_event_hub_namespace Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_event_hub_namespace" -identifier = "inspec/resources/azure/azure_event_hub_namespace Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_event_hub_namespace` InSpec audit resource to test the properties and configuration of an Azure Event Hub Namespace within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', name: 'EVENT_HUB_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_event_hub_namespace(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the Event Hub Namespace. - -`namespace_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `namespace_name` - -## Properties - -`properties.kafkaEnabled` -: Value that indicates whether Kafka is enabled for Eventhub Namespace. - -For parameters applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/preview/namespaces/get?tabs=HTTP) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if Kafka is enabled for an Eventhub Namespace - -```ruby -describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', name: 'EVENT_HUB_NAME') do - its('properties.kafkaEnabled') { should be true } -end -``` - -```ruby -describe azure_event_hub_namespace(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}') do - its('properties.kafkaEnabled') { should be true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', name: 'EVENT_HUB_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource not to exist. - -describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', name: 'EVENT_HUB_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_circuit.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_circuit.md deleted file mode 100644 index d41414a57f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_circuit.md +++ /dev/null @@ -1,167 +0,0 @@ -+++ -title = "azure_express_route_circuit Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_express_route_circuit" -identifier = "inspec/resources/azure/azure_express_route_circuit Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_express_route_circuit` InSpec audit resource to test the properties of an Azure ExpressRoute circuit resource. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource requires the `resource_group` and ExpressRoute circuit `circuit_name` parameters, or the `resource_id` parameter for a valid query. - -```ruby -describe azure_express_route_circuit(resource_group: 'RESOURCE_GROUP', circuit_name: 'EXPRESS_CIRCUIT_NAME') do - it { should exist } -end -``` - -or - -```ruby -describe azure_express_route_circuit(resource_id: 'RESOURCE_ID') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: The Azure resource group where the targeted resource resides. - -`circuit_name` -: The name of the ExpressRoute circuit. - -`resource_id` -: The resource ID of the ExpressRoute circuit. - -Provide the `resource_group` and `name` parameters, or the `resource_id` parameter for a valid query. - -## Properties - -`resource_group` -: The name of the resource group where the ExpressRoute circuit resource resides. - -`name` -: The name of the ExpressRoute circuit. - -`type` -: The ExpressRoute circuit type. - -`provisioning_state` -: The provisioning state of ExpressRoute circuit resource. - -`location` -: The location of the ExpressRoute circuit resource. - -`service_provider_properties_bandwidth_in_mbps` -: The bandwidth in Mbps of the circuit when the circuit is provisioned on an ExpressRoutePort resource. - -`service_provider_properties_peering_location` -: The ExpressRoute circuit resource service provider peering location. - -`service_provider_properties_name` -: The name of the ExpressRoute circuit service provider name. - -`service_provider_provisioning_state` -: The service provider provisioning state of the ExpressRoute circuit resource. Possible values are `NotProvisioned`, `Provisioning`, `Provisioned`, and `Deprovisioning`. - -`service_key` -: The ServiceKey. - -`stag` -: The identifier of the circuit traffic. Outer tag for `QinQ` encapsulation. - -`global_reach_enabled` -: Flag denoting global reach status. `boolean`. - -`allow_global_reach` -: Flag to enable Global Reach on the ExpressRoute circuit. `boolean`. - -`gateway_manager_etag` -: The GatewayManager Etag. - -`allow_classic_operations` -: Whether `Allow Classic Operations` is set to `true` or `false`. - -`circuit_provisioning_state` -: The `CircuitProvisioningState` state of the resource. - -`sku_name` -: The name of the SKU. - -`sku_tier` -: The tier of the SKU. Possible values are `Basic`, `Local`, `Standard`, or `Premium`. - -`sku_family` -: The family of the SKU. Possible values are: `UnlimitedData` and `MeteredData`. - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/expressroute/express-route-circuits/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test an ExpressRoute circuit resource has the correct type - -```ruby -describe azure_express_route_circuit(resource_group: 'RESOURCE_GROUP', circuit_name: 'EXPRESS_CIRCUIT_NAME') do - its('type') { should eq 'Microsoft.Network/expressRouteCircuits' } -end -``` - -### Test an ExpressRoute circuit resource is in a successful state - -```ruby -describe azure_express_route_circuit(resource_group: 'RESOURCE_GROUP', circuit_name: 'EXPRESS_CIRCUIT_NAME') do - its('provisioning_state') { should eq 'Succeeded' } -end -``` - -### Test the location of an ExpressRoute circuit resource - -```ruby -describe azure_express_route_circuit(resource_group: 'RESOURCE_GROUP', circuit_name: 'EXPRESS_CIRCUIT_NAME') do - its('location') { should eq 'RESOURCE_LOCATION' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If an express circuit resource is found, it will exist. - -describe azure_express_route_circuit(resource_group: 'RESOURCE_GROUP', circuit_name: 'EXPRESS_CIRCUIT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If an express circuit resources that aren't found, will not exist. - -describe azure_express_route_circuit(resource_group: 'RESOURCE_GROUP', circuit_name: 'DOESNOTEXIST') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_circuits.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_circuits.md deleted file mode 100644 index dcb28c4518..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_circuits.md +++ /dev/null @@ -1,187 +0,0 @@ -+++ -title = "azure_express_route_circuits Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_express_route_circuits" -identifier = "inspec/resources/azure/azure_express_route_circuits Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_express_route_circuits` InSpec audit resource to test the properties of Azure ExpressRoute circuits for a resource group. - -## Azure Rest API Version, Endpoint, And HTTP Client Parameters - -This resource interacts with API versions supported by the resource provider. The `api_version` can be defined as a resource parameter. -If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md" >}}). - -Unless defined, `azure_cloud` global endpoint and default values for the HTTP client is used. For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure/blob/main/README.md). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_express_route_circuits` resource block returns all Azure ExpressRoute circuits within a resource group. - -```ruby -describe azure_express_route_circuits(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` -: The Azure resource group where the targeted resources resides. - -## Properties - -`names` -: A list of name the resource group in which to create the ExpressRoute circuit. - -: **Field**: `name` - -`ids` -: A list of the ExpressRoute circuit IDs. - -: **Field**: `id` - -`tags` -: A list of `tag:value` pairs of the ExpressRoute circuit resources. - -: **Field**: `tags` - -`provisioning_states` -: The provisioning states of the ExpressRoute circuit resources. - -: **Field**: `provisioning_state` - -`types` -: The types of all the ExpressRoute circuit resources. - -: **Field**: `type` - -`locations` -: The locations of the ExpressRoute circuit resources. - -: **Field**: `location` - -`service_provider_bandwidth_in_mbps` -: A list of the bandwidths in Mbps of the circuits when a circuit is provisioned on an `ExpressRoutePort` resource. - -: **Field**: `service_provider_bandwidth_in_mbps` - -`service_provider_peering_locations` -: A list of The name of the peering location and not the Azure resource location. - -: **Field**: `service_provider_peering_location` - -`service_provider_names` -: The name of the ExpressRoute Service Provider. - -: **Field**: `service_provider_name` - -`service_keys` -: The ServiceKeys of the ExpressRoute circuit resources. - -: **Field**: `service_key` - -`stags` -: The identifiers of the circuit traffic. Outer tag for `QinQ` encapsulation. - -: **Field**: `stag` - -`global_reach_enabled` -: A list of the ExpressRoute circuit that denotes global reach enable status. - -: **Field**: `global_reach_enabled` - -`gateway_manager_etags` -: A list of the `GatewayManager` Etags in the ExpressRoute circuit resources. - -: **Field**: `gateway_manager_etag` - -`allow_classic_operations` -: A list of indicating whether `Allow Classic Operations` in the ExpressRoute circuit resources is set to `true` or `false`. - -: **Field**: `allow_classic_operation` - -`circuit_provisioning_states` -: A list of State of express `circuitHostName` creation. Valid values are `Enabled` or `Disabled`. - -: **Field**: `circuit_provisioning_state` - -`sku_names` -: A list of the SKU names of the ExpressRoute circuits. - -: **Field**: `sku_name` - -`sku_tiers` -: A list of the SKU tiers of the ExpressRoute circuits. Possible values are `Basic`, `Local`, `Standard`, or `Premium`. - -: **Field**: `sku_tier` - -`sku_family` -: A list of the SKU families of the ExpressRoute circuits. Possible values are: `UnlimitedData` and `MeteredData`. - -: **Field**: `sku_family` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/expressroute/express-route-circuits/list?tabs=HTTP) for other available properties. - -## Examples - -### Ensure that an ExpressRoute circuit has a 'Succeeded' provisioning state - -```ruby -describe azure_express_route_circuits(resource_group: 'RESOURCE_GROUP') do - its('provisioning_states') { should include 'Succeeded' } -end -``` - -### Test than an ExpressRoute circuit has a specific location - -```ruby -describe azure_express_route_circuits(resource_group: 'RESOURCE_GROUP') do - its('location') { should include 'EXPRESS_ROUTE_CIRCUIT_LOCATION' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should exist if express_route_circuits are in the resource group. - -describe azure_express_route_circuits(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Should not exist if no express_route_circuits are in the resource group - -describe azure_express_route_circuits(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_providers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_providers.md deleted file mode 100644 index caac8501f3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_express_route_providers.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "azure_express_route_providers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_express_route_providers" -identifier = "inspec/resources/azure/azure_express_route_providers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_express_route_providers` InSpec audit resource to test the properties related to azure_express_route for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_express_route_providers` resource block returns all Azure azure_express_route, either within a resource group (if provided) or an entire Subscription. - -```ruby -describe azure_express_route_providers do - #... -end -``` - -Or - -```ruby - -describe azure_express_route_providers(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`names` -: A list of the unique resource IDs. - -: **Field**: `name` - -`types` -: A list of all the azure_express_route. - -: **Field**: `type` - -`ids` -: A list of id for all the azure_express_route. - -: **Field**: `id` - -`tags` -: A list of all the express_route names. - -: **Field**: `tag` - -`provisioning_states` -: A list of the status of the request. - -: **Field**: `provisioning_state` - -`peering_locations_list` -: A list of `peering locations` pairs defined on the resources. - -: **Field**: `locations` - -`bandwidths_offered_list` -: A list of `bandwidths offered` pairs defined on the resources. - -: **Field**: `bandwidths` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test if any azure_express_route exists in the resource group - -```ruby -describe azure_express_route_providers(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -describe azure_express_route_providers do - it { should exist } -end -``` - -### Test that there are express_route that includes a string in names (Server Side Filtering via Generic Resource - Recommended) - -```ruby -describe azure_generic_resources(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -```ruby -# Should not exist if no azure_express_route is in the resource group. - -describe azure_express_route_providers(resource_group: 'RESOURCE_GROUP') do - its('provisioning_states') { should include('Succeeded') } - its('peering_locations_list') { should include(["Melbourne", "Sydney"]) } - its('bandwidths_offered_list') { should include('bandwidths_offered') } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_generic_resource.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_generic_resource.md deleted file mode 100644 index e6cbcf823a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_generic_resource.md +++ /dev/null @@ -1,207 +0,0 @@ -+++ -title = "azure_generic_resource Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_generic_resource" -identifier = "inspec/resources/azure/azure_generic_resource Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_generic_resource` Inspec audit resource to test any valid Azure resource available through Azure Resource Manager. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_generic_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('property') { should eq 'value' } -end -``` - -where: - -- Resource parameters are used to query the Azure Resource Manager endpoint for the resource to be tested. -- `property` - This generic resource dynamically creates the properties on the fly based on the resource type that has been targeted. -- `value` - the expected output from the chosen property. - -## Parameters - -The following parameters can be passed for targeting a specific Azure resource. - -`resource_group` -: Azure resource group where the targeted resource has been created. - -`name` -: Name of the Azure resource to test. - -`resource_provider` -: Azure resource provider of the resource to be tested. - -`resource_path` -: Relative path to the resource if it is defined on another resource. The resource path of a subnet in a virtual network would be: `{virtualNetworkName}/subnets`. - -`resource_id` -: Unique ID of Azure resource to be tested. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}`. - -`resource_uri` -: Azure REST API URI of the resource to be tested. This parameter should be used when a resource does not reside in a resource group. It requires `add_subscription_id` and `name` parameters to be provided together. `/providers/Microsoft.Authorization/policyDefinitions/`. - -`add_subscription_id` -: Indicates whether the `resource_uri` contains the subscription ID. `true` or `false`. - -`tag_name*` -: Tag name defined on the Azure resource. `name`. - -`tag_value` -: Tag value of the tag defined with the `tag_name`. `external_linux`. - -`api_version` -: API version to use when interrogating the resource. If not set or the resource provider does not support the provided API version, then the latest version for the resource provider will be used. `2017-10-9`, `latest`, and `default`. - -* When resources are filtered by a tag name and value, the tags for each resource are not returned in the results. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `name` -- `resource_group`, `resource_provider` and `name` -- `resource_group`, `resource_provider`, `resource_path` and `name` -- `add_subscription_id`, `resource_uri` and `name` -- `tag_name` and `tag_value` - -Different parameter combinations can be tried. If it is not supported, the InSpec resource or the Azure Rest API will raise an error. - -If the Azure Resource Manager endpoint returns multiple resources for a given query, this singular generic resource will fail. In that case, the [plural generic resource]({{< relref "azure_generic_resources.md" >}}) should be used. - -## Properties - -The properties that can be tested are dependent on the Azure resource that is tested. One way to see what properties can be tested is by checking their API pages. For example, the [virtual machines API documentation](https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get). - -Also, the [Azure Resources Portal](https://resources.azure.com) can be used to select the resource you are interested in and see what can be tested. - -The following properties apply to almost all resources. - -`id` -: The unique resource identifier. - -`name` -: The name of the resource. - -`type` -: The resource type. - -`location` -: The location of the resource. - -`tags` -: The tag `key:value pairs` if defined on the resource. - -`properties` -: The resource properties. - -For more properties, refer to specific Azure documents for the tested resource. - -## Examples - -### Test properties of a virtual machine and the endpoint API version - -```ruby -describe azure_generic_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.storageProfile.osDisk.osType') { should cmp 'Linux' } - its('properties.storageProfile.osDisk.createOption') { should cmp 'FromImage' } - its('properties.storageProfile.osDisk.name') { should cmp 'linux-external-osdisk' } - its('properties.storageProfile.osDisk.caching') { should cmp 'ReadWrite' } - - its('api_version_used_for_query_state') { should eq 'latest' } -end -``` - -### Test to ensure that the API version is used for the Query - -```ruby -describe azure_generic_resource(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}', api_version: '2017-01-01') do - its('api_version_used_for_query_state') { should eq 'user_provided' } - its('api_version_used_for_query') { should eq '2017-01-01' } -end -``` - -### Test to ensure if the tags include specific values - -```ruby -describe azure_generic_resource(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('tags') { should include(name: 'MyVM') } - -**The tag key name can be tested in String or Symbol.** -**regardless of the value.** -**regardless of the value.** - -end -``` - -### Test properties of a virtual machine resides in an Azure Dev Test Lab - -```ruby -describe azure_generic_resource(resource_provider: 'Microsoft.DevTestLab/labs', resource_path: '{labName}/virtualmachines', resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.userName') { should cmp 'admin' } - its('properties.allowClaim') { should cmp false } -end -``` - -### Test a resource group - -```ruby -describe azure_generic_resource(add_subscription_id: true, resource_uri: '/resourcegroups/', name: 'RESOURCE_GROUP') do - it { should exist } - its('tags') { should include(:owner) } - its('tags') { should include(owner: 'John Doe') } -end -``` - -### Test a policy definition - -```ruby -describe azure_generic_resource(add_subscription_id: true, resource_uri: 'providers/Microsoft.Authorization/policyDefinitions', name: 'POLICY') do - it { should exist } - its('properties.policyRule.then.effect') { should cmp 'deny' } - its('properties.policyType') { should cmp 'Custom' } -end -``` - -For more examples, see the [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_generic_resource.rb). - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -# Should not exist if there is no resource with a given name. - -describe azure_generic_resource(name: 'fake_name') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if there is one resource with a given name. - -describe azure_generic_resource(name: 'a_very_unique_name_within_subscription') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_generic_resources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_generic_resources.md deleted file mode 100644 index e25d198dee..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_generic_resources.md +++ /dev/null @@ -1,254 +0,0 @@ -+++ -title = "azure_generic_resources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_generic_resources" -identifier = "inspec/resources/azure/azure_generic_resources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_generic_resources` Inspec audit resource to test any valid Azure resources. - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource will interrogate all resources in your subscription available through Azure Resource Manager when initiated without a parameter. - -```ruby -describe azure_generic_resources do - it { should exist } -end -``` - -## Parameters - -The following parameters can be passed for targeting Azure resources. All of them are optional. - -`resource_group` -: Azure resource group where the targeted resources have been created. - -: **Example**: `MyResourceGroup` - -`substring_of_resource_group` -: Substring of an Azure resource group name where the targeted resources have been created. - -: **Example**: `RESOURCE_GROUP` - -`name` -: Name of the Azure resources to test. - -: **Example**: `VM_NAME` - -`substring_of_name` -: Substring a name of the Azure resources to test. - -: **Example**: `NAME` - -`resource_provider` -: Azure resource provider of the resources to be tested. - -: **Example**: `Microsoft.Compute/virtualMachines` - -`tag_name*` -: Tag name defined on the Azure resources. - -: **Example**: `name` - -`tag_value` -: Tag value of the tag defined with the `tag_name`. - -: **Example**: `external_linux` - -`resource_uri` -: Azure REST API URI of the resources to be tested. This parameter should be used when resources do not reside in resource groups. It requires `add_subscription_id` parameter to be provided together. - -: **Example**: `/providers/Microsoft.Authorization/policyDefinitions/` - -`add_subscription_id` -: Indicates whether the `resource_uri` contains the subscription ID. - -: **Example**: `true` or `false` - -`filter_free_text` -: Filter expression for the endpoints supporting `$filter` parameter. For example, [Azure role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest). This can only be used with the `resource_uri` parameter. - -: **Example**: `"atScope()"` -* When resources are filtered by a tag name and value, the tags for each resource are not returned in the results. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_group` -- `substring_of_resource_group` -- `name` -- `substring_of_name` -- `substring_of_resource_group` and `substring_of_name` -- `resource_provider` -- `resource_group` and `resource_provider` -- `substring_of_resource_group` and `resource_provider` -- `tag_name` -- `tag_name` and `tag_value` -- `add_subscription_id` and `resource_uri` -- `add_subscription_id`, `resource_uri` and `filter_free_text` - -Different parameter combinations can be tried. If it is not supported, the InSpec resource or the Azure Rest API will raise an error. - -It is advised to use these parameter sets to narrow down the targeted resources at the server side, Azure Rest API, for a more computing resource-efficient test. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of the unique resource names within a resource group. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`types` -: A list of resource types. - -: **Field**: `type` - -`locations` -: A list of locations where resources are created. - -: **Field**: `location` - -`created_times**` -: A list of created times of the resources. - -: **Field**: `created_time` - -`changed_times**` -: A list of changing times of the resources. - -: **Field**: `changed_time` - -`provisioning_states**` -: A list of provisioning states of the resources. - -: **Field**: `provisioning_state` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -** These properties are not available when `resource_uri` is used. - -## Examples - -### Test all virtual machines in your subscription - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.Compute/virtualMachines') do - it { should exist } - its('count') { should eq 43 } -end -``` - -### Test all resources regardless of their type and resource group with a common string in names (Server Side Filtering) - -```ruby -azure_generic_resources(substring_of_name: 'project_a').ids.each do |id| - describe azure_generic_resource(resource_id: id) do - it { should exist } - its('location') { should eq 'eastus' } - end -end -``` - -### Test all resources regardless of their type and resource group with a common tag 'name:value' pair (Server Side Filtering) - -```ruby -azure_generic_resources(tag_name: 'demo', tag_value: 'shutdown_at_10_pm').ids.each do |id| - describe azure_generic_resource(resource_id: id) do - it { should exist } - its('location') { should eq 'eastus' } - end -end -``` - -### Filters the results to only include those that match the given location (Client Side Filtering) - -```ruby -describe azure_generic_resources.where(location: 'eastus') do - it { should exist } -end -``` - -### Filters the results to only include those that created within last 24 hours (Client Side Filtering) - -```ruby -describe azure_generic_resources.where{ created_time > Time.now - 86400 } do - it { should exist } -end -``` - -### Test policy definitions - -```ruby -describe azure_generic_resources(add_subscription_id: true, resource_uri: 'providers/Microsoft.Authorization/policyDefinitions') do - it { should exist } -end -``` - -### Filter role assignments via 'filter_free_text' - -```ruby -describe azure_generic_resources(add_subscription_id: true, resource_uri: "providers/Microsoft.Authorization/roleAssignments", filter_free_text: "atScope()+and+assignedTo('{abcd1234-abcd-1234}')") do - it { should exist } -end -``` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -For more examples, see the [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_generic_resources.rb). - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -# Should not exist if there is no resource with a given resource group. - -describe azure_generic_resources(resource_group: 'fake_group') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if there is at least one resource. - -describe azure_generic_resources(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_generic_resource.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_generic_resource.md deleted file mode 100644 index b7e0a62700..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_generic_resource.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "azure_graph_generic_resource Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_graph_generic_resource" -identifier = "inspec/resources/azure/azure_graph_generic_resource Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_graph_generic_resource` Inspec audit resource to test any valid Azure resource available through Microsoft Azure Graph API. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_graph_generic_resource(resource: 'RESOURCE', id: 'GUID', select: %w(attributes to be tested)) do - its('property') { should eq 'value' } -end -``` - -where: - -- Resource parameters are used to query Azure Graph API endpoint for the resource to be tested. -- `property` - This generic resource dynamically creates the properties on the fly based on the property names provided with the `select` parameter. -- `value` is the expected output from the chosen property. - -## Parameters - -The following parameters can be passed for targeting a specific Azure resource. - -`resource` -: Azure resource type where the targeted resource belongs. For example, `users`. - -`id` -: Globally unique ID of the targeted resource. For example, `jdoe@example.com`. - -`select` -: The list of query parameters defining which attributes the resource will expose. If not provided, then the predefined attributes will be returned from the API. For example, `givenName`, `surname`, and `department`. - -`api_version` -: API version of the GRAPH API to use when interrogating the resource. If not set, then the predefined stable version will be used. For example, `v1.0`, or `beta`. - -## Properties - -The properties that can be tested are entirely dependent on the Azure Resource that is tested and the query parameters provided with the `select` parameter. - -## Examples - -### Test properties of a user account - -```ruby -describe azure_graph_generic_resource(resource: 'USERS', id: 'jdoe@contoso.com', select: %w{ surname givenName }) do - its('surname') { should cmp 'Doe' } - its('givenName') { should cmp 'John' } -end -``` - -For more examples, see the [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_graph_generic_resource.rb). - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -# Should not exist if there is no resource with a given name. - -describe azure_graph_generic_resource(resource: 'users', id: 'fake_id') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if there is one resource with a given name. - -describe azure_graph_generic_resource(resource: 'users', id: 'valid_id') do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. - -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_generic_resources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_generic_resources.md deleted file mode 100644 index 9cd348e848..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_generic_resources.md +++ /dev/null @@ -1,155 +0,0 @@ -+++ -title = "azure_graph_generic_resources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_graph_generic_resources" -identifier = "inspec/resources/azure/azure_graph_generic_resources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_graph_generic_resources` Inspec audit resource to test any valid Azure resource available through Microsoft Azure Graph API. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_graph_generic_resources(resource: 'RESOURCE', filter: {starts_with_property_name: 'A'}, select: %w(properties to be tested)) do - its('property') { should eq 'value' } -end -``` - -where: - -- Resource parameters are used to query Azure Graph API endpoint for the resource to be tested. -- `property` - This generic resource dynamically creates the properties on the fly based on the type of resource that has been targeted and the parameters provided with the `select` parameter. -- `value` is the expected output from the chosen property. - -## Parameters - -The following parameters can be passed for targeting specific Azure resources. - -`resource` -: Azure resource type where the targeted resource belongs. This is the only **MANDATORY** parameter. For example, `users`. - -`filter` -: A hash containing the filtering options and their values. The `starts_with_` operator can be used for fuzzy string matching. Parameter names are in the snake case. For example, `{ starts_with_given_name: 'J', starts_with_department: 'Core', country: 'United Kingdom', given_name: John}`. - -`filter_free_text` -: [OData](https://www.odata.org/getting-started/basic-tutorial/) query string in double quotes, `"`. Property names are in the camel case, refer to [Azure query parameters documentation](https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter) for more information. For example, `"startswith(displayName,'J') and surname eq 'Doe'"`. - -`select` -: A list of the query parameters defining the attributes the resource will expose and to be tested. Property names are in camel case. If not provided then the predefined attributes will be returned from the API. For example, `['givenName', 'surname', 'department']`. - -`api_version` -: API version of the Azure Graph API to use when interrogating the resource. If not set, then the predefined stable version will be used. For example, `v1.0` or `beta`. - -It is advised to use `filter` or `filter_free_text` to narrow down the targeted resources at the server side, Azure Graph API, for a more efficient test. - -## Properties - -Attributes will be created dynamically by pluralizing the name of the properties of the resources and converting them to `snake_case` form. - -For example, if the query parameters are `select: %w{ country department givenName }`, then the parameters will be: - -- `ids` (default) -- `countries` -- `departments` -- `given_names` - -### Filter Criteria - -Returned resources can be filtered by their parameters provided with the `select` option, or the default values returned from the API unless the `select` is used. - -For example, if the query parameters are `select: %w{ country department givenName }`, then the filter criteria will be: - -- `id` (default) -- `country` -- `department` -- `givenName` - -## Examples - -### Test a selection of user accounts - -```ruby -**Using filter parameter.** - -describe azure_graph_generic_resources(resource: 'USERS', filter: { starts_with_given_name: 'J', starts_with_department: 'customer', country: 'United Kingdom' }, select: %w{ country userPrincipalName}) do - it { should exist } - its('countries'.uniq) { should eq ['United Kingdom'] } -end - -**Using filter_free_text parameter.** - -describe azure_graph_generic_resources(resource: 'USERS', filter_free_text: "startswith(givenName,'J') and startswith(department,'customer') and country eq 'United States'", select: %w{ country userPrincipalName}) do - it { should exist } - its('countries'.uniq) { should eq ['United States'] } -end -``` - -### Filter* the results to only include that match the given country (Client-Side Filtering is NOT Recommended) - -```ruby - describe azure_graph_generic_resources(resource: 'USERS', select: %w{ country }).where(country: 'United Kingdom') do - it { should exist } - end -``` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -**Test `given_names` Parameter.** - -```ruby -azure_graph_generic_resources(resource: 'USERS', filter: { starts_with_given_name: 'J' }, select: %w{ givenName }).given_names.each do |name| - describe name do - it { should start_with('J') } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -```ruby -# Should not exist if there is no resource with a given name. - -describe azure_graph_generic_resources(resource: 'USERS', filter: { given_name: 'fake_name'}, select: %w{ givenName }) do - it { should_not exist } -end -``` - -### not_exists - -```ruby - -# Should exist if there is at least one resource with a given name. - -describe azure_graph_generic_resources(resource: 'USERS', filter: { given_name: 'valid_name'}, select: %w{ givenName }) do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. - -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_user.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_user.md deleted file mode 100644 index 8ad466979b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_user.md +++ /dev/null @@ -1,153 +0,0 @@ -+++ -title = "azure_graph_user Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_graph_user" -identifier = "inspec/resources/azure/azure_graph_user Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_graph_user` InSpec audit resource to test the properties of an Azure Active Directory user within a Tenant. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_graph_user(user_principal_name: 'jdoe@contoso.com') do - it { should exist } -end -``` - -## Parameters - -Either one of the following parameters is mandatory. - -`user_principal_name` -: The user principal name. - -: **Example**: `jdoe@contoso.com` - -`id` -: Globally unique identifier. - -: **Example**: `abcd-1234-efabc-5678` - -`user_id` -: Globally unique identifier (For backward compatibility). - -: **Example**: `abcd-1234-efabc-5678` - -## Properties - -`id` -: The user's globally unique ID. - -`account_enabled` -: Whether the account is enabled. - -`city` -: The user's city. - -`country` -: The user's country. - -`department` -: The user's department. - -`display_name` -: The display name of the user. - -`facsimile_telephone_number` -: The user's facsimile (fax) number. - -`given_name` -: The given name for the user. - -`job_title` -: The user's job title. - -`mail` -: The primary email address of the user. - -`mail_nickname` -: The mail alias for the user. - -`mobile` -: The user's mobile (cell) phone number. - -`password_policies` -: The password policies for the user. - -`password_profile` -: The password profile for the user. - -`postal_code` -: The user's postal (ZIP) code. - -`state` -: The user's state. - -`street_address` -: The user's street address. - -`surname` -: The user's surname (family name or last name). - -`telephone_number` -: The user's telephone number. - -`usage_location` -: A two letter country code (ISO standard 3166). Examples include: `US`, `JP`, and `GB`. - -`user_principal_name` -: The principal name of the user. - -`user_type` -: A string value that can be used to classify user types in your directory, such as `Member` or `Guest`. - -## Examples - -### Test if an Active Directory user account is referenced with a valid ID - -```ruby -describe azure_graph_user(id: 'someValidId') - it { should exist } -end -``` - -### Test if an Active Directory user Account is referenced with an invalid ID - -```ruby -describe azure_graph_user(id: 'someInvalidId') - it { should_not exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -describe azure_graph_user(user_id: 'someUserId') do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_users.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_users.md deleted file mode 100644 index 384e6ed902..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_graph_users.md +++ /dev/null @@ -1,144 +0,0 @@ -+++ -title = "azure_graph_users Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_graph_users" -identifier = "inspec/resources/azure/azure_graph_users Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_graph_users` InSpec audit resource to test the properties of some or all Azure Active Directory users within a Tenant. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_graph_users` resource block returns all Azure Active Directory user accounts within the configured Tenant and then tests that group of users. - -```ruby -describe azure_graph_users do - #... -end -``` - -## Parameters - -The following parameters can be passed for targeting specific users. - -`filter` -: A hash containing the filtering options and their values. The `starts_with_` operator can be used for fuzzy string matching. Parameter names are in the snake case. - -: **Example**: `{ starts_with_given_name: 'J', starts_with_department: 'Core', country: 'United Kingdom', given_name: John}` - -`filter_free_text` -: [OData](https://www.odata.org/getting-started/basic-tutorial/) query string in double quotes, `"`. Property names are in the camel case. See the [Microsoft query parameters documentation](https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter) for more information. - -: **Example**: `"startswith(displayName,'J') and surname eq 'Doe'"` or `"userType eq 'Guest'"` - -It is advised to use these parameters to narrow down the targeted resources at the server side, Azure Graph API, for a more efficient test. - -## Properties - -`ids` -: The unique identifiers of users. - -: **Field**: `id` - -`object_ids` -: The unique identifiers of users. This is for backward compatibility. Use `ids` instead. - -: **Field**: `id` - -`display_names` -: The display names of users. - -: **Field**: `displayName` - -`given_names` -: The given names of users. - -: **Field**: `givenName` - -`job_titles` -: The job titles of users. - -: **Field**: `jobTitle` - -`mails` -: The email addresses of users. - -: **Field**: `mail` - -`user_types` -: The user types of users. For example, `Member`, `Guest`. - -: **Field**: `userType` - -`user_principal_names` -: The user principal names of users. For example, `jdoe@contoso.com`. - -: **Field**: `userPrincipalName` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check users with some filtering parameters applied at server side (Using 'filter') - -```ruby -describe azure_graph_users(filter: {given_name: 'John', starts_with_department: 'Customer'}) do - it { should exist } -end -``` - -### Check users with some filtering parameters applied at server side (Using 'filter_free_text') - -```ruby -describe azure_graph_users(filter_free_text: "startswith(givenName,'J') and startswith(department,'customer') and country eq 'United States'") do - it { should exist } -end -``` - -### Ensure there are no guest accounts active (Client Side Filtering) - -```ruby -describe azure_graph_users.guest_accounts do - it { should_not exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_graph_users do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hdinsight_cluster.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hdinsight_cluster.md deleted file mode 100644 index 05218bc06a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hdinsight_cluster.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "azure_hdinsight_cluster Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hdinsight_cluster" -identifier = "inspec/resources/azure/azure_hdinsight_cluster Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hdinsight_cluster` InSpec audit resource to test the properties of an Azure HDInsight Cluster. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_hdinsight_cluster` resource block identifies a HDInsight Cluster by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_hdinsight_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_hdinsight_cluster(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.HDInsight/clusters/{clusterName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the cluster. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`properties.clusterVersion` -: The version of the cluster. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/hdinsight/2021-06-01/clusters/get?tabs=HTTP) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that a specified HDInsight Cluster is successfully provisioned - -```ruby -describe azure_hdinsight_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do - its('properties.provisioningState') { should cmp 'Succeeded' } -end -``` - -```ruby -describe azure_hdinsight_cluster(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.HDInsight/clusters/{clusterName}') do - its('properties.provisioningState') { should cmp 'Succeeded' } -end -``` - -### Test the version of an HDInsight Cluster - -```ruby -describe azure_hdinsight_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do - its('properties.clusterVersion') { should cmp '4.0' } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_hdinsight_cluster.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_hdinsight_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource not to exist. - -describe azure_hdinsight_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md deleted file mode 100644 index dcc1b07d1f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "azure_hpc_asc_operation Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hpc_asc_operation" -identifier = "inspec/resources/azure/azure_hpc_asc_operation Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hpc_asc_operation` InSpec audit resource to test the properties related to an Azure HPC ASC Operation. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name`, `cache_name`, and `resource_group` are required parameters. - -```ruby -describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do - it { should exist } - its('type') { should eq 'Microsoft.StorageCache/Cache/StorageTarget' } - its('location') { should eq 'East US' } -end -``` - -```ruby -describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do - it { should exist } -end -``` - -## Parameters - -`location` _(required)_ -: The name of the region used to look up the operation. - -`operation_id` _(required)_ -: The operation ID that uniquely identifies the asynchronous operation. - -## Properties - -`id` -: The operation ID. - -`name` -: The operation name. - -`startTime` -: The start time of the operation. - -`status` -: The status of the operation. - -`endTime` -: The end time of the operation. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagecache/asc-operations/get#ascoperation) for other available properties. - -## Examples - -### Test that the HPC ASC operation is succeeded - -```ruby -describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do - its('status') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If an HPC ASC Operation is found, it will exist. - -describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If an HPC ASC Operation is not found, it will not exist. - -describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_cache.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_cache.md deleted file mode 100644 index 59bbf5b995..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_cache.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "azure_hpc_cache Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hpc_cache" -identifier = "inspec/resources/azure/azure_hpc_cache Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hpc_cache` InSpec audit resource to test the properties related to an Azure HPC Cache. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name`, `cache_name`, and `resource_group` are required parameters. - -```ruby -describe azure_hpc_cache(resource_group: 'RESOURCE_GROUP', name: 'HPC_CACHE_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.StorageCache/Cache' } - its('location') { should eq 'East US' } -end -``` - -```ruby -describe azure_hpc_cache(resource_group: 'RESOURCE_GROUP', name: 'HPC_CACHE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure HPC Cache to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID of the HPC Cache. - -`name` -: Name of the HPC Cache. - -`type` -: Type of the HPC Cache, `Microsoft.StorageCache/Cache`. - -`location` -: Region name string. - -`properties` -: The properties of the HPC Cache. - -`properties.cacheSizeGB` -: The size of this HPC Cache (in GB). - -`properties.subnet` -: The subnet used for the HPC Cache. - -`properties.health` -: Health of the HPC Cache. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagecache/caches/get#cache) for other available properties. - -## Examples - -### Test that the HPC Cache is provisioned - -```ruby -describe azure_hpc_cache(resource_group: 'RESOURCE_GROUP', name: 'HPC_CACHE_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If an HPC Cache is found, it will exist. - -describe azure_hpc_cache(resource_group: 'RESOURCE_GROUP', name: 'HPC_CACHE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If an HPC Cache is not found, it will not exist. - -describe azure_hpc_cache(resource_group: 'RESOURCE_GROUP', name: 'HPC_CACHE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md deleted file mode 100644 index 6b626a6d36..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "azure_hpc_cache_skus Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hpc_cache_skus" -identifier = "inspec/resources/azure/azure_hpc_cache_skus Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hpc_cache_skus` InSpec audit resource to test the properties related to all Azure HPC Cache SKUs. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_hpc_cache_skus` resource block returns all Azure HPC Cache SKUs. - -```ruby -describe azure_hpc_cache_skus do - #... -end -``` - -## Parameters - -## Properties - -`resourceTypes` -: A resource types list where the SKU applies. - -**Field**: `resourceType` - -`names` -: A list of SKU names. - -**Field**: `name` - -`sizes` -: A list of the SKU sizes. - -**Field**: `size` - -`tiers` -: A tiers list of VM in a scale set. - -**Field**: `tier` - -`kind` -: The supported kind list of resources. - -**Field**: `kind` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Ensure that there are Standard tier HPC Cache SKUs - -```ruby -describe azure_hpc_cache_skus.where(tier: 'STANDARD') do - it { should exist } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exists - -```ruby -# Should not exist if no HPC Cache SKUs are present. - -describe azure_hpc_cache_skus do - it { should_not exist } -end -# Should exist if the filter returns at least one HPC Cache SKUs. - -describe azure_hpc_cache_skus do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_caches.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_caches.md deleted file mode 100644 index 94f66b4079..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_caches.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azure_hpc_caches Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hpc_caches" -identifier = "inspec/resources/azure/azure_hpc_caches Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hpc_caches` InSpec audit resource to test the properties related to all Azure HPC Caches. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_hpc_caches` resource block returns all Azure HPC Caches. - -```ruby -describe azure_hpc_caches do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -**Field**: `id` - -`names` -: A list of HPC Cache names. - -**Field**: `name` - -`types` -: A list of the HPC Cache types. - -**Field**: `type` - -`properties` -: A list of Properties for all the HPC Caches. - -**Field**: `properties` - -`locations` -: A list of the resource locations. - -**Field**: `location` - -`cacheSizeGBs` -: A list of the sizes of the HPC Cache. - -**Field**: `cacheSizeGB` - -`subnets` -: A list of subnets used for the HPC Cache. - -**Field**: `subnet` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through HPC Caches by their names - -```ruby -azure_hpc_caches.names.each do |name| - describe azure_hpc_cache(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: name) do - it { should exist } - end -end -``` - -### Test to ensure that there are provisioned HPC Caches - -```ruby -describe azure_hpc_caches.where(provisioningState: 'SUCCEEDED') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no HPC Caches are present. - -describe azure_hpc_caches do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one HPC Caches. - -describe azure_hpc_caches do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_storage_target.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_storage_target.md deleted file mode 100644 index fbda0eeea4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_storage_target.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_hpc_storage_target Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hpc_storage_target" -identifier = "inspec/resources/azure/azure_hpc_storage_target Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hpc_storage_target` InSpec audit resource to test the properties related to an Azure HPC Storage Target. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name`, `cache_name`, and `resource_group` are required parameters. - -```ruby -describe azure_hpc_storage_target(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: 'HPC_STORAGE_TARGET_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.StorageCache/Cache/StorageTarget' } - its('location') { should eq 'East US' } -end -``` - -```ruby -describe azure_hpc_storage_target(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: 'HPC_STORAGE_TARGET_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure HPC Storage Targets to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`cache_name` _(required)_ -: Azure HPC Cache name. - -## Properties - -`id` -: Resource ID of the Storage Target. - -`name` -: Name of the Storage Target. - -`type` -: Resource type. - -`location` -: Region name string. - -`properties` -: The properties of the HPC Storage Target. - -`properties.blobNfs` -: The properties when the **targetType** is `blobNfs`. - -`properties.state` -: The storage target operational state. - -`properties.nfs3` -: Properties when the **targetType** is `nfs3`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagecache/storage-targets/get#storagetarget) for other available properties. - -## Examples - -### Test that the HPC Storage Target is ready - -```ruby -describe azure_hpc_storage_target(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: 'HPC_STORAGE_TARGET_NAME') do - its('properties.state') { should eq 'Ready' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If an HPC Storage Target is found, it will exist. - -describe azure_hpc_storage_target(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: 'HPC_STORAGE_TARGET_NAME') do - it { should exist } - -``` - -### not_exists - -```ruby -# if HPC Storage Target is not found, it will not exist. - -describe azure_hpc_storage_target(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: 'HPC_STORAGE_TARGET_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_storage_targets.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_storage_targets.md deleted file mode 100644 index efa6c3f0f8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_hpc_storage_targets.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "azure_hpc_storage_targets Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_hpc_storage_targets" -identifier = "inspec/resources/azure/azure_hpc_storage_targets Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_hpc_storage_targets` InSpec audit resource to test the properties related to all Azure HPC Storage Targets. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_hpc_storage_targets` resource block returns all Azure HPC Storage Targets. - -```ruby -describe azure_hpc_storage_targets(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`cache_name` _(required)_ -: Azure HPC Cache name. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource Names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the HPC Storage Targets. - -: **Field**: `properties` - -`locations` -: A list of the resource locations. - -: **Field**: `location` - -`targetTypes` -: A list of the types of storage target. - -: **Field**: `targetType` - -`states` -: A list of the operational state of the storage target. - -: **Field**: `provisioningState` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through HPC Storage Targets by their names - -```ruby -azure_hpc_storage_targets(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME').names.each do |name| - describe azure_hpc_storage_target(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME', name: name) do - it { should exist } - end -end -``` - -### Test that there are HPC Storage Targets that are ready - -```ruby -describe azure_hpc_storage_targets(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME').where(state: 'Ready') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no HPC Storage Targets are present. - -describe azure_hpc_storage_targets(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one HPC Storage Targets. - -describe azure_hpc_storage_targets(resource_group: 'RESOURCE_GROUP', cache_name: 'HPC_CACHE_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub.md deleted file mode 100644 index bb7c5c7195..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "azure_iothub Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_iothub" -identifier = "inspec/resources/azure/azure_iothub Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_iothub` InSpec audit resource to test the properties of an Azure IoT hub within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_iothub(resource_group: 'RESOURCE_GROUP', name: 'IoT_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_iothub(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the IoT hub. - -`resource_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `resource_name` - -## Properties - -`sku` -: The SKU of the resource with [these](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/get#iothubskuinfo) properties. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/get#iothubdescription) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if file upload notifications are enabled - -```ruby -describe azure_iothub(resource_group: 'RESOURCE_GROUP', name: 'IoT_NAME') do - its('properties.enableFileUploadNotifications') { should cmp true } -end -``` - -```ruby -describe azure_iothub(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}') do - its('properties.enableFileUploadNotifications') { should cmp true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_iothub(resource_group: 'RESOURCE_GROUP', name: 'IoT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_iothub(resource_group: 'RESOURCE_GROUP', name: 'IoT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md deleted file mode 100644 index 10b6716826..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "azure_iothub_event_hub_consumer_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_iothub_event_hub_consumer_group" -identifier = "inspec/resources/azure/azure_iothub_event_hub_consumer_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_iothub_event_hub_consumer_group` InSpec audit resource to test the properties and configuration of an Azure IoT Hub Event Hub Consumer Group within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `resource_name`, `event_hub_endpoint`, and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP') do - it { should exist } -end -``` - -```ruby -describe azure_iothub_event_hub_consumer_group(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}/eventHubEndpoints/{eventHubEndpointName}/ConsumerGroups/{name}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`resource_name` -: The name of the IoT hub. - -`event_hub_endpoint` -: The name of the Event Hub-compatible endpoint in the IoT hub. - -`name` -: The name of the consumer group to retrieve. - -`consumer_group` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}/eventHubEndpoints/{eventHubEndpointName}/ConsumerGroups/{name}`. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `resource_name`, `event_hub_endpoint` and `name` -- `resource_group`, `resource_name`, `event_hub_endpoint` and `consumer_group` - -## Properties - -`name` -: The Event Hub-compatible consumer group name. - -For properties applicable to all resources, such as `type`, `tags`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/geteventhubconsumergroup#eventhubconsumergroupinfo) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the resource name - -```ruby -describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP') do - its('name') { should cmp 'CONSUMER_GROUP' } -end -``` - -```ruby -describe azure_iothub_event_hub_consumer_group(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}/eventHubEndpoints/{eventHubEndpointName}/ConsumerGroups/{name}') do - its('name') { should cmp 'CONSUMER_GROUP' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md deleted file mode 100644 index 51d9a269ae..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_iothub_event_hub_consumer_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_iothub_event_hub_consumer_groups" -identifier = "inspec/resources/azure/azure_iothub_event_hub_consumer_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_iothub_event_hub_consumer_groups` InSpec audit resource to test the properties and configuration of an Azure IoT Hub Event Hub Consumer Groups within a resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group`, `resource_name`, and `event_hub_endpoint` are required parameters. - -```ruby -describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do - its('names') { should include 'CONSUMER_GROUP'} - its('types') { should include 'Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups' } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`resource_name` -: The name of the IoT hub. - -`event_hub_endpoint` -: The name of the Event Hub-compatible endpoint in the IoT hub. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -`etags` -: A list of etags defined on the resources. - -: **Field**: `etag` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific consumer group exists - -```ruby -describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do - its('names') { should include('CONSUMER_GROUP') } -end -``` - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -**If we expect at least one resource to exist on a specified endpoint.** - -describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do - it { should exist } -end - -**If we expect not to exist consumer groups on a specified endpoint.** - -describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'IoT_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault.md deleted file mode 100644 index f06654a86f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "azure_key_vault Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_key_vault" -identifier = "inspec/resources/azure/azure_key_vault Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_key_vault` InSpec audit resource to test the properties related to a key vault. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_key_vault(resource_group: 'RESOURCE_GROUP', name: 'VAULT-101') do - it { should exist } - its('name') { should cmp 'vault-101' } -end -``` - -```ruby -describe azure_key_vault(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.KeyVault/vaults/{vaultName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the Azure resource to test. - -`vault_name` -: Name of the Azure resource to test (for backward compatibility). - -`resource_id` -: The unique resource ID. - -`diagnostic_settings_api_version` -: The endpoint API version for the `diagnostic_settings` property. `2017-05-01-preview` will be used for backward compatibility unless provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `vault_name` - -## Properties - -`diagnostic_settings` -: The active diagnostic settings list for the key vault. - -`diagnostic_settings_logs` -: The logs enabled status of every category for the key vault. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test key vault's SKU family - -```ruby -describe azure_key_vault(resource_group: 'RESOURCE_GROUP', name: 'VAULT_NAME') do - its('properties.sku.family') { should eq 'A' } -end -``` - -### Test if the key vault is enabled for disk encryption - -```ruby -describe azure_key_vault(resource_group: 'RESOURCE_GROUP', name: 'VAULT_NAME') do - its('properties.enabledForDiskEncryption') { should be_true } -end -``` - -### Test if Azure key vault audit logging is enabled - -```ruby -describe azure_key_vault(resource_group: 'RESOURCE_GROUP', name: 'VAULT_NAME') do - its('diagnostic_settings_logs') { should include(true) } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a key vault is found, it will exist. - -describe azure_key_vault(resource_group: 'RESOURCE_GROUP', name: 'VAULT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Key vaults that aren't found, will not exist. - -describe azure_key_vault(resource_group: 'RESOURCE_GROUP', name: 'VAULT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_key.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_key.md deleted file mode 100644 index e232824fa6..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_key.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "azure_key_vault_key Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_key_vault_key" -identifier = "inspec/resources/azure/azure_key_vault_key Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_key_vault_key` InSpec audit resource to test the properties and configuration of an Azure key within a vault. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_key_vault_key` resource block identifies an Azure key by `vault_name` and `key_name`, or the `key_id`. You may also specify a `key_version`. If no version is specified, the most recent version of the key will be used. - -```ruby -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY') do - it { should exist } -end -``` - -```ruby -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY', key_version: '78deebed173b48e48f55abf87ed4cf71') do - it { should exist } -end -``` - -```ruby -describe azure_key_vault_key(key_id: 'https://example_vault.vault.azure.net/keys/key/7df9bf2c3b4347bab213ebe233f0e350') do - it { should exist } -end -``` - -## Parameters - -`vault_name` -: The name of the key vault where the targeted key resides. - -`key_name` -: The name of the key to interrogate. - -`name` -: Alias for the `key_name` parameter. - -`key_version` -: (Optional) - The version of a key. For example, `7df9bf2c3b4347bab213ebe233f0e350`. - -`key_id` -: The unique ID of the key. For example, `https://example_vault.vault.azure.net/keys/key/7df9bf2c3b4347bab213ebe233f0e350`. - -Either one of the parameter sets can be provided for a valid query: - -- `vault_name` and `key_name` -- `vault_name` and `name` -- `key_id` - -## Properties - -`attributes` -: The key management attributes in [this](https://docs.microsoft.com/en-us/rest/api/keyvault/keys/get-key/get-key?tabs=HTTP#keyattributes) format. - -`key` -: The JSON web key in [this](https://docs.microsoft.com/en-us/rest/api/keyvault/keys/get-key/get-key?tabs=HTTP#jsonwebkey) format. - -`managed` -: `true` if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be `true`. - -`tags` -: Application-specific metadata in the form of key-value pairs. - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/keys/get-key/get-key?tabs=HTTP) for more details. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the key identifier - -```ruby -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY', key_version: '7df9bf2c3b4347bab213ebe233f0e350') do - its('key.kid') { should cmp 'https://example_vault.vault.azure.net/keys/key/7df9bf2c3b4347bab213ebe233f0e350' } -end -``` - -### Test if the key is enabled - -```ruby -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY') do - its('attributes.enabled') { should eq true } -end -``` -### Test if the rotationploicy is enabled - -```ruby -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY') do - it { should have_rotation_policy_enabled } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the key to always exist. - -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the key to never exist. - -describe azure_key_vault_key(vault_name: 'EXAMPLE_VAULT', key_name: 'EXAMPLE_KEY') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_keys.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_keys.md deleted file mode 100644 index b48d0c8de6..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_keys.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_key_vault_keys Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_key_vault_keys" -identifier = "inspec/resources/azure/azure_key_vault_keys Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_key_vault_keys` InSpec audit resource to test the properties and configuration of multiple Azure keys within vaults. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_key_vault_keys` resource block returns all keys within a vault. - -```ruby -describe azure_key_vault_keys(vault_name: 'EXAMPLE_VAULT') do - #... -end -``` - -## Parameters - -`vault_name` - -: The name of the vault. - -## Properties - -`attributes` -: A list of the key management attributes in [this](https://docs.microsoft.com/en-us/rest/api/keyvault/keys/get-key/get-key?tabs=HTTP#keyattributes) format. - -: **Field**: `attributes` - -`kids` -: A list of key IDs. - -: **Field**: `kid` - -`managed` -: A list of boolean values indicating if the keys are managed by key vault or not. - -: **Field**: `managed` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that a vault has the named key - -```ruby -describe azure_key_vault_keys(vault_name: 'EXAMPLE_VAULT').where { kid.include?('KEY_NAME')} do - it { should exist } - its('count') { should be 1 } -end -``` - -### Loop through keys by the key ID - -```ruby -azure_key_vault_keys(vault_name: 'EXAMPLE_VAULT').kids.each do |kid| - describe azure_key_vault_key(key_id: kid) do - it { should exist } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect to have at least one key in a vault. - -describe azure_key_vault_keys(vault_name: 'EXAMPLE_VAULT') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect not to have any keys in a vault. - -describe azure_key_vault_keys(vault_name: 'EXAMPLE_VAULT') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_secret.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_secret.md deleted file mode 100644 index 73c334f060..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_secret.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "azure_key_vault_secret Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_key_vault_secret" -identifier = "inspec/resources/azure/azure_key_vault_secret Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_key_vault_secret` InSpec audit resource to test the properties and configuration of an Azure secret within a vault. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_key_vault_secret` resource block identifies an Azure secret by `vault_name` and `secret_name`, or the `secret_id`. You may also specify a `secret_version`. If no version is specified, the most recent version of the secret is used. - -```ruby -describe azure_key_vault_secret(vault_name: 'EXAMPLE_VAULT', secret_name: 'EXAMPLE_SECRET') do - it { should exist } -end -``` - -```ruby -describe azure_key_vault_secret(vault_name: 'EXAMPLE_VAULT', secret_name: 'EXAMPLE_SECRET', secret_version: '78deebed173b48e48f55abf87ed4cf71') do - it { should exist } -end -``` - -```ruby -describe azure_key_vault_secret(secret_id: 'https://example_vault.vault.azure.net/secrets/secret_name/7df9bf2c3b4347bab213ebe233f0e350') do - it { should exist } -end -``` - -## Parameters - -`vault_name` -: The key vault name where the targeted secret resides. - -`secret_name` -: The name of the secret to interrogate. - -`name` -: Alias for the `secret_name` parameter. - -`secret_version` _Optional_ -: The version of a secret. For example, `7df9bf2c3b4347bab213ebe233f0e350`. - -`secret_id` -: The unique ID of the secret. For example, `https://example_vault.vault.azure.net/secrets/secret_name/7df9bf2c3b4347bab213ebe233f0e350`. - -Either one of the parameter sets can be provided for a valid query: - -- `vault_name` and `secret_name` -- `vault_name` and `name` -- `secret_id` - -## Properties - -`id` -: The secret ID. `https://example_vault.vault.azure.net/secrets/secret_name`. - -`kid` -: If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate. - -`attributes` -: The secret management attributes in [this](https://docs.microsoft.com/en-us/rest/api/keyvault/secrets/get-secrets/get-secrets?tabs=HTTP#secretattributes) format. - -`contentType` -: The content type of the secret. - -`content_type` -: Alias for the `contentType`. - -`managed` -: `true` if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be `true`. - -`tags` -: Application specific metadata in the form of key-value pairs. - -`value` -: The secret's value. - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/secrets/get-secrets/get-secrets) for more details. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the secret identifier - -```ruby -describe azure_key_vault_secret(vault_name: 'EXAMPLE_VAULT', secret_name: 'EXAMPLE_SECRET') do - its('id') { should cmp 'https://example_vault.vault.azure.net/secrets/example_secret' } -end -``` - -### Test if the secret is enabled - -```ruby -describe azure_key_vault_secret(vault_name: 'EXAMPLE_VAULT', secret_name: 'EXAMPLE_SECRET') do - its('attributes.enabled') { should eq true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the secret to always exist. -describe azure_key_vault_secret(vault_name: 'EXAMPLE_VAULT', secret_name: 'EXAMPLE_SECRET') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the secret to never exist. -describe azure_key_vault_secret(vault_name: 'EXAMPLE_VAULT', secret_name: 'EXAMPLE_SECRET') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_secrets.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_secrets.md deleted file mode 100644 index 142a157c16..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vault_secrets.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "azure_key_vault_secrets Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_key_vault_secrets" -identifier = "inspec/resources/azure/azure_key_vault_secrets Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_key_vault_secrets` InSpec audit resource to test the properties and configuration of multiple Azure secrets within vaults. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_key_vault_secrets` resource block returns all secrets within a vault. - -```ruby -describe azure_key_vault_secrets(vault_name: 'EXAMPLE_VAULT') do - #... -end -``` - -## Parameters - -`vault_name` - -: The name of the vault. - -## Properties - -`attributes` -: A list of the secret management attributes in [this](https://docs.microsoft.com/en-us/rest/api/keyvault/secrets/get-secrets/get-secrets?tabs=HTTP#secretattributes) format. - -: **Field**: `attributes` - -`ids` -: A list of secret IDs. - -: **Field**: `id` - -`managed` -: A list of boolean values indicating if the secrets are managed by key vault or not. - -: **Field**: `managed` - -`contentTypes` -: A list of secrets content type being interrogated. - -: **Field**: `contentType` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that a vault has the named secret - -```ruby -describe azure_key_vault_secrets(vault_name: 'EXAMPLE_VAULT').where { id.include?('SECRET')} do - it { should exist } - its('count') { should be 1 } -end -``` - -### Loop through secrets by their IDs - -```ruby -azure_key_vault_secrets(vault_name: 'EXAMPLE_VAULT').ids.each do |id| - describe azure_key_vault_secret(secret_id: id) do - it { should exist } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect to have at least one secret in a vault. -describe azure_key_vault_secrets(vault_name: 'EXAMPLE_VAULT') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect not have any secrets in a vault. -describe azure_key_vault_secrets(vault_name: 'EXAMPLE_VAULT') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vaults.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vaults.md deleted file mode 100644 index 3843edc8b5..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_key_vaults.md +++ /dev/null @@ -1,141 +0,0 @@ -+++ -title = "azure_key_vaults Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_key_vaults" -identifier = "inspec/resources/azure/azure_key_vaults Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_key_vaults` InSpec audit resource to test the properties related to key vaults for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_key_vaults` resource block returns all Azure key vaults, either within a resource group (if provided) or the entire subscription. - -```ruby -describe azure_key_vaults do - #... -end -``` - -Or - -```ruby -describe azure_key_vaults(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of all the key vault names. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`types` -: A list of types of all the key vaults. - -: **Field**: `type` - -`locations` -: A list of locations for all the key vaults. - -: **Field**: `location` - -`properties` -: A list of properties for all the key vaults. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through key vaults by their IDs - -```ruby -azure_key_vaults.ids.each do |id| - describe azure_key_vault(resource_id: id) do - it { should exist } - end -end -``` - -### Test to ensure there are key vaults that include a certain string in their names (Client Side Filtering) - -```ruby -describe azure_key_vaults.where { name.include?('deployment') } do - it { should exist } -end -``` - -### Test to ensure there are key vaults that include a certain string in their names (Server Side Filtering via Generic Resource - Recommended) - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.KeyVault/vaults', substring_of_name: 'deployment') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### not_exists - -```ruby -# Should not exist if no key vaults are in the resource group. - -describe azure_key_vaults(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### exists - -```ruby -# Should exist if the filter returns at least one key vault. - -describe azure_key_vaults(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_load_balancer.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_load_balancer.md deleted file mode 100644 index 1ba0dc89b9..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_load_balancer.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azure_load_balancer Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_load_balancer" -identifier = "inspec/resources/azure/azure_load_balancer Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_load_balancer` InSpec audit resource to test the properties and configuration of an Azure Load Balancer. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_load_balancer(resource_group: 'RESOURCE_GROUP', name: 'EXAMPLE_LB') do - it { should exist } -end -``` - -```ruby -describe azure_load_balancer(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the load balancer. - -`loadbalancer_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `loadbalancer_name` - -## Properties - -`sku.name` -: Name of a load balancer SKU. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/load-balancer/loadbalancers/get#loadbalancer) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a Load Balancer has any inbound nat rules - -```ruby -describe azure_load_balancer(resource_group: 'RESOURCE_GROUP', name: 'EXAMPLE_LB') do - its('properties.inboundNatRules') { should_not be_empty } -end -``` - -### Loop through all Load Balancers in a subscription via 'resource_id' - -```ruby -azure_load_balancers.ids.each do |id| - describe azure_load_balancer(resource_id: id) do - its('properties.inboundNatRules') { should_not be_empty } - end -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_load_balancer(resource_group: 'RESOURCE_GROUP', name: 'EXAMPLE_LB') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_load_balancer(resource_group: 'RESOURCE_GROUP', name: 'EXAMPLE_LB') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_load_balancers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_load_balancers.md deleted file mode 100644 index 5c85775f33..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_load_balancers.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azure_load_balancers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_load_balancers" -identifier = "inspec/resources/azure/azure_load_balancers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_load_balancers` InSpec audit resource to test the properties and configuration of Azure Load Balancers. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_load_balancers` resource block returns all Azure Load Balancers, either within a resource group (if provided) or the entire subscription. - -```ruby -describe azure_load_balancers do - #... -end -``` - -Or - -```ruby -describe azure_load_balancers(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -`skus` -: A list of the SKUs of the resources being interrogated. - -: **Field**: `sku` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check Load balancers are present - -````ruby -describe azure_load_balancers do - it { should exist } - its('names') { should include 'EXAMPLE_LB' } -end -```` - -### Filter the results to include only those with names match the specified string value - -```ruby -describe azure_load_balancers.where{ name.eql?('PRODUCTION-LB') } do - it { should exist } -end -``` - -### Filter the results to include only those with location match the specified string value - -```ruby -describe azure_load_balancers.where{ location.eql?('EASTUS-2') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have Load Balancers. -describe azure_load_balancers(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group to not have Load Balancers. -describe azure_load_balancers(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_lock.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_lock.md deleted file mode 100644 index 33bf380db6..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_lock.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "azure_lock Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_lock" -identifier = "inspec/resources/azure/azure_lock Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_lock` InSpec audit resource to test the properties and configuration of a Management Lock. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The Management Lock resources do not follow the common `resouce_group` and `name` patterns for identification. As a result, the `resource_id` must be given as a parameter to the `azure_lock` resource. - -The [`azure_locks`]({{< relref "azure_locks.md" >}}) resource can be used for gathering the Management Lock resource IDs to be tested within the desired level, such as subscription, resource group, or individual resource. - -```ruby -describe azure_lock(resource_id: '/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/locks/{lockName}') do - it { should exist } -end -``` - -## Parameters - -`resource_id` -: The unique resource ID. - -## Properties - -`properties.level` -: The level of the lock. Possible values are: `NotSpecified`, `CanNotDelete`, and `ReadOnly`. For more information, see the [Microsoft lock level documentation](https://docs.microsoft.com/en-us/rest/api/resources/managementlocks/getatresourcelevel#locklevel). - -`properties.notes` -: Notes about the lock. Maximum of 512 characters. - -`properties.owners` -: A list of the owners of the lock with [these](https://docs.microsoft.com/en-us/rest/api/resources/managementlocks/getatresourcelevel#managementlockowner) properties. - -Please note that the properties can vary depending on the `api_version` used for the lookup. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/managementlocks/getatresourcelevel#managementlockobject) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a 'ReadOnly' Management Lock exists in a specific resource group - -```ruby -azure_locks(resource_group: 'EXAMPLE-GROUP').ids.each do |id| - describe azure_lock(resource_id: id) do - its('properties.level') { should_not cmp `ReadOnly` } - end -end -``` - -### Test if Management Locks on a specific resource contain a certain String - -```ruby -azure_locks(resouce_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}').ids.each do |lock_id| - describe azure_lock(resource_id: lock_id) do - it('properties.notes') { should include 'contact jdoe@chef.io' } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_lock(resource_id: '/subscriptions/..{lockName}') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_lock(resource_id: '/subscriptions/..{lockName}') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_locks.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_locks.md deleted file mode 100644 index 4b17e6a10b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_locks.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "azure_locks Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_locks" -identifier = "inspec/resources/azure/azure_locks Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_locks` InSpec audit resource to test the properties and configuration of all Management Locks for an Azure resource or any level below it. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_locks` resource block returns all Management Locks within a resource group (if provided) or the entire subscription. - -```ruby -describe azure_locks do - it { should exist } -end -``` - -Or - -```ruby -describe azure_locks(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -Also, at resource level test can be done by providing the following identifiers: `resource_group`, `resource_name`, and `resource_type` or the `resource_id`. - -```ruby -describe azure_locks(resource_group: 'RESOURCE_GROUP', resource_name: 'VM_NAME`, resource_type: 'Microsoft.Compute/virtualMachines') do - it { should exist } -end -``` - -Or - -```ruby -describe azure_locks(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`resource_name` -: Name of the Azure resource on which the Management Locks are being tested. - -`resource_type` -: Type of the Azure resource on which the Management Locks are being tested. - -`resource_id` -: The unique resource ID of the Azure resource on which the Management Locks are being tested. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `resource_name` and `resource_type` -- `resource_group` -- None for a subscription level test. - -## Properties - -`ids` -: A list of the unique resource IDs of the Management Locks. - -: **Field**: `id` - -`names` -: A list of names of all the Management Locks being interrogated. - -: **Field**: `name` - -`properties` -: A list of properties for all the Management Locks being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific Management Lock is present for a resource - -```ruby -describe azure_locks(resource_group: 'RESOURCE_GROUP', resource_name: 'VM_NAME', resource_type: 'Microsoft.Compute/virtualMachines') do - its('names') { should include 'production_agents' } -end -``` - -### Filters the results to include only those Management Locks that have the specific name - -```ruby -describe azure_locks.where{ name.include?('production') } do - it { should exist } -end -``` - -### Loop through all virtual machines to test if they have Management Locks defined - -```ruby -azure_virtual_machines.ids.each do |id| - describe azure_locks(resource_id: id) do - it { should exist } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches. -```ruby -describe azure_locks(resource_group: 'RESOURCE_GROUP', resource_name: 'VM_NAME', resource_type: 'Microsoft.Compute/virtualMachines') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_managed_application.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_managed_application.md deleted file mode 100644 index f56eec9ede..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_managed_application.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "azure_managed_application Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_managed_application" -identifier = "inspec/resources/azure/azure_managed_application Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_managed_application` InSpec audit resource to test the properties related to an Azure Managed application. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_managed_application(resource_group: 'RESOURCE_GROUP', name: 'MANAGED_APPLICATION_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces' } - its('location') { should eq 'East US' } -end -``` - -```ruby -describe azure_managed_application(resource_group: 'RESOURCE_GROUP', name: 'MANAGED_APPLICATION_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure managed applications to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.Solutions/applications`. - -`location` -: Resource location. - -`properties` -: The properties of the managed application. - -`properties.plan` -: The plan information. - -`properties.identity` -: The identity of the resource. - -`properties.provisioningState` -: Provisioning state of the namespace. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/managedapplications/applications/get) for other available properties. - -## Examples - -### Test that the managed applications are provisioned successfully - -```ruby -describe azure_managed_application(resource_group: 'RESOURCE_GROUP', name: 'MANAGED_APPLICATION_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Managed application is found, it will exist. - -describe azure_managed_application(resource_group: 'RESOURCE_GROUP', name: 'MANAGED_APPLICATION_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If a Managed application is not found, it will not exist. - -describe azure_managed_application(resource_group: 'RESOURCE_GROUP', name: 'MANAGED_APPLICATION_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_managed_applications.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_managed_applications.md deleted file mode 100644 index 5b7a7aca82..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_managed_applications.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "azure_managed_applications Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_managed_applications" -identifier = "inspec/resources/azure/azure_managed_applications Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_managed_applications` InSpec audit resource to test the properties related to all Azure Managed applications. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_managed_applications` resource block returns all Azure Managed applications. - -```ruby -describe azure_managed_applications do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource Names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Managed applications. - -: **Field**: `properties` - -`locations` -: A list of the resource locations. - -: **Field**: `location` - -`identities` -: A list of the identity of the resources. - -: **Field**: `identity` - -`plans` -: A list of the plan information. - -: **Field**: `plan` - -`provisioningStates` -: A list of provisioning states of the app. - -: **Field**: `provisioningState` - -`publisherTenantIds` -: A list of the publisher tenant ID. - -: **Field**: `publisherTenantId` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Managed applications by their names - -```ruby -azure_managed_applications(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_managed_application(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Managed applications that are successfully provisioned - -```ruby -describe azure_managed_applications(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Managed applications are present. - -describe azure_managed_applications(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Managed application. - -describe azure_managed_applications(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_management_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_management_group.md deleted file mode 100644 index e99319b7f3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_management_group.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "azure_management_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_management_group" -identifier = "inspec/resources/azure/azure_management_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_management_group` InSpec audit resource to test the properties of an Azure management group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_management_group` resource block identifies a management group by its `name` or the `resource_id`. - -```ruby -describe azure_management_group(name: 'ABCD-1234') do - it { should exist } -end -``` - -```ruby -describe azure_management_group(resource_id: '/providers/Microsoft.Management/managementGroups/{groupId}') do - it { should exist } -end -``` - -## Parameters - -`name` -: Management group name. `20000000-0001-0000-0000-000000000000`. - -`group_id` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. `/providers/Microsoft.Management/managementGroups/{groupId}`. - -`expand` -: Optional. The `expand: 'children'` includes children in the response. The `expand: 'path'` includes the path from the root group to the current group. - -`recurse` -: Optional. The `recurse: true` includes the entire hierarchy in the response. Note that `expand: 'children'` will be set if `recurse` is set to `true`. - -`filter` _Optional_ -: A filter allows the exclusion of subscriptions from results (i.e., `filter: 'children.childType ne Subscription'`). - -Either one of the parameter sets can be provided for a valid query along with the optional parameters: - -- `resource_id` -- `name` -- `group_id` - -## Properties - -`tenant_id` -: The management group tenant ID. - -`parent_name` -: The management group parent name. - -`parent_id` -: The management group parent resource ID. `/providers/Microsoft.Management/managementGroups/{groupId}`. - -`children_display_names` -: The list of management group children display names. - -`children_ids` -: The list of management group children IDs. - -`children_names` -: The list of management group children names. - -`children_types` -: The list of management group children types. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/managementgroups/management-groups/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test Tenant ID, Parent Name, Children Display Name - -```ruby -describe azure_management_group(group_id: 'ABC-1234', recurse: true, expand: 'CHILDREN') do - its('tenant_id') { should eq('00000000-0000-0000-0000-000000000000') } - its('parent_name') { should eq('MyGroupsParentName') } - its('children_display_names') { should include('I am a child of the group!') } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_management_group.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_management_group(name: 'ABCD-1234') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_management_group(name: 'ABCD-1234') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_management_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_management_groups.md deleted file mode 100644 index 9badb91035..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_management_groups.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_management_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_management_groups" -identifier = "inspec/resources/azure/azure_management_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_management_groups` InSpec audit resource to test the properties and configuration of multiple Azure management groups. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_management_groups` resource block returns management groups for the authenticated user. - -```ruby -describe azure_management_groups do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`types` -: A list of types of all the resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that a named Management Group exists - -```ruby -describe azure_management_groups do - its('names') { should include('ABCD-1234') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect at least one management group to exist. - -describe azure_management_groups do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect zero matches. - -describe azure_management_groups do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mariadb_server.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mariadb_server.md deleted file mode 100644 index a0e00720f8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mariadb_server.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azure_mariadb_server Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mariadb_server" -identifier = "inspec/resources/azure/azure_mariadb_server Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mariadb_server` InSpec audit resource to test the properties and configuration of an Azure MariaDB Server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_mariadb_server(resource_group: 'RESOURCE_GROUP', name: 'EXAMPLE_SERVER') do - it { should exist } -end -``` - -```ruby -describe azure_mariadb_server(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.DBforMariaDB/servers/{serverName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the MariaDB server to test. - -`server_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -`firewall_rules_api_version` -: The endpoint api version for the `firewall_rules` property. The latest version will be used unless provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `server_name` - -## Properties - -`firewall_rules` -: A list of all firewall rules in the targeted server. - -`sku` -: The SKU (pricing tier) of the server. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/mariadb/servers/get#server) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a MariaDB server is referenced with a valid name - -```ruby -describe azure_mariadb_server(resource_group: 'RESOURCE_GROUP', name: 'SQL-SERVER-1') do - it { should exist } -end -``` - -### Test if a MariaDB server is referenced with an invalid name - -```ruby -describe azure_mariadb_server(resource_group: 'RESOURCE_GROUP', name: 'I-DONT-EXIST') do - it { should_not exist } -end -``` - -### Test if a MariaDB server has firewall rules set - -```ruby -describe azure_mariadb_server(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('firewall_rules') { should_not be_empty } -end -``` - -### Test a MariaDB server's location and maximum replica capacity - -```ruby -describe azure_mariadb_server(resource_id: '/subscriptions/.../my-server') do - its('properties.replicaCapacity') { should cmp 2 } - its('location') { should cmp 'westeurope' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_mariadb_server(resource_group: 'RESOURCE_GROUP, server_name: 'SQL-SERVER-1') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_mariadb_server(resource_group: 'RESOURCE_GROUP', server_name: 'SQL-SERVER-1') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mariadb_servers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mariadb_servers.md deleted file mode 100644 index 769929096a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mariadb_servers.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "azure_mariadb_servers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mariadb_servers" -identifier = "inspec/resources/azure/azure_mariadb_servers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mariadb_servers` InSpec audit resource to test the properties and configuration of multiple Azure MariaDB Servers. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_mariadb_servers` resource block returns all Azure MariaDB Servers within a resource group (if provided) or the entire subscription. - -```ruby -describe azure_mariadb_servers do - #... -end -``` - -Or - -```ruby -describe azure_mariadb_servers(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`skus` -: A list of the SKUs (pricing tiers) of the servers. - -: **Field**: `sku` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -**Check MariaDB Servers are present.** - -```ruby -describe azure_mariadb_servers do - it { should exist } - its('names') { should include 'MY-SERVER-NAME' } -end -``` - -### Filters the results to include only those servers that have the specified name (Client Side Filtering) - -```ruby -describe azure_mariadb_servers.where{ name.include?('production') } do - it { should exist } -end -``` - -### Filters the results to include only those servers which reside in a specified location (Client Side Filtering) - -```ruby -describe azure_mariadb_servers.where{ location.eql?('westeurope') } do - it { should exist } -end -``` - -### Filters the results to include only those servers which reside in a specified location and has the specified name (Server Side Filtering - Recommended) - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.DBforMariaDB/servers', substring_of_name: 'production', location: 'westeurope') do - it {should exist} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_mariadb_servers do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_pricing.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_pricing.md deleted file mode 100644 index 042158eec5..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_pricing.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "azure_microsoft_defender_pricing Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_microsoft_defender_pricing" -identifier = "inspec/resources/azure/azure_microsoft_defender_pricing Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_microsoft_defender_pricing` Chef InSpec audit resource to test the properties of a Microsoft Defender for Cloud pricing configuration. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_microsoft_defender_pricing(name: 'DEFENDER_PRICING_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: The name of the resource. - -## Properties - -`id` -: The ID of the resource. - -`name` -: The name of the resource. - -`type` -: The resource type. - -`properties.deprecated` -: True if the plan is deprecated. If there are replacing plans, they will appear in `replacedBy` property. - -`properties.freeTrialRemainingTime` -: The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S). - -`properties.pricingTier` -: The pricing tier value. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - -`properties.replacedBy` -: List of plans that replace this plan. This property exists only if this plan is deprecated. - -`properties.subPlan` -: The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. - -See the [Azure documentation on Defender for Cloud pricing configuration](https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/get) for additional information. You may access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a name exists - -This resource does not have any examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. - -```ruby -describe azure_microsoft_defender_pricing(name: 'DEFENDER_PRICING_NAME') do - it { should exist } -end -``` - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_microsoft_defender_pricing(name: 'DEFENDER_PRICING_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_pricings.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_pricings.md deleted file mode 100644 index 4599f06f34..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_pricings.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_microsoft_defender_pricings Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_microsoft_defender_pricings" -identifier = "inspec/resources/azure/azure_microsoft_defender_pricings Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_microsoft_defender_pricings` Chef InSpec audit resource to test the properties of multiple Microsoft Defender for Cloud pricing configurations. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_microsoft_defender_pricings do - #... -end -``` - -## Parameters - -No required parameters. - -## Properties - -`ids` -: The ID of the resource. - -: **Field**: `id` - -`names` -: The name of the resource. - -: **Field**: `name` - -`types` -: The type of the resource. - -: **Field**: `type` - -`freeTrialRemainingTimes` -: The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S). - -: **Field**: `properties.freeTrialRemainingTime` - -`pricingTiers` -: The pricing tier value. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - -: **Field**: `properties.pricingTier` - -`subPlans` -: The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. - -: **Field**: `properties.subPlan` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -See the [Azure documentation on Defender for Cloud pricing configuration](https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/list) for additional information. You may access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -This resource does not have any examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control passes if the filter returns at least one result. - -```ruby -describe azure_microsoft_defender_pricings do - it { should exist } -end -``` - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_microsoft_defender_pricings do - it { should_not exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_security_contact.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_security_contact.md deleted file mode 100644 index fe7b9ae0a8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_security_contact.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "azure_microsoft_defender_security_contact Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_microsoft_defender_security_contact" -identifier = "inspec/resources/azure/azure_microsoft_defender_security_contact Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_microsoft_defender_security_contact` Chef InSpec audit resource to test the properties of a Microsoft Defender for Cloud Security Contact configuration. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_microsoft_defender_security_contact(name: 'SECURITY_CONTACT_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: The name of the resource. - -## Properties - -`id` -: The ID of the resource. - -`name` -: The name of the resource. - -`type` -: The resource type. - -`properties.notificationsByRole.roles` -: Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. - -`properties.notificationsByRole.state` -: Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. - -`properties.emails` -: List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. - -`properties.phone` -: The security contact's phone number. - -`properties.alertNotifications.state` -: Defines if email notifications will be sent about new security alerts. - -`properties.alertNotifications.minimalSeverity` -: Defines the minimal alert severity which will be sent as email notifications. - -See the [Azure documentation on Defender for Cloud Security Contact configuration](https://learn.microsoft.com/en-us/rest/api/defenderforcloud/security-contacts/get?tabs=HTTP) for additional information. You may access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a name exists - -```ruby -describe azure_microsoft_defender_security_contact(name: 'SECURITY_CONTACT_NAME') do - its('name') { should eq 'SECURITY_CONTACT_NAME' } -end -``` - -### Test if a type exists - -```ruby -describe azure_microsoft_defender_security_contact(name: 'SECURITY_CONTACT_NAME') do - its('type') { should eq 'Microsoft.Security/securityContacts' } -end -``` - -### Test if a notification by role state exists - -```ruby -describe azure_microsoft_defender_security_contact(name: 'SECURITY_CONTACT_NAME') do - its('properties.notificationsByRole.state') { should eq 'On' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. - -```ruby -describe azure_microsoft_defender_security_contact(name: 'SECURITY_CONTACT_NAME') do - it { should exist } -end -``` - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_microsoft_defender_security_contact(name: 'SECURITY_CONTACT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_setting.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_setting.md deleted file mode 100644 index ba4d574a74..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_setting.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "azure_microsoft_defender_setting Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_microsoft_defender_setting" -identifier = "inspec/resources/azure/azure_microsoft_defender_setting Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_microsoft_defender_setting` Chef InSpec audit resource to test the properties of a Microsoft Defender for Cloud Setting configuration. - -## Syntax - -```ruby -describe azure_microsoft_defender_setting(name: 'SETTING_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: The name of the resource. - -## Properties - -`id` -: The ID of the resource. - -`name` -: The name of the resource. - -`kind` -: The resource kind. - -`type` -: The resource type. - -`properties.enabled` -: Is the alert sync setting enabled. - -See the [Azure documentation on Defender for Cloud Settings configuration](https://learn.microsoft.com/en-us/rest/api/defenderforcloud/settings/get?tabs=HTTP) for additional information. You may access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a name exists - -This resource does not have any examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. - -```ruby -describe azure_microsoft_defender_setting(name: 'SETTING_NAME') do - it { should exist } -end -``` - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_microsoft_defender_setting(name: 'SETTING_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_settings.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_settings.md deleted file mode 100644 index 9f673d6333..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_microsoft_defender_settings.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "azure_microsoft_defender_settings Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_microsoft_defender_settings" -identifier = "inspec/resources/azure/azure_microsoft_defender_settings Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_microsoft_defender_settings` Chef InSpec audit resource to test the properties of multiple Microsoft Defender for Cloud Settings configurations. - -## Syntax - -```ruby -describe azure_microsoft_defender_settings do - it { should exist } -end -``` - -## Parameters - -No required parameters. - -## Properties - -`ids` -: The ID of the resource. - -: **Field**: `id` - -`names` -: The name of the resource. - -: **Field**: `name` - -`types` -: The type of the resource. - -: **Field**: `type` - -`kinds` -: The kind of the resource. - -: **Field**: `kind` - -`properties` -: The properties of the resource. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -See the [Azure documentation on Defender for Cloud Settings configuration](https://learn.microsoft.com/en-us/rest/api/defenderforcloud/settings/list?tabs=HTTP) for additional information. You may access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -This resource does not have any examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control passes if the filter returns at least one result. - -```ruby -describe azure_microsoft_defender_settings do - it { should exist } -end -``` - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_microsoft_defender_settings do - it { should_not exist } -end -``` - -## Azure Permissions - -Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment.md deleted file mode 100644 index 2e74b63cf8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "azure_migrate_assessment Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment" -identifier = "inspec/resources/azure/azure_migrate_assessment Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment` InSpec audit resource to test the properties related to the Azure Migrate assessment. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name`, `resource_group`, `project_name`, and `group_name` are required parameters. - -```ruby -describe azure_migrate_assessment(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', group_name: 'GROUP_NAME', NAME: 'ASSESSMENT_NAME') do - it { should exist } - its('name') { should cmp 'ASSESSMENT_NAME' } - its('type') { should cmp 'Microsoft.Migrate/assessmentprojects/groups/assessments' } -end -``` - -```ruby -describe azure_migrate_assessment(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', group_name: 'GROUP_NAME', NAME: 'ASSESSMENT_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate assessment to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate assessment project. - -`group_name` -: Unique name of a group within a project. - -The parameter set should be provided for a valid query are `resource_group`, `project_name`, `group_name`, and `name`. - -## Properties - -`id` -: Path reference to the assessment. - -`name` -: Unique name of an assessment. - -`type` -: Object type. - -`eTag` -: For optimistic concurrency control. - -`properties` -: Properties of the assessment. - -`properties.azureDiskType` -: Storage type selected for this disk. - -`properties.currency` -: Currency to report the prices. - -`properties.sizingCriterion` -: Assessment sizing criterion. - -`properties.reservedInstance` -: Azure reserved instance. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/assessment/assessments/get) for a full list of available properties. Access any attribute in the response by separating the key names with a period (`.`). - -## Examples - -### Test that the migrate assessments have a minimum scaling factor - -```ruby -describe azure_migrate_assessment(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', group_name: 'GROUP_NAME', NAME: 'ASSESSMENT_NAME') do - its('properties.scalingFactor') { should eq 1.0 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate Assessment is found, it will exist. - -describe azure_migrate_assessment(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', group_name: 'GROUP_NAME', NAME: 'ASSESSMENT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Migrate Assessments are not found, it will not exist. - -describe azure_migrate_assessment(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', group_name: 'GROUP_NAME', NAME: 'ASSESSMENT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_group.md deleted file mode 100644 index 5297575199..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_group.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_migrate_assessment_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment_group" -identifier = "inspec/resources/azure/azure_migrate_assessment_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment_group` InSpec audit resource to test the properties related to an Azure Migrate assessment group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name`, `project_name`, and `resource_group` are required parameters. - -```ruby -describe azure_migrate_assessment_group(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'GROUP_NAME') do - it { should exist } - its('name') { should eq 'GROUP_NAME' } - its('type') { should cmp 'Microsoft.Migrate/assessmentProjects/groups' } -end -``` - -```ruby -describe azure_migrate_assessment_group(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'GROUP_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate assessment group to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate assessment project. - -The parameter set that should be provided for a valid query is `resource_group`, `project_name`, and `name`. - -## Properties - -`id` -: Path reference to the group. - -`name` -: Name of the group. - -`type` -: Object type. - -`eTag` -: For optimistic concurrency control. - -`properties` -: Properties of the group. - -`properties.areAssessmentsRunning` -: If the assessments are in a running state. - -`properties.assessments` -: List of references to assessments created on this group. - -`properties.machineCount` -: Number of machines part of this group. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/assessment/groups/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the migrate assessment group has at least five machines - -```ruby -describe azure_migrate_assessment_group(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'GROUP_NAME') do - its('properties.machineCount') { should be >= 5 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate Assessment Group is found, it will exist. - -describe azure_migrate_assessment_group(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'GROUP_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Migrate Assessment Group is not found, it will not exist. - -describe azure_migrate_assessment_group(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'GROUP_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_groups.md deleted file mode 100644 index 37a8a1ee0f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_groups.md +++ /dev/null @@ -1,159 +0,0 @@ -+++ -title = "azure_migrate_assessment_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment_groups" -identifier = "inspec/resources/azure/azure_migrate_assessment_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment_groups` InSpec audit resource to test the properties related to all Azure Migrate assessment groups within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_assessment_groups` resource block returns all Azure Migrate assessment groups within a project. - -```ruby -describe azure_migrate_assessment_groups(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate assessment project. - -The parameter set that should be provided for a valid query is `resource_group` and `project_name`. - -## Properties - -`ids` -: Path reference to all the groups. - -: **Field**: `id` - -`names` -: Unique names for all groups. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`eTags` -: A list of eTags for all the groups. - -: **Field**: `eTag` - -`properties` -: A list of properties for all the groups. - -: **Field**: `properties` - -`areAssessmentsRunnings` -: A list of boolean describing the assessment run state. - -: **Field**: `areAssessmentsRunning` - -`assessments` -: List of references to assessments created on this group. - -: **Field**: `assessments` - -`createdTimestamps` -: List of creation times of the groups. - -: **Field**: `createdTimestamp` - -`groupStatuses` -: List of creation status of the groups. - -: **Field**: `groupStatus` - -`groupTypes` -: List of group types. - -: **Field**: `groupType` - -`machineCounts` -: List of machine counts. - -: **Field**: `machineCount` - -`updatedTimestamps` -: List of updated timestamps of the groups. - -: **Field**: `updatedTimestamp` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through migrate assessment groups by their names - -```ruby -azure_migrate_assessment_groups(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').names.each do |name| - describe azure_migrate_assessment_group(resource_group: `RESOURCE_GROUP`, project_name: `PROJECT_NAME`, name: `NAME`) do - it { should exist } - end -end -``` - -### Test that the assessments are running for migrating assessment groups - -```ruby -describe azure_migrate_assessment_groups(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where(areAssessmentsRunning: true) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Migrate Assessment groups are present in the project. - -describe azure_migrate_assessment_groups(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate Assessment groups in the project. - -describe azure_migrate_assessment_groups(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_machine.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_machine.md deleted file mode 100644 index b5126acf99..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_machine.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "azure_migrate_assessment_machine Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment_machine" -identifier = "inspec/resources/azure/azure_migrate_assessment_machine Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment_machine` InSpec audit resource to test the properties related to an Azure Migrate assessment machine. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name`, `project_name`, and `resource_group` are required parameters. - -```ruby -describe azure_migrate_assessment_machine(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME' name: 'MIGRATE_ASSESSMENT_MACHINE_NAME') do - it { should exist } - its('name') { should eq 'zoneA_machines_migrate_assessment' } - its('type') { should eq 'Microsoft.Migrate/assessmentprojects/machines' } -end -``` - -```ruby -describe azure_migrate_assessment_machine(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME' name: 'MIGRATE_ASSESSMENT_MACHINE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: Name of the Azure Migrate assessment machine to test. - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`project_name` _(required)_ - -: The Azure Migrate Assessment project. - -## Properties - -`id` -: Path reference to the assessment. - -`name` -: Unique name of an assessment. - -`type` -: Type of the object. `Microsoft.Migrate/assessmentprojects/machines`. - -`eTag` -: For optimistic concurrency control. - -`properties` -: Properties of the assessment. - -`properties.bootType` -: Boot type of machine. - -`properties.megabytesOfMemory` -: Memory in Megabytes. - -`properties.numberOfCores` -: Processor count. - -`properties.operatingSystemType` -: Operating system type of the machine. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/assessment/machines/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the boot migrate assessment machine - -```ruby -describe azure_migrate_assessment_machine(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME', name: 'MIGRATE_ASSESSMENT_MACHINE_NAME') do - its('properties.bootType') { should eq 'BIOS' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a migrate assessment machine is found, it exists. - -describe azure_migrate_assessment_machine(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME' name: 'MIGRATE_ASSESSMENT_MACHINE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If migrate assessment machine is not found, it does not exist. - -describe azure_migrate_assessment_machine(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME' name: 'MIGRATE_ASSESSMENT_MACHINE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_machines.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_machines.md deleted file mode 100644 index f2ba493083..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_machines.md +++ /dev/null @@ -1,204 +0,0 @@ -+++ -title = "azure_migrate_assessment_machines Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment_machines" -identifier = "inspec/resources/azure/azure_migrate_assessment_machines Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment_machines` InSpec audit resource to test the properties related to all Azure Migrate assessment machines within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_assessment_machines` resource block returns all Azure Migrate assessment machines within a project. - -```ruby -describe azure_migrate_assessment_machines(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`project_name` _(required)_ - -: The Azure Migrate Assessment project. - -## Properties - -`ids` -: Path reference to the assessment machines. - -: **Field**: `id` - -`names` -: Unique names for all assessment machines. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`eTags` -: A list of eTags for all the assessment machines. - -: **Field**: `eTag` - -`properties` -: A list of properties for all the assessment machines. - -: **Field**: `properties` - -`bootTypes` -: A list of boot machines. - -: **Field**: `bootType` - -`createdTimestamps` -: Time when this machine is created. - -: **Field**: `createdTimestamp` - -`datacenterManagementServerArmIds` -: A list of ARM IDs of the data center as tracked by the `Microsoft.OffAzure`. - -: **Field**: `datacenterManagementServerArmId` - -`datacenterManagementServerNames` -: Name of the servers hosting the data center management solution. - -: **Field**: `datacenterManagementServerName` - -`descriptions` -: Descriptions of all the machines. - -: **Field**: `description` - -`discoveryMachineArmIds` -: A list of ARM IDs of the machine as tracked by the `Microsoft.OffAzure`. - -: **Field**: `discoveryMachineArmId` - -`disks` -: Dictionary of disks attached to all the machines. The key is disk ID. Value is a disk object. - -: **Field**: `disks` - -`displayNames` -: User readable names of all the machines as defined by the user in their private data center. - -: **Field**: `displayName` - -`groups` -: A List of references to the groups where the machine is a member. - -: **Field**: `groups` - -`megabytesOfMemories` -: A list of memories in Megabytes. - -: **Field**: `megabytesOfMemory` - -`networkAdapters` -: Dictionary of network adapters attached to all the machines. The key is the network adapter ID. Value is a network adapter object. - -: **Field**: `networkAdapters` - -`numberOfCores` -: Processor counts. - -: **Field**: `numberOfCores` - -`operatingSystemTypes` -: Operating system types of all the machines. - -: **Field**: `operatingSystemType` - -`operatingSystemNames` -: Operating system names of all the machines. - -: **Field**: `operatingSystemName` - -`operatingSystemVersions` -: Operating system versions of all the machines. - -: **Field**: `operatingSystemVersion` - -`updatedTimestamps` -: Time when the machines are last updated. - -: **Field**: `updatedTimestamp` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through migrate assessment machines by their names - -```ruby -azure_migrate_assessment_machines(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME').names.each do |name| - describe azure_migrate_assessment_machine(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME', group_name: 'MACHINE_GROUP_NAME', name: name) do - it { should exist } - end -end -``` - -### Test that there are migrate assessment machines with BIOS boot type - -```ruby -describe azure_migrate_assessment_machines(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME').where(bootType: 'BIOS') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no migrate assessment machines are present in the project and the resource group. - -describe azure_migrate_assessment_machines(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one migrate assessment machine in the project and the resource group. - -describe azure_migrate_assessment_machines(resource_group: 'RESOURCE_GROUP', project_name: 'MIGRATE_ASSESSMENT_PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_project.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_project.md deleted file mode 100644 index 5101a71f2a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_project.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "azure_migrate_assessment_project Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment_project" -identifier = "inspec/resources/azure/azure_migrate_assessment_project Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment_project` InSpec audit resource to test the properties related to an Azure Migrate assessment project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_migrate_assessment_project(resource_group: 'RESOURCE_GROUP', name: 'ASSESSMENT_PROJECT_NAME') do - it { should exist } - its('name') { should cmp 'ASSESSMENT_PROJECT_NAME' } - its('type') { should cmp 'Microsoft.Migrate/assessmentprojects' } -end -``` - -```ruby -describe azure_migrate_assessment_project(resource_group: 'RESOURCE_GROUP', name: 'ASSESSMENT_PROJECT_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate assessment project to test. - -`resource_group` -: Azure resource group where the targeted project resides. - -The parameter set that should be provided for a valid query is `resource_group` and `name`. - -## Properties - -`id` -: Path reference to the project. - -`name` -: Project name. - -`type` -: Type of the object. - -`eTag` -: For optimistic concurrency control. - -`properties` -: Properties of the project. - -`location` -: Azure location in which the project is created. - -`properties.assessmentSolutionId` -: Assessment solution ARM ID tracked by `Microsoft.Migrate/migrateProjects`. - -`properties.customerStorageAccountArmId` -: The ARM ID of the storage account is used for interactions when public access is disabled. - -`properties.privateEndpointConnections` -: The list of private endpoint connections to the project. - -`properties.numberOfMachines` -: Number of machines in the project. - -`tags` -: Tags provided by Azure Tagging service. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to the [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/assessment/projects/get) for other available properties. Access any attribute in the response by separating the key names with a period (`.`). - -## Examples - -### Test that the migrate assessment project has a minimum scaling factor - -```ruby -describe azure_migrate_assessment_project(resource_group: 'RESOURCE_GROUP', name: 'ASSESSMENT_PROJECT_NAME') do - its('properties.numberOfGroups') { should eq 2 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate Assessment project is found, it will exist. - -describe azure_migrate_assessment_project(resource_group: 'RESOURCE_GROUP', name: 'ASSESSMENT_PROJECT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Migrate Assessment project is not found, it will not exist. - -describe azure_migrate_assessment_project(resource_group: 'RESOURCE_GROUP', name: 'ASSESSMENT_PROJECT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_projects.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_projects.md deleted file mode 100644 index d3b3965859..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessment_projects.md +++ /dev/null @@ -1,203 +0,0 @@ -+++ -title = "azure_migrate_assessment_projects Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessment_projects" -identifier = "inspec/resources/azure/azure_migrate_assessment_projects Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessment_projects` InSpec audit resource to test the properties related to all Azure Migrate assessment projects within a subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_assessment_projects` resource block returns all Azure Migrate projects within a subscription. - -```ruby -describe azure_migrate_assessment_projects do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: Path reference to the projects. - -: **Field**: `id` - -`names` -: Name of the projects. - -: **Field**: `name` - -`types` -: Type of the project. - -: **Field**: `type` - -`eTags` -: A list of eTags for all the assessments. - -: **Field**: `eTag` - -`locations` -: Azure locations in which the project is created. - -: **Field**: `location` - -`tags` -: A list of Tags provided by Azure Tagging service. - -: **Field**: `tags` - -`properties` -: A list of Properties for all the projects. - -: **Field**: `properties` - -`assessmentSolutionIds` -: Assessment solution ARM IDs tracked by `Microsoft.Migrate/migrateProjects`. - -: **Field**: `assessmentSolutionId` - -`createdTimestamps` -: Times when this project is created. Date-Time is represented in ISO-8601 format. - -: **Field**: `createdTimestamp` - -`customerStorageAccountArmIds` -: The ARM IDs of the storage account used for interactions when public access is disabled. - -: **Field**: `customerStorageAccountArmId` - -`customerWorkspaceIds` -: The ARM IDs of the service map workspace created by customer. - -: **Field**: `customerWorkspaceId` - -`customerWorkspaceLocations` -: Locations of the service map workspace created by customer. - -: **Field**: `customerWorkspaceLocation` - -`lastAssessmentTimestamps` -: Times when the last assessment is created. - -: **Field**: `lastAssessmentTimestamp` - -`numberOfAssessments` -: Number of assessments created in the project. - -: **Field**: `numberOfAssessments` - -`numberOfGroups` -: Number of groups created in all the projects. - -: **Field**: `numberOfGroups` - -`numberOfMachines` -: Number of machines in all the projects. - -: **Field**: `numberOfMachines` - -`privateEndpointConnections` -: The list of private endpoint connections to the projects. - -: **Field**: `privateEndpointConnections` - -`projectStatuses` -: Assessment project statuses. - -: **Field**: `projectStatus` - -`provisioningStates` -: Provisioning states of all the projects. - -: **Field**: `provisioningState` - -`publicNetworkAccesses` -: Public network access for all the projects. - -: **Field**: `publicNetworkAccess` - -`serviceEndpoints` -: Service endpoints of all the projects. - -: **Field**: `serviceEndpoint` - -`updatedTimestamps` -: Times when this project is last updated. - -: **Field**: `updatedTimestamp` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through migrate assessment projects by their names - -```ruby -azure_migrate_assessment_projects.names.each do |name| - describe azure_migrate_assessment_project(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test to ensure that migrate assessment projects in West Europe location - -```ruby -describe azure_migrate_assessment_projects.where(location: 'westeurope') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Migrate Assessment projects are present in the subscription. - -describe azure_migrate_assessment_projects do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate Assessment project in the subscription. - -describe azure_migrate_assessment_projects do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessments.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessments.md deleted file mode 100644 index 2867bfc091..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_assessments.md +++ /dev/null @@ -1,276 +0,0 @@ -+++ -title = "azure_migrate_assessments Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_assessments" -identifier = "inspec/resources/azure/azure_migrate_assessments Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_assessments` InSpec audit resource to test the properties related to all Azure Migrate assessments within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_assessments` resource block returns all Azure Migrate assessments within a project. - -```ruby -describe azure_migrate_assessments(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate assessments project name. - -The parameter set that should be provided for a valid query are `resource_group` and `project_name`. - -## Properties - -`ids` -: Path reference to the assessments. - -: **Field**: `id` - -`names` -: Unique names for all assessments. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`eTags` -: A list of eTags for all the assessments. - -: **Field**: `eTag` - -`properties` -: A list of Properties for all the assessments. - -: **Field**: `properties` - -`azureDiskTypes` -: Storage type selected for the disk of all the assessments. - -: **Field**: `azureDiskType` - -`azureHybridUseBenefits` -: A HUB discount on windows virtual machines for all the assessments. - -: **Field**: `azureHybridUseBenefit` - -`azureLocations` -: Target Azure locations for which the machines should be assessed. - -: **Field**: `azureLocation` - -`azureOfferCodes` -: Offer codes according to which cost estimation is done. - -: **Field**: `azureOfferCode` - -`azurePricingTiers` -: Pricing tiers for size evaluation. - -: **Field**: `azurePricingTier` - -`azureStorageRedundancies` -: Storage redundancy types offered by Azure. - -: **Field**: `azureStorageRedundancy` - -`azureVmFamilies` -: List of azure VM families. - -: **Field**: `azureVmFamilies` - -`confidenceRatingInPercentages` -: Confidence rating percentages for assessment. - -: **Field**: `confidenceRatingInPercentage` - -`createdTimestamps` -: Time when this project is created. - -: **Field**: `createdTimestamp` - -`currencies` -: Currencies to report the prices. - -: **Field**: `currency` - -`discountPercentages` -: Custom discount percentages to be applied to final costs. - -: **Field**: `discountPercentage` - -`eaSubscriptionIds` -: Enterprise agreement subscription arm IDs. - -: **Field**: `eaSubscriptionId` - -`monthlyBandwidthCosts` -: Monthly network cost estimates for the machines. - -: **Field**: `monthlyBandwidthCost` - -`monthlyComputeCosts` -: Monthly compute cost estimates for the machines. - -: **Field**: `monthlyComputeCost` - -`monthlyPremiumStorageCosts` -: Monthly premium storage cost estimates for the machines. - -: **Field**: `monthlyPremiumStorageCost` - -`monthlyStandardSSDStorageCosts` -: Monthly standard SSD storage cost estimates for the machines. - -: **Field**: `monthlyStandardSSDStorageCost` - -`monthlyStorageCosts` -: Monthly storage cost estimates for the machines. - -: **Field**: `monthlyStorageCost` - -`numberOfMachines` -: Number of assessed machines part of the assessments. - -: **Field**: `numberOfMachines` - -`percentiles` -: Percentiles of performance data used to recommend Azure size. - -: **Field**: `percentile` - -`perfDataEndTimes` -: End times to consider performance data for assessments. - -: **Field**: `perfDataEndTime` - -`perfDataStartTimes` -: Start times to consider performance data for assessments. - -: **Field**: `perfDataStartTime` - -`pricesTimestamps` -: Times when the Azure Prices are queried. - -: **Field**: `pricesTimestamp` - -`reservedInstances` -: Azure reserved instances. - -: **Field**: `reservedInstance` - -`scalingFactors` -: Scaling factors used over utilization data to add a performance buffer for new machines to be created in Azure. - -: **Field**: `scalingFactor` - -`sizingCriterions` -: Assessment sizing criteria. - -: **Field**: `sizingCriterion` - -`stages` -: User configurable setting that describes the status of the assessments. - -: **Field**: `stage` - -`statuses` -: Whether the assessments have been created and are valid. - -: **Field**: `status` - -`timeRanges` -: Time ranges of performance data used to recommend a size. - -: **Field**: `timeRange` - -`updatedTimestamps` -: Times when the project is last updated. - -: **Field**: `updatedTimestamp` - -`vmUptimes` -: Specify the durations for which the VMs are up in the on-premises environment. - -: **Field**: `vmUptime` - -Refer to the [Azure Migrate assements documentation](https://docs.microsoft.com/en-us/rest/api/migrate/assessment/assessments/list-by-project) for additional information. - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through migrate assessments by their names - -```ruby -azure_migrate_assessments(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME'.names.each do |name| - describe azure_container_group (resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', group_name: 'GROUP_NAME', name: name) do - it { should exist } - end -end -``` - -### Test to ensure migrate assessments exist with local redundancy - -```ruby -describe azure_migrate_assessments(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where(azureStorageRedundancy: 'LocallyRedundant') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Migrate Assessments are present in the project and the resource group. - -describe azure_migrate_assessments(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate Assessment in the project and the resource group. - -describe azure_migrate_assessments(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project.md deleted file mode 100644 index a47fdbc318..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_migrate_project Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project" -identifier = "inspec/resources/azure/azure_migrate_project Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project` InSpec audit resource to test the properties related to an Azure Migrate project. - -## Azure Rest API Version, Endpoint, and HTTP Client Parameters - -This resource interacts with API versions supported by the resource provider. The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. For more information, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md" >}}). - -Unless defined, `azure_cloud` global endpoint and default values for the HTTP client will be used. For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure/blob/main/README.md). - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_migrate_project(resource_group: 'RESOURCE_GROUP', name: 'PROJECT_NAME') do - it { should exist } - its('name') { should eq 'zoneA_migrate_project' } - its('type') { should eq 'Microsoft.Migrate/MigrateProjects' } -end -``` - -```ruby -describe azure_migrate_project(resource_group: 'RESOURCE_GROUP', name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate project to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -The parameter set that should be provided for a valid query is `resource_group` and `name`. - -## Properties - -`id` -: Path reference to the Migrate project. - -`eTag` -: The eTag for concurrency control. - -`name` -: Unique name of a Migrate project. - -`type` -: Type of the object. `Microsoft.Migrate/MigrateProject`. - -`properties` -: The nested properties. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/migrate-projects/get-migrate-project) for other available properties. - -Any attribute in the response nested within properties may be accessed with the key names separated by dots (`.`), and attributes nested in the assessment data are pluralized and listed as a collection. - -## Examples - -### Test that The Migrate project has a server instance type - -```ruby -describe azure_migrate_project(resource_group: 'RESOURCE_GROUP', name: 'PROJECT_NAME') do - its('properties.summary.servers.instanceType') { should eq 'Servers' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate project is found, it exists. - -describe azure_migrate_project(resource_group: 'RESOURCE_GROUP', name: 'PROJECT_NAME') do - it { should exist } -end - -# If Migrate project is not found, it does not exist. - -describe azure_migrate_project(resource_group: 'RESOURCE_GROUP', name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database.md deleted file mode 100644 index 9331047b01..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "azure_migrate_project_database Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_database" -identifier = "inspec/resources/azure/azure_migrate_project_database Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_database` InSpec audit resource to test the properties related to an Azure Migrate Project database. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` is a required parameter and `resource_group` is an optional parameter. - -```ruby -describe azure_migrate_project_database(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_DB_NAME') do - it { should exist } - its('name') { should eq 'PROJECT_DB_NAME' } - its('type') { should eq 'Microsoft.Migrate/MigrateProjects/Databases' } - its('solutionNames') { should include 'MIGRATEDBSOLUTION' } -end -``` - -```ruby -describe azure_migrate_project_database(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_DB_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate project database to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate assessment project. - -The parameter set should be provided for a valid query are `resource_group`, `project_name`, and `name`. - -## Properties - -`id` -: Path reference to the migrate project database. - -`name` -: Unique name of a migrate project database. - -`type` -: Type of the object. `Microsoft.Migrate/MigrateProjects/Databases`. - -`properties` -: Properties of the assessment. - -`properties.assessmentData` -: Assessment details of the database published by various sources. - -`assessmentIds` -: The database assessment scope/IDs. - -`migrationBlockersCounts` -: The number of blocking changes found. - -`breakingChangesCounts` -: The number of breaking changes found. - -`assessmentTargetTypes` -: The assessed target database types. - -`solutionNames` -: The names of the solutions that sent the data. - -`instanceIds` -: The database servers' instance IDs. - -`databaseNames` -: The name of the databases. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/databases/get-database) for other available properties. Any attribute in the response nested within properties is accessed with the key names separated by dots (`.`), and attributes nested in the assessmentData are pluralized and listed as a collection. - -## Examples - -### Test that Migrate Project database has a SQL 'assessmentTargetType' - -```ruby -describe azure_migrate_project_database(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_DB_NAME') do - its('assessmentTargetTypes') { should include 'SQL' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate Project database is found, it will exist. - -describe azure_migrate_project_database(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_DB_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if Migrate Project Database is not found, it will not exist. - -describe azure_migrate_project_database(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_DB_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database_instance.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database_instance.md deleted file mode 100644 index 7b303bcd6e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database_instance.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "azure_migrate_project_database_instance Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_database_instance" -identifier = "inspec/resources/azure/azure_migrate_project_database_instance Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_database_instance` InSpec audit resource to test the properties of a single Azure Migrate Project database instance. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_migrate_project_database_instance(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'DB_NAME') do - it { should exist } - its('name') { should eq 'sql_db' } - its('type') { should eq 'Microsoft.Migrate/MigrateProjects/DatabaseInstances' } - its('solutionNames') { should include 'migrateDBSolution' } -end -``` - -```ruby -describe azure_migrate_project_database_instance(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'DB_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: Unique name of a database in Azure migration hub. - -`resource_group` _(required)_ - -: Name of the Azure Resource Group where the migrate project is part. - -`project_name` _(required)_ - -: Name of the Azure Migrate project. - -## Properties - -`id` -: Path reference to the Migrate project database instance. - -`name` -: Unique name of an Migrate project database instance. - -`type` -: Type of the object. `Microsoft.Migrate/MigrateProjects/Databases`. - -`properties` -: The properties of the machine. - -`properties.discoveryData` -: The assessment details of the database instance published by various sources. - -`properties.summary` -: The database instances summary per solution. - -`enqueueTimes` -: The time when the message was enqueued. - -`extendedInfos` -: The extended properties of the database server. - -`hostNames` -: The host names of the database servers. - -`instanceIds` -: The database instance IDs. - -`instanceNames` -: The database instance names. - -`instanceTypes` -: The database instance types. - -`instanceVersions` -: The database instance versions. - -`ipAddresses` -: The IP addresses of the database server. IP addresses could be IPv4 or IPv6. - -`lastUpdatedTimes` -: The time of the last modification of the database instance details. - -`portNumbers` -: The port numbers of the database server. - -`solutionNames` -: The names of the solution that sent the data. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/databases/get-database) for other available properties. - -Any attribute in the response nested within properties may be accessed with the key names separated by dots (`.`), and attributes nested in the assessment data is pluralized and listed as a collection. - -## Examples - -### Test that the Migrate Project database instance has a SQL instanceType - -```ruby -describe azure_migrate_project_database_instance(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'DB_NAME') do - its('instanceTypes') { should include 'SQL' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate Project database instance is found, it will exist. - -describe azure_migrate_project_database_instance(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'DB_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Migrate Project database instance is not found, it will not exist. - -describe azure_migrate_project_database_instance(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'DB_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database_instances.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database_instances.md deleted file mode 100644 index b1e73d708f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_database_instances.md +++ /dev/null @@ -1,184 +0,0 @@ -+++ -title = "azure_migrate_project_database_instances Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_database_instances" -identifier = "inspec/resources/azure/azure_migrate_project_database_instances Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_database_instances` InSpec audit resource to test the properties of all Azure Migrate Project database instances in a migrate project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_project_database_instances` resource block returns all Azure Migrate project database instances within a project. - -```ruby -describe azure_migrate_project_database_instances(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ - -: Name of the Azure Resource Group where the migrate project is part. - -`project_name` _(required)_ - -: Name of the Azure Migrate project. - -## Properties - -`ids` -: Path reference to the project database instances. - -: **Field**: `id` - -`names` -: Unique names for all project database instances. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`properties` -: A list of properties for all the project database instances. - -: **Field**: `properties` - -`discoveryDatas` -: The assessment details of the database published by various sources. - -: **Field**: `assessmentData` - -`summaries` -: The database instances summaries per solution. - -: **Field**: `summary` - -`lastUpdatedTimes` -: The time of the last modification of the database instance details. - -: **Field**: `lastUpdatedTime` - -`enqueueTimes` -: The time when the message was enqueued. - -: **Field**: `enqueueTimes` - -`extendedInfos` -: The extended properties of the database servers. - -: **Field**: `extendedInfos` - -`hostNames` -: The host names of the database servers. - -: **Field**: `hostNames` - -`instanceIds` -: The database instance IDs. - -: **Field**: `instanceIds` - -`instanceNames` -: The database instance names. - -: **Field**: `instanceNames` - -`instanceTypes` -: The database instance types. - -: **Field**: `instanceTypes` - -`instanceVersions` -: The database instance versions. - -: **Field**: `instanceVersions` - -`ipAddresses` -: The IP addresses of the database server. IP addresses could be IPV4 or IPV6. - -: **Field**: `ipAddresses` - -`portNumbers` -: The port numbers of the database server. - -: **Field**: `portNumbers` - -`solutionNames` -: The names of the solution that sent the data. - -: **Field**: `solutionNames` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Migrate Project database instances by their names - -```ruby -azure_migrate_project_database_instances(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').names.each do |name| - describe azure_migrate_project_database_instance(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: name) do - it { should exist } - end -end -``` - -### Test that there are Migrate Project database instances that are of SQL instance types - -```ruby -describe azure_migrate_project_database_instances(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where{ instanceTypes.include?('SQL') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Migrate Project database instances are present in the project and the resource group. - -describe azure_migrate_project_database_instances(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate project database instance in the project and the resource group. - -describe azure_migrate_project_database_instances(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_databases.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_databases.md deleted file mode 100644 index 45e9f91593..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_databases.md +++ /dev/null @@ -1,194 +0,0 @@ -+++ -title = "azure_migrate_project_databases Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_databases" -identifier = "inspec/resources/azure/azure_migrate_project_databases Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_databases` InSpec audit resource to test the properties of all Azure Migrate Project databases within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_project_databases` resource block returns all Azure Migrate Project databases within a project. - -```ruby -describe azure_migrate_project_databases(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate Project. - -The parameter set should be provided for a valid query is`resource_group` and `project_name`. - -## Properties - -`ids` -: Path reference to the project databases. - -: **Field**: `id` - -`names` -: Unique names for all project databases. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`properties` -: A list of Properties for all the project databases. - -: **Field**: `properties` - -`assessmentDatas` -: The assessment details of the database published by various sources. - -: **Field**: `assessmentData` - -`assessmentIds` -: The database assessment scopes/IDs. - -: **Field**: `assessmentId` - -`assessmentTargetTypes` -: The assessed target database types. - -: **Field**: `assessmentTargetType` - -`breakingChangesCounts` -: The number of breaking changes found. - -: **Field**: `breakingChangesCount` - -`compatibilityLevels` -: The compatibility levels of the database. - -: **Field**: `compatibilityLevel` - -`databaseNames` -: The database names. - -: **Field**: `databaseName` - -`databaseSizeInMBs` -: The sizes of the databases. - -: **Field**: `databaseSizeInMB` - -`enqueueTimes` -: The list of times the message is enqueued. - -: **Field**: `enqueueTime` - -`extendedInfos` -: The extended properties of all the database. - -: **Field**: `extendedInfo` - -`instanceIds` -: The database server instance IDs. - -: **Field**: `instanceId` - -`isReadyForMigrations` -: The values indicating whether the database is ready for migration. - -: **Field**: `isReadyForMigration` - -`lastAssessedTimes` -: The time when the databases were last assessed. - -: **Field**: `lastAssessedTime` - -`lastUpdatedTimes` -: The time of the last modifications of the database details. - -: **Field**: `lastUpdatedTime` - -`migrationBlockersCounts` -: The number of blocking changes found. - -: **Field**: `migrationBlockersCount` - -`solutionNames` -: The names of the solution that sent the data. - -: **Field**: `solutionName` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Migrate Project databases by their names - -```ruby -azure_migrate_project_databases(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').names.each do |name| - describe azure_migrate_project_database(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'NAME') do - it { should exist } - end -end -``` - -### Test there are Migrate Project databases are ready for migration - -```ruby -describe azure_migrate_project_databases(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where{ isReadyForMigration.include?(true) } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Migrate Project databases are present in the project and the resource group. - -describe azure_migrate_project_databases(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate project databases in the project and the resource group. - -describe azure_migrate_project_databases(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_event.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_event.md deleted file mode 100644 index 2445eba048..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_event.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_migrate_project_event Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_event" -identifier = "inspec/resources/azure/azure_migrate_project_event Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_event` InSpec audit resource to test the properties related to an Azure Migrate project event. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `project_name`, and `name` are required parameters. - -```ruby -describe azure_migrate_project_event(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_EVENT_NAME') do - it { should exist } - its('properties.instanceType') { should eq 'SERVERS' } -end -``` - -```ruby -describe azure_migrate_project_event(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_EVENT_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate Project event to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate Assessment Project name. - -The parameter set should be provided for a valid query is `resource_group`, `project_name`, and `name`. - -## Properties - -`id` -: Path reference to the Migrate project event. - -`name` -: Unique name of a Migrate project event. - -`type` -: Type of the object. `Microsoft.Migrate/MigrateProjects/Databases`. - -`properties` -: Properties of the assessment. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/events/get-event) for other available properties. - -Any attribute in the response nested within properties is accessed with the key names separated by dots (`.`), and attributes nested in the assessmentData are pluralized and listed as a collection. - -## Examples - -### Test that the Migrate project event is of servers 'instanceType' - -```ruby -describe azure_migrate_project_event(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_EVENT_NAME') do - its('properties.instanceType') { should eq 'SERVERS' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a migrate project event is found, it will exist. - -describe azure_migrate_project_event(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_EVENT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if migrate project event is not found, it will not exist. - -describe azure_migrate_project_event(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_EVENT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_events.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_events.md deleted file mode 100644 index 05aec1b4ca..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_events.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "azure_migrate_project_events Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_events" -identifier = "inspec/resources/azure/azure_migrate_project_events Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_events` InSpec audit resource to test the properties related to all Azure Migrate project events within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_project_events` resource block returns all Azure Migrate project events within a project. - -```ruby -describe azure_migrate_project_events(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate Project. - -The parameter set that should be provided for a valid query is `resource_group` and `project_name`. - -## Properties - -`ids` -: Path reference to the project events. - -: **Field**: `id` - -`names` -: Unique names for all project events. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`properties` -: A list of properties for all the project events. - -: **Field**: `properties` - -`instanceTypes` -: The instance types. - -: **Field**: `instanceType` - -`machines` -: The machines for which the error is reported. - -: **Field**: `machine` - -`errorCodes` -: The error codes. - -: **Field**: `errorCode` - -`errorMessages` -: The error messages. - -: **Field**: `errorMessage` - -`recommendations` -: The recommendations for the error. - -: **Field**: `recommendation` - -`possibleCauses` -: The possible causes for the error. - -: **Field**: `possibleCause` - -`solutions` -: The solutions for which the error is reported. - -: **Field**: `solution` - -`clientRequestIds` -: The client request IDs of the payload for which the event is reported. - -: **Field**: `clientRequestId` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -For more details on the available properties, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/events/enumerate-events). - -## Examples - -### Loop through Migrate Project events by their names - -```ruby -azure_migrate_project_events(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').names.each do |name| - describe azure_migrate_project_event(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: `PROJECT_EVENT_NAME`) do - it { should exist } - end -end -``` - -### Test that there are Migrate Project events for databases - -```ruby -describe azure_migrate_project_events(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where(instanceType: 'Databases') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### not_exists - -```ruby -# Should not exist if no migrate project events are present in the project and the resource group. - -describe azure_migrate_project_events(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -### exists - -```ruby -# Should exist if the filter returns at least one migrate project event in the project and the resource group. - -describe azure_migrate_project_events(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_machine.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_machine.md deleted file mode 100644 index 5353899c25..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_machine.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "azure_migrate_project_machine Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_machine" -identifier = "inspec/resources/azure/azure_migrate_project_machine Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_machine` InSpec audit resource to test the properties related to an Azure Migrate Project machine. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `project_name`, and `name` are required parameters. - -```ruby -describe azure_migrate_project_machine(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_MACHINE_NAME') do - it{ should exist } - its('properties.discoveryData') { should_not be_empty } - its('properties.discoveryData.first') { should include({ osType: 'WINDOWSGUEST' }) } -end -``` - -```ruby -describe azure_migrate_project_machine(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_MACHINE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate Project machine to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate Assessment Project name. - -The parameter set that must be provided for a valid query is `resource_group`, `project_name`, and `name`. - -## Properties - -`id` -: Path reference to the Migrate Project machine. - -`name` -: Unique name of a Migrate Project machine. - -`type` -: Type of the object. `Microsoft.Migrate/MigrateProjects/Databases`. - -`properties` -: Properties of the assessment. - -`properties.assessmentData` -: The assessment details of the machine published by various sources. - -`properties.discoveryData` -: The discovery details of the machine published by various sources. - -`properties.migrationData` -: The migration details of the machine published by various sources. - -`properties.lastUpdatedTime` -: The time of the last modification of the machine. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/machines/get-machine) for other available properties. - -Any attribute in the response nested within properties may be accessed with the key names separated by dots (`.`), and attributes nested in the **assessmentData** are pluralized and listed as a collection. - -## Examples - -### Test that the Migrate Project machine has a Windows OS - -```ruby -describe azure_migrate_project_machine(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_MACHINE_NAME') do - its('properties.discoveryData.first') { should include({ osType: 'WINDOWSGUEST' }) } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a migrate project machine is found, it will exist. - -describe azure_migrate_project_machine(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_MACHINE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If migrate project machine is not found, it will not exist. - -describe azure_migrate_project_machine(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_MACHINE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_machines.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_machines.md deleted file mode 100644 index d51257c36e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_machines.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azure_migrate_project_machines Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_machines" -identifier = "inspec/resources/azure/azure_migrate_project_machines Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_machines` InSpec audit resource to test the properties related to all Azure Migrate Project machines within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_project_machines` resource block returns all Azure Migrate Project machines within a project. - -```ruby -describe azure_migrate_project_machines(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate project name. - -The parameter set that should be provided for a valid query is `resource_group` and `project_name`. - -## Properties - -`ids` -: Path reference to the project machines. - -: **Field**: `id` - -`names` -: Unique names for all project machines. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`properties` -: A list of properties for all the project machines. - -: **Field**: `properties` - -`discoveryData` -: The discovery details of all the machines published by various sources. - -: **Field**: `discoveryData` - -`assessmentData` -: The assessment details of all the machines published by various sources. - -: **Field**: `assessmentData` - -`migrationData` -: The migration details of all the machines published by various sources. - -: **Field**: `migrationData` - -`lastUpdatedTimes` -: The times of the last modification of all the machines. - -: **Field**: `lastUpdatedTime` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Migrate Project machines by their names - -```ruby -azure_migrate_project_machines(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').names.each do |name| - describe azure_migrate_project_machine(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: `NAME`) do - it { should exist } - end -end -``` - -### Test that there are Migrate Project machines with Windows OS - -```ruby -describe azure_migrate_project_machines(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where{ discoveryData.detect{ |data| data[:osType] == 'WINDOWSGUEST' } } do - it { should exist } -end -``` - -### Test that the Migrate Project machines are of BIOS boot type - -```ruby -describe azure_migrate_project_machines(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where{ discoveryData.detect{ |data| data[:extendedInfo][:bootType] == 'BIOS' } } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Migrate Project machines are present in the project and the resource group. - -describe azure_migrate_project_machines(resource_group: 'migrate_vms', project_name: 'zoneA_migrate_project') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Migrate Project machine in the project and the resource group. - -describe azure_migrate_project_machines(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_solution.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_solution.md deleted file mode 100644 index 70fc312b28..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_solution.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azure_migrate_project_solution Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_solution" -identifier = "inspec/resources/azure/azure_migrate_project_solution Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_solution` InSpec audit resource to test the properties related to an Azure Migrate Project solution. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_migrate_project_solution(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_SOLUTION_NAME') do - it { should exist } - its('name') { should cmp 'PROJECT_SOLUTION_NAME' } - its('type') { should cmp 'Microsoft.Migrate/MigrateProjects/Solutions' } -end -``` - -```ruby -describe azure_migrate_project_solution(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_SOLUTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Migrate project solution to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate project. - -The parameter set should be provided for a valid query is`resource_group`, `project_name`, and `name`. - -## Properties - -`id` -: Path reference to the project solution. - -`name` -: Unique name of the project solution. - -`type` -: Object type. `Microsoft.Migrate/MigrateProjects/Solutions`. - -`eTag` -: For optimistic concurrency control. - -`properties` -: Properties of the project Solution. - -`properties.cleanupState` -: The cleanup state of the solution. - -`properties.details` -: The details of the solution. - -`properties.summary` -: The summary of the solution. - -`properties.purpose` -: The purpose of the solution. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/migrate/projects/solutions/get-solution) for other available properties. Any attribute in the response is accessed with the key names separated by dots (`.`). - -## Examples - -### Test that the Migrate Project solution is defined for assessment - -```ruby -describe azure_migrate_project_solution(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_SOLUTION_NAME') do - its('properties.purpose') { should eq 'ASSESSMENT' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Migrate Project solution is found, it will exist. - -describe azure_migrate_project_solution(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_SOLUTION_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Migrate Project solutions are not found, it will not exist. - -describe azure_migrate_project_solution(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: 'PROJECT_SOLUTION_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_solutions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_solutions.md deleted file mode 100644 index 9d286969be..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_migrate_project_solutions.md +++ /dev/null @@ -1,194 +0,0 @@ -+++ -title = "azure_migrate_project_solutions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_migrate_project_solutions" -identifier = "inspec/resources/azure/azure_migrate_project_solutions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_migrate_project_solutions` InSpec audit resource to test the properties related to all Azure Migrate Project solutions within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_migrate_project_solutions` resource block returns all Azure Migrate Project solutions within a project. - -```ruby -describe azure_migrate_project_solutions(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`project_name` -: Azure Migrate Project. - -The parameter set that should be provided for a valid query is `resource_group` and `project_name`. - -## Properties - -`ids` -: Path reference to the project solutions. - -: **Field**: `id` - -`names` -: Unique names for all project solutions. - -: **Field**: `name` - -`types` -: Type of the objects. - -: **Field**: `type` - -`eTags` -: A list of eTags for all the project solutions. - -: **Field**: `eTag` - -`properties` -: A list of properties for all the project solutions. - -: **Field**: `properties` - -`tools` -: The tool used in all the solutions. - -: **Field**: `tool` - -`purposes` -: The purpose of all the solutions. - -: **Field**: `purpose` - -`goals` -: The goals of all the solutions. - -: **Field**: `goal` - -`statuses` -: The current status of all the solutions. - -: **Field**: `status` - -`cleanupStates` -: The cleanup states of all the solutions. - -: **Field**: `cleanupState` - -`summaries` -: The summary of all the solutions. - -: **Field**: `summary` - -`details` -: The details of all the solutions. - -: **Field**: `details` - -`instanceTypes` -: The Instance types. - -: **Field**: `instanceType` - -`databasesAssessedCounts` -: The count of databases assessed. - -: **Field**: `databasesAssessedCount` - -`databaseInstancesAssessedCounts` -: The count of database instances assessed. - -: **Field**: `databaseInstancesAssessedCount` - -`migrationReadyCounts` -: The count of databases ready for migration. - -: **Field**: `migrationReadyCount` - -`groupCounts` -: The count of groups reported by all the solutions. - -: **Field**: `groupCount` - -`assessmentCounts` -: The count of assessments reported by all the solutions. - -: **Field**: `assessmentCount` - -`extendedDetails` -: The extended details reported by all the solutions. - -: **Field**: `extendedDetails` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Migrate Project solutions by their names - -```ruby -azure_migrate_project_solutions(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').names.each do |name| - describe azure_migrate_project_solution(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME', name: name) do - it { should exist } - end -end -``` - -### Test to ensure the Migrate Project solutions for assessment - -```ruby -describe azure_migrate_project_solutions(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME').where(purpose: 'Assessment') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### not_exists - -```ruby -# Should not exist if no Migrate Project solutions are present in the project and the resource group. - -describe azure_migrate_project_solutions(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should_not exist } -end -``` - -### exists - -```ruby -# Should exist if the filter returns at least one Migrate Project solution in the project and the resource group. - -describe azure_migrate_project_solutions(resource_group: 'RESOURCE_GROUP', project_name: 'PROJECT_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_activity_log_alert.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_activity_log_alert.md deleted file mode 100644 index 5a6e3917ab..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_activity_log_alert.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azure_monitor_activity_log_alert Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_monitor_activity_log_alert" -identifier = "inspec/resources/azure/azure_monitor_activity_log_alert Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_monitor_activity_log_alert` InSpec audit resource to test the properties of an Azure Monitor Activity Log Alert. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_monitor_activity_log_alert` resource block identifies an Azure Monitor Activity Log Alert by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_monitor_activity_log_alert(resource_group: 'RESOURCE_GROUP', name: 'ALERT_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_monitor_activity_log_alert(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/microsoft.insights/activityLogAlerts/{activityLogAlertName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the Activity Log Alert to test. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`operations` -: The list of operations. `['Microsoft.Authorization/policyAssignments/write']`. - -`conditions` -: The list of activity log alert conditions that will cause this alert to activate. - -`scopes` -: A list of resource ID prefixes. The alert will only apply to activity logs with resource IDs that fall under one of these prefixes. - -`enabled?` -: Indicates whether this activity log alert is enabled. Valid values are `true` or `false`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get#activitylogalertresource) for other available properties. - -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test an Activity Log Alert has the correct operation - -```ruby -describe azure_monitor_activity_log_alert(resource_group: 'RESOURCE_GROUP', name: 'ALERT_NAME') do - its('operations') { should include 'Microsoft.Authorization/policyAssignments/write' } -end -``` - -### Test the scope of an Activity Log Alert - -```ruby -describe azure_monitor_activity_log_alert(resource_group: 'RESOURCE_GROUP', name: 'ALERT_NAME') do - its('scopes') { should include 'subscriptions/{SUBSCRIPTION_ID}' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### enabled - -Test if a resource is enabled. If an activity log alert is not enabled, then none of its actions will be activated. - -```ruby -describe azure_monitor_activity_log_alert(resource_group: 'RESOURCE_GROUP', name: 'ALERT_NAME') do - it { should be_enabled } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_monitor_activity_log_alert(resource_group: 'RESOURCE_GROUP', name: 'ALERT_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_monitor_activity_log_alert(resource_group: 'RESOURCE_GROUP', name: 'ALERT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_activity_log_alerts.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_activity_log_alerts.md deleted file mode 100644 index 16444ccaf4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_activity_log_alerts.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "azure_monitor_activity_log_alerts Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_monitor_activity_log_alerts" -identifier = "inspec/resources/azure/azure_monitor_activity_log_alerts Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_monitor_activity_log_alerts` InSpec audit resource to test the properties and configuration of multiple Azure Monitor Activity Log Alerts. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_monitor_activity_log_alerts` resource block returns all activity log alerts within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_monitor_activity_log_alerts do - it { should exist } -end -``` - -Or - -```ruby -describe azure_monitor_activity_log_alerts(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`location` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`operations` -: A list of operations for all the resources being interrogated. - -: **Field**: `operations` - -`resource_group` -: Azure resource group where the targeted resource resides. - -: **Field**: `resource_group` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that a subscription has the named activity log alert - -```ruby -describe azure_monitor_activity_log_alerts do - its('names') { should include('ExampleLogAlert') } -end -``` - -**Loop through all resources with `resource_id`.** - -```ruby -azure_monitor_activity_log_alerts.ids.each do |id| - describe azure_monitor_activity_log_alert(resource_id: id) do - it { should be_enabled } - end -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have activity log alerts. - -describe azure_monitor_activity_log_alerts(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group not to have activity log alerts. - -describe azure_monitor_activity_log_alerts(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_log_profile.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_log_profile.md deleted file mode 100644 index b9cb6ed3ce..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_log_profile.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azure_monitor_log_profile Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_monitor_log_profile" -identifier = "inspec/resources/azure/azure_monitor_log_profile Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_monitor_log_profile` InSpec audit resource to test the properties and configuration of an Azure Log profile. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` or the `resource_id` are required parameters. - -```ruby -describe azure_monitor_log_profile(name: 'LOG_PROFILE') do - it { should exist } -end -``` - -```ruby -describe azure_monitor_log_profile(resource_id: '/subscriptions/{subscriptionId}/providers/microsoft.insights/logprofiles/{logProfileName}') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the log profile to test. - -`resource_id` -: The unique resource ID. - -## Properties - -`retention_policy` -: The retention policy for the events in the log with [these](https://docs.microsoft.com/en-us/rest/api/monitor/logprofiles/get#retentionpolicy) properties. - -`retention_days` -: The number of days for the log retention in days. A value of `0` means that the events will be retained indefinitely. - -`storage_account` -: A hash containing the `name` and the `resouce_group` of the storage account in which the activity logs are kept. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/monitor/logprofiles/get#logprofileresource) for other available properties. - -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a Log profile is referenced with a valid name - -```ruby -describe azure_monitor_log_profile(name: 'LOG_PROFILE') do - it { should exist } -end -``` - -### Test if a Log profile is referenced with an invalid name - -```ruby -describe azure_monitor_log_profile(name: 'i-dont-exist') do - it { should_not exist } -end -``` - -### Test the retention days of a Log profile - -```ruby -describe azure_monitor_log_profile(name: 'LOG_PROFILE') do - its('retention_days') { should be 90 } -end -``` - -### Test the storage account of a Log profile - -```ruby -describe azure_monitor_log_profile(resource_id: '/subscriptions/{subscriptionId}/providers/microsoft.insights/logprofiles/{logProfileName}') do - its('storage_account') { should eql(resource_group: 'RESOURCE_GROUP', name: 'STORAGE_ACCOUNT') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_log_retention_enabled - -Test whether the log retention is enabled. - -```ruby -describe azure_monitor_log_profile(name: 'LOG_PROFILE') do - it { should have_log_retention_enabled } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_monitor_log_profile(name: 'LOG_PROFILE') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_monitor_log_profile(name: 'LOG_PROFILE') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_log_profiles.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_log_profiles.md deleted file mode 100644 index 0c5f0e8fbf..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_monitor_log_profiles.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_monitor_log_profiles Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_monitor_log_profiles" -identifier = "inspec/resources/azure/azure_monitor_log_profiles Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_monitor_log_profiles` InSpec audit resource to test the properties and configuration of multiple Azure Log profiles. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_monitor_log_profiles` resource block returns all Azure Log profiles within an entire subscription. - -```ruby -describe azure_monitor_log_profiles do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific Log profile is present - -```ruby -describe azure_monitor_log_profiles do - its('names') { should include 'LOG_PROFILE' } -end -``` - -### Filter the results by the 'name' property if it includes a certain string - -```ruby -describe azure_monitor_log_profiles.where{ name.include?('production') } do - it { should exist } -end -``` - -### Filter the results to include only those Log profiles that retention policy is enabled - -```ruby -describe azure_monitor_log_profiles.where{ properties.dig(:retentionPolicy, :enabled) == true } do - it { should exist } - its('count') { should be 4 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_monitor_log_profiles do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_database.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_database.md deleted file mode 100644 index 2893396b3f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_database.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azure_mysql_database Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mysql_database" -identifier = "inspec/resources/azure/azure_mysql_database Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mysql_database` InSpec audit resource to test the properties and configuration of an Azure MySQL Database on a MySQL Server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `server_name` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_mysql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_mysql_database(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforMySQL/servers/{serverName}/databases/{databaseName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server on which the database resides. - -`name` -: The unique name of the database. - -`database_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `server_name`, and `name` -- `resource_group`, `server_name`, and `database_name` - -## Properties - -`properties.charset` -: The charset of the database. - -For properties applicable to all resources, such as `type`, `tags`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/mysql/flexibleserver/databases/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the resource name - -```ruby -describe azure_mysql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'NAME') do - its('name') { should be 'order-db' } -end -``` - -```ruby -describe azure_mysql_database(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforMySQL/servers/{serverName}/databases/order-db') do - its('name') { should be 'order-db' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_mysql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_mysql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_databases.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_databases.md deleted file mode 100644 index 65f4d9c3eb..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_databases.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azure_mysql_databases Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mysql_databases" -identifier = "inspec/resources/azure/azure_mysql_databases Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mysql_databases` InSpec audit resource to test the properties and configuration of Azure MySQL Databases. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and `server_name` are required parameters. - -```ruby -describe azure_mysql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server in which the database resides. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check resources are present - -```ruby -describe azure_mysql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } - its('names') { should include 'my-db' } -end -``` - -### Filter the results to include only those with names match the specified string value - -```ruby -describe azure_mysql_databases.(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME').where{ name.eql?('production-db') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect resources to exist. - -describe azure_mysql_databases(resource_group: 'EXAMPLEGROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect resources not to exist. - -describe azure_mysql_databases(resource_group: 'EXAMPLEGROUP', server_name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server.md deleted file mode 100644 index 52f5393d1e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "azure_mysql_server Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mysql_server" -identifier = "inspec/resources/azure/azure_mysql_server Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mysql_server` InSpec audit resource to test the properties and configuration of an Azure MySQL server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_mysql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_mysql_server(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.DBforMySQL/servers/{serverName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the MySql server to test. - -`server_name` -: Name of the MySql server to test. This is for backward compatibility. Use `name` instead. - -`resource_id` -: The unique resource ID. - -`firewall_rules_api_version` -: The endpoint API version for the `firewall_rules` property. The latest version will be used unless provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `server_name` - -## Properties - -`firewall_rules` -: A list of all firewall rules in the targeted server. - -`sku` -: The SKU (pricing tier) of the server. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/mysql/singleserver/servers(2017-12-01)/get) for other available properties. - -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a MySQL server is referenced with a valid name - -```ruby -describe azure_mysql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -### Test if a MySQL server is referenced with an invalid name - -```ruby -describe azure_mysql_server(resource_group: 'RESOURCE_GROUP', name: 'i-dont-exist') do - it { should_not exist } -end -``` - -### Test if a MySQL server has firewall rules set - -```ruby -describe azure_mysql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - its('firewall_rules') { should_not be_empty } -end -``` - -### Test a MySQL server's fully qualified domain name, location, and public network access status - -```ruby -describe azure_mysql_server(resource_id: '/subscriptions/.../my-server') do - its('properties.fullyQualifiedDomainName') { should eq 'my-server.mysql.database.azure.com' } - its('properties.publicNetworkAccess') { should cmp 'Enabled' } - its('location') { should cmp 'westeurope' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -describe azure_mysql_server(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME-1') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server_configuration.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server_configuration.md deleted file mode 100644 index 1db9968d8d..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server_configuration.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azure_mysql_database_configuration Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mysql_database_configuration" -identifier = "inspec/resources/azure/azure_mysql_database_configuration Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mysql_database_configuration` InSpec audit resource to test the properties of an Azure MySQL Database Configuration on a MySQL Database Server. - -## Syntax - -`resource_group`, `server_name` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_mysql_database_configuration(resource_id: 'RESOURCE_ID') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server on which the database resides. - -`name` -: The unique name of the database configuration. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `server_name`, and `name` - -## Properties - -`id` -: The id of the resource. - -`name` -: The name of the resource. - -`type` -: The type of the resource. - -`properties.allowedValues` -: Allowed values of the configuration. - -`properties.dataType` -: Data type of the configuration. - -`properties.defaultValue` -: Default value of the configuration. - -`properties.description` -: Description of the configuration. - -`properties.source` -: Source of the configuration. - -`properties.value` -: Value of the configuration. - - -For properties applicable to all resources, such as `type`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://learn.microsoft.com/en-us/rest/api/mysql/singleserver/configurations/get?tabs=HTTP) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the resource name - -```ruby -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do - its('name') { should be 'CONFIGURATION_NAME' } -end -``` - -```ruby -describe azure_mysql_database_configuration(resource_id: 'RESOURCE_ID') do - its('name') { should be 'CONFIGURATION_NAME' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do - it { should exist } -end -``` - -```ruby -# If we expect the resource to never exist. -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server_configurations.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server_configurations.md deleted file mode 100644 index 905828a41c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_server_configurations.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "azure_mysql_database_configurations Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mysql_database_configurations" -identifier = "inspec/resources/azure/azure_mysql_database_configurations Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mysql_database_configurations` InSpec audit resource to test the properties of an Azure MySQL Database Configuration on a MySQL Database Server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and `server_name` are required parameters. - -```ruby -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server in which the database resides. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check resources are present - -```ruby -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } - its('names') { should include 'my-db' } -end -``` - -### Filter the results to include only those with names match the specified string value - -```ruby -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME').where{ name.eql?('user-override') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect resources to exist. - -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -```ruby -# If we expect resources not to exist. - -describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_servers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_servers.md deleted file mode 100644 index 12972b7c84..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_mysql_servers.md +++ /dev/null @@ -1,138 +0,0 @@ -+++ -title = "azure_mysql_servers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_mysql_servers" -identifier = "inspec/resources/azure/azure_mysql_servers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_mysql_servers` InSpec audit resource to test the properties and configuration of multiple Azure MySQL servers. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_mysql_servers` resource block returns all Azure MySQL servers within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_mysql_servers do - #... -end -``` - -Or - -```ruby -describe azure_mysql_servers(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`skus` -: A list of the SKUs (pricing tiers) of the servers. - -: **Field**: `sku` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check MySQL servers are present - -```ruby -describe azure_mysql_servers do - it { should exist } - its('names') { should include 'my-server-name' } -end -``` - -### Filters the results to include only those servers that have the specified name (Client Side Filtering) - -```ruby -describe azure_mysql_servers.where{ name.include?('production') } do - it { should exist } -end -``` - -### Filters the results to include only those servers which reside in a specified location (Client Side Filtering) - -```ruby -describe azure_mysql_servers.where{ location.eql?('westeurope') } do - it { should exist } -end -``` - -### Filters the results to include only those servers which reside in a specified location and have the specified name (Server Side Filtering - Recommended) - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.DBforMySQL/servers', substring_of_name: 'production', location: 'westeurope') do - it {should exist} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_mysql_servers do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_interface.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_interface.md deleted file mode 100644 index ac515666c7..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_interface.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "azure_network_interface Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_network_interface" -identifier = "inspec/resources/azure/azure_network_interface Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_network_interface` InSpec audit resource to test the properties and configuration of the Azure Network interface. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_network_interface` resource block identifies an AKS Cluster by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORKINTERFACENAME') do - it { should exist } -end -``` - -```ruby -describe azure_network_interface(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkInterfaces/{networkInterfaceName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the AKS cluster to test. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`primary?` -: Indicates whether this is a primary network interface on a virtual machine. - -`ip_configurations` -: A list of [IPConfigurations](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networkinterfaceipconfigurations/get#networkinterfaceipconfiguration) of the network interface. - -`private_ip` -: The private IP address of the interrogated network interface's primary IP configuration. - -`private_ip_address_list` -: A list of all the private IP addresses of the interrogated network interface. - -`has_private_address_ip?` -: Indicates whether the interrogated network interface has a private IP address. - -`public_ip` -: The public IP address ID of the interrogated network interface's primary IP configuration. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPAddresses/{publicIpAddressName}`. - -`public_ip_id_list` -: A list of all the public IP address IDs of the interrogated network interface. - -`has_public_address_ip?` -: Indicates whether the interrogated network interface has a public IP address. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networkinterfaces/get#networkinterface) for other available properties. - -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if IP forwarding is enabled - -```ruby -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - its('properties.enableIPForwarding') { should be_true } -end -``` - -### Test if the primary IP configuration is set to correct private IP address - -```ruby -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - its('private_ip') { should cmp '172.16.2.6' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### be_primary - -Tests if a network interface is the primary network interface on a virtual machine. - -```ruby -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - it {should be_primary} -end -``` - -### have_public_address_ip - -Test if a network interface has a public IP address. - -```ruby -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - it { should have_public_address_ip} -end -``` - -### have_private_address_ip - -Test if a network interface has a private IP address. - -```ruby -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - it { should have_private_address_ip} -end -``` - -### exists - -```ruby -# If we expect 'NETWORK_INTERFACE_NAME' to always exist. - -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'NETWORK_INTERFACE_NAME' to never exist. - -describe azure_network_interface(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_INTERFACE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_interfaces.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_interfaces.md deleted file mode 100644 index e734cf5ba3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_interfaces.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azure_network_interfaces Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_network_interfaces" -identifier = "inspec/resources/azure/azure_network_interfaces Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_network_interfaces` InSpec audit resource to test the properties and configuration of Azure Network interfaces. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_network_interfaces` resource block returns all Azure Network interfaces within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_network_interfaces do - #... -end -``` - -Or - -```ruby -describe azure_network_interfaces(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check network interfaces are present - -```ruby -describe azure_network_interfaces do - it { should exist } - its('names') { should include 'my-network-interface' } -end -``` - -### Filter the results to include only those with names that match the specified string value - -```ruby -describe azure_network_interfaces.where{ name.include?('my-network') } do - its('count') { should > 3 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have network interfaces. - -describe azure_network_interfaces(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group to not have network interfaces. - -describe azure_network_interfaces(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_security_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_security_group.md deleted file mode 100644 index cc14c029ed..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_security_group.md +++ /dev/null @@ -1,224 +0,0 @@ -+++ -title = "azure_network_security_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_network_security_group" -identifier = "inspec/resources/azure/azure_network_security_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_network_security_group` InSpec audit resource to test the properties of an Azure Network Security group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_network_security_group` resource block identifies a Network Security group by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_network_security_group(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/networkSecurityGroups/{nsgName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the Azure resource to test. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/networkSecurityGroups/{nsgName}`. - -`resource_data` -: In-memory cached Azure Network Security group data. Passing data to this parameter can increase performance since it avoids multiple network calls to the same Azure resource. When provided, it binds the values directly to the resource. Data passed to the `resource_data` parameter could be stale. It is the user's responsibility to refresh the data. - -Provide one of the following parameter sets for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_data` - -## Properties - -`security_rules` -: The set of security rules. - -`default_security_rules` -: The set of default security rules. - -`allow_ssh_from_internet*` -: A boolean value determined by analysing the security rules and default security rules for unrestricted SSH access. `it { should_not allow_ssh_from_internet }`. - -`allow_rdp_from_internet*` -: A boolean value determined by analysing the security rules and default security rules for unrestricted RDP access. `it { should_not allow_rdp_from_internet }`. - -`allow_port_from_internet*` -: A boolean value determined by analysing the security rules and default security rules for unrestricted access to a specified port. `it { should_not allow_port_from_internet('443') }`. - -`allow?**` -: Indicates if a provided criteria is complaint with the security rules including the default ones. `it { should allow(source_ip_range: '10.0.0.0/24'), direction: 'inbound' }`. - -`allowed?**` -: Alias for `allow?`. `it { should be_allowed(source_ip_range: '10.0.0.0/24'), direction: 'inbound' }`. - -`allow_in?**` -: Indicates if a provided criteria is complaint with the **inbound** security rules including the default ones. `it { should_not allow_in(service_tag: 'Internet') }`. - -`allowed_in?**` -: Alias for `allow_in?`. `it { should_not be_allowed_in(service_tag: 'Internet') }`. - -`allow_out?**` -: Indicates if a provided criteria is complaint with the **outbound** security rules including the default ones. `it { should_not allow_out(service_tag: 'Internet') }`. - -`allowed_out?**` -: Alias for `allow_out?`. `it { should_not be_allowed_out(service_tag: 'Internet') }`. - -* These properties do not take the priorities of security rules into account. For example, if suppose there are two security rules. In that case, one of them is allowing SSH from the internet while the other is prohibiting, `allow_ssh_from_internet` will pass without comparing the priority of the conflicting security rules. Therefore, it is recommended to use `allow`, `allow_in`, or `allow_out` properties with which the priorities are considered. - -** These properties do not compare criteria defined by explicit IP ranges with the security rules defined by [Azure service tags](https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview) and vice versa. - -For example, providing that a network security group has a single security rule allowing all traffic from the internet by using `Internet` service tag in the source will fail the `allow_in(ip_range: '64.233.160.0')` test due to incompatible source definitions. This is because the InSpec Azure resource pack has no control over which IP ranges are defined in Azure service tags. Therefore, tests using these methods should be written explicitly for service tags and IP ranges. For more information about network security groups and security rules, see the [Azure network security groups documentation](https://docs.microsoft.com/en-us/azure/virtual-network/security-overview). - -`*ip_range` used in these methods supports IPv4 and IPv6. The IP range criteria should be written in CIDR notation. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/get#networksecuritygroup) for other available properties. Any property in the response may be accessed with the key names separated by dots (`.`). - -## Examples - -### Test that a resource group has the specified Network Security group - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should exist } -end -``` - -### Test that a Network Security group allows SSH from the internet - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should allow_ssh_from_internet } -end -``` - -### Test that a Network Security group allows inbound traffics from a certain IP range in any port and protocol - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should allow(source_ip_range: '10.0.0.0/24', direction: 'inbound') } -**same test with the specific inbound rule check.** -end -``` - -### Test that a Network Security group allows inbound traffics from internet service tag in port `80` and `TCP` protocol - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should allow(source_service_tag: 'Internet', destination_port: '22', protocol: 'TCP', direction: 'inbound') } -**same test with the specific inbound rule check.** - -end -``` - -### Test that a Network Security group allows inbound traffics from virtual network service tag in a port range and protocol - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should allow(source_service_tag: 'VirtualNetwork', destination_port: %w{22 8080 56-78}, direction: 'inbound') } -**same test with the specific inbound rule check.** - -end -``` - -### Test that a Network Security group allows outbound traffics to a certain IP range in any port and protocol - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should allow(destination_ip_range: '10.0.0.0/24', direction: 'outbound') } -**same test with the specific outbound rule check.** - -end -``` - -### Loop through multiple Network Security groups and verify that each group does not allow inbound traffic from already cached data - -```ruby -azure_network_security_groups.entries.each do |azure_network_security_group_data| - describe azure_network_security_group(resource_data: azure_network_security_group_data) do - it { should_not allow(destination_ip_range: '10.0.0.0/24', direction: 'inbound') } -**same test with the specific outbound rule check.** - - end -end -``` - -{{< note >}} - -Please note that `allow` requires the `direction` parameter to be set to `inbound` or `outbound` and you must prefix the `ip_range`, `service_tag`, and `port` with `source_` or `destination_` identifiers. - -{{< /note >}} - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the resource returns a result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'GROUPNAME' to always exist. - -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYGROUPNAME' to never exist. - -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should_not exist } -end -``` -### Test that a Network Security group should not allow UDP from the internet - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - it { should_not allow_udp_from_internet } -end -``` -### Validating Number of days to retain flow log records. - -```ruby -describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'GROUP_NAME') do - its('flow_log_retention_period') { should eq 0 } -end -``` -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_security_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_security_groups.md deleted file mode 100644 index 63752c6367..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_security_groups.md +++ /dev/null @@ -1,140 +0,0 @@ -+++ -title = "azure_network_security_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_network_security_groups" -identifier = "inspec/resources/azure/azure_network_security_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_network_security_groups` InSpec audit resource to enumerate the Network Security groups. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_network_security_groups` resource block returns all Azure network security groups within a resource group or an entire subscription. - -```ruby -describe azure_network_security_groups do - #... -end -``` - -Or - -```ruby -describe azure_network_security_groups(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the network security groups. - -: **Field**: `location` - -`names` -: A list of all the network security group names. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`etags` -: A list of etags defined on the resources. - -: **Field**: `etag` - -`properties` -: A list of all properties of all the resources. - -: **Field**: `properties` -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that an example resource group has the named network security group - -```ruby -describe azure_network_security_groups(resource_group: 'EXAMPLEGROUP') do - its('names') { should include('ExampleNetworkSecurityGroup') } -end -``` - -### Filters the Network Security groups at Azure API to only those that match the specified name via a generic resource (Recommended) - -```ruby -**Fuzzy string matching.** - -describe azure_generic_resources(resource_provider: 'Microsoft.Network/networkSecurityGroups', substring_of_name: 'project_A') do - it { should exist } -end - -**Exact name matching.** - -describe azure_generic_resources(resource_provider: 'Microsoft.Network/networkSecurityGroups', name: 'project_A') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the resource returns a result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect the 'EXAMPLEGROUP' resource group to have Network Security groups. - -describe azure_network_security_groups(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the 'EmptyExampleGroup' resource group to not have Network Security groups. - -describe azure_network_security_groups(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_watcher.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_watcher.md deleted file mode 100644 index 553c9ed849..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_watcher.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "azure_network_watcher Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_network_watcher" -identifier = "inspec/resources/azure/azure_network_watcher Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_network_watcher` InSpec audit resource to test the properties of an Azure Network Watcher. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_network_watcher` resource block identifies a Network Watcher by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_network_watcher(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_WATCHER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_network_watcher(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkWatchers/{networkWatcherName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the network watcher resides. - -`name` -: Name of the network watcher to test. - -`resource_id` -: The unique resource ID. - -`flow_logs_api_version` -: The flow log status endpoint API version used for creating `flow_logs` property. The latest version will be used unless provided. A network security group within the same region can be targeted for getting the flow log statuses. For more information, see the [Azure Network Watchers Flow Log Status documentation](https://docs.microsoft.com/en-us/rest/api/network-watcher/networkwatchers/getflowlogstatus). - -`nsg_resource_id` -: The unique resource ID of the network security group being targeted to get the flow log statuses. `/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}`. - -`nsg_resource_group` -: The resource group of the network security group being targeted to get the flow log statuses. This requires `nsg_name` to be provided. - -`nsg_name` -: The name of the network security group being targeted to get the flow log statuses. This requires `nsg_resource_group` to be provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`provisioning_state` -: The provisioning state of the network watcher resource. For the valid values, see the [Azure Network Watchers ProvisioningState documentation](https://docs.microsoft.com/en-us/rest/api/network-watcher/networkwatchers/get#provisioningstate). - -`flow_logs` -: Information on the configuration of flow log and traffic analytics (optional) in [this format](https://docs.microsoft.com/en-us/rest/api/network-watcher/networkwatchers/getflowlogstatus#flowloginformation). All properties can be accessed via dot notation. For example, `flow_logs.properties.enabled`. This resource supports targeting network security groups defined at resource creation only. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-watcher/networkwatchers/get#networkwatcher) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the location of a Network Watcher - -```ruby -describe azure_network_watcher(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_WATCHER_NAME') do - its('location') { should cmp 'eastus' } -end -``` - -### Test the Flow Log status of a Network Security group - -```ruby -describe azure_network_watcher(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_WATCHER_NAME', nsg_resource_group: 'NSG_RESOURCE_GROUP', nsg_name: 'nsg_eastus') do - its('flow_logs.properties.enabled') { should be true } - its('flow_logs.properties.retentionPolicy.days') { should be >= 90 } -end -``` - -### Loop through Network Security groups with the resource ID - -```ruby -azure_network_security_groups.where(location: 'eastus').ids.each do |nsg_id| - describe azure_network_watcher(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_WATCHER_NAME', nsg_resource_id: nsg_id) do - its('flow_logs.properties.enabled') { should be true } - its('flow_logs.properties.retentionPolicy.days') { should be >= 90 } - end -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_network_watcher.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect 'NETWORKWATCHERNAME' to always exist. - -describe azure_network_watcher(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_WATCHER_NAME') do - it { should exist } -end - -# If we expect 'NETWORKWATCHERNAME' to never exist. - -describe azure_network_watcher(resource_group: 'RESOURCE_GROUP', name: 'NETWORK_WATCHER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_watchers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_watchers.md deleted file mode 100644 index 121eb7bbb3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_network_watchers.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_network_watchers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_network_watchers" -identifier = "inspec/resources/azure/azure_network_watchers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_network_watchers` InSpec audit resource to test the properties and configuration of multiple Azure Network Watchers. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_network_watchers` resource block returns all network watchers within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_network_watchers do - #... -end -``` - -or - -```ruby -describe azure_network_watchers(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that an example resource group has the named Network Watcher - -```ruby -describe azure_network_watchers(resource_group: 'EXAMPLEGROUP') do - its('names') { should include('NetworkWatcherName') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have Network Watchers. - -describe azure_network_watchers(resource_group: 'ExampleGroup') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group to not have Network Watchers. - -describe azure_network_watchers(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_assignments.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_assignments.md deleted file mode 100644 index e729666fb9..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_assignments.md +++ /dev/null @@ -1,163 +0,0 @@ -+++ -title = "azure_policy_assignments Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_assignments" -identifier = "inspec/resources/azure/azure_policy_assignments Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_assignments` InSpec resource to examine assignments of the Azure policy to resources and resource groups. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_policy_assignments do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -Please review the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/policy/policyassignments/list#policyassignment) for a full description of the available properties. - -`ids` -: The ID of this policy assignment. - -: **Filter**: id - -`types` -: The Azure resource type. - -: **Filter**: type - -`names` -: The names of the policy assignments. - -: **Filter**: name - -`locations` -: The locations of the policy assignments. - -: **Filter**: location - -`tags` -: The tags of the policy assignments. - -: **Filter**: tags - -`displayNames` -: The display names of the policy assignments. - -: **Filter**: displayName - -`policyDefinitionIds` -: The IDs of the policies being assigned by these policy assignments. - -: **Filter**: policyDefinitionId - -`scopes` -: The scope of the policy assignments (which resources they are being attached to). - -: **Filter**: scope - -`notScopes` -: The scopes which are excluded from these policy assignments (blocks inheritance). - -: **Filter**: notScopes - -`parameters` -: The override parameters passed to the base policy by this assignment. - -: **Filter**: parameters - -`enforcementMode` -: The enforcement modes of these policy assignments. - -: **Filter**: enforcementModes - -`assignedBys` -: The IDs that assigned these policies. - -: **Filter**: assignedBy - -`parameterScopes` -: Unknown - no data observed in this field in the wild. - -: **Filter**: parameterScopes - -`created_bys` -: The IDs that created these policy assignments. - -: **Filter**: created_by - -`createdOns` -: The dates these policy assignments were created (as a Ruby Time object). - -: **Filter**: createdOn - -`updatedBys` -: The IDs that updated these policy assignments. - -: **Filter**: updatedBy - -`updatedOns` -: The dates these policy assignments were updated (as a Ruby Time object). - -: **Filter**: updatedOn - -`identityPrincipalIds` -: The principal IDs of the associated managed identities. - -: **Filter**: identityPrincipalId - -`identityTenantIds` -: The tenant IDs of the associated managed identities. - -: **Filter**: identityTenantId - -`identityTypes` -: The identity types of the associated managed identities. - -: **Filter**: identityType - -## Examples - -### Check that all assigned policies are in enforcing mode - -```ruby -describe azure_policy_assignments.where{ enforcement_mode == 'DoNotEnforce' } do - it {should_not exist} - its('display_names') {should eq []} -end -``` - -### Check that no policies were modified in the last 30 days - -```ruby -last_30_days = Time.now() - (60*60*24*30) - -describe azure_policy_assignments.where{ (updatedOn > last_30_days) || (createdOn > last_30_days) } do - it {should_not exist} - its('ids') {should eq []} -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_definition.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_definition.md deleted file mode 100644 index 0dcce95abc..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_definition.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "azure_policy_definition Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_definition" -identifier = "inspec/resources/azure/azure_policy_definition Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_definition` InSpec audit resource to test the properties and configuration of an Azure Policy definition. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` or the `resource_id` are required parameters. - -```ruby -describe azure_policy_definition(name: 'MY_POLICY') do - it { should exist } -end -``` - -```ruby -describe azure_policy_definition(resource_id: '/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the policy definition. `policyDefinitionName`. - -`built_in` _Optional_ -: Indicates whether the policy definition is built-in. Defaults to `false` if not supplied. This should not be used when `resource_id` is provided. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `name` -- `name` and `built_in` - -## Properties - -`properties.description` -: The policy definition description. - -`properties.displayName` -: The display name of the policy definition. - -`properties.policyType` -: The type of policy definition. Possible values are `NotSpecified`, `BuiltIn`, `Custom`, and `Static`. - -`properties.policyRule` -: The policy rule. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/policy/policy-definitions/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test a policy definition display name - -```ruby -describe azure_policy_definition(name: 'MY_POLICY') do - its('properties.displayName') { should cmp "Enforce 'owner' tag on resource groups" } -end -``` - -### Test a policy definition rule - -```ruby -describe azure_policy_definition(name: 'MY_POLICY', built_in: true ) do - its('properties.policyRule.then.effect') { should cmp 'deny' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### custom - -Test if a policy definition type is `Custom` or not. - -```ruby -describe azure_policy_definition(name: 'MY_POLICY') do - it { should be_custom } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_policy_definition(name: 'MY_POLICY', built_in: true ) do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_policy_definition(name: 'MY_POLICY') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_definitions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_definitions.md deleted file mode 100644 index 542c758f1c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_definitions.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "azure_policy_definitions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_definitions" -identifier = "inspec/resources/azure/azure_policy_definitions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_definitions` InSpec audit resource to test the properties and configuration of multiple Azure Policy definitions. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_policy_definitions` resource block returns all policy definitions built-in (if `built_in_only: true`) or within a subscription. - -```ruby -describe azure_policy_definitions do - it { should exist } -end -``` - -Or - -```ruby -describe azure_policy_definitions(built_in_only: true) do - it { should exist } -end -``` - -## Parameters - -`built_in_only` _(optional)_ - -: Indicates whether the interrogated policy definitions are built-in only. Defaults to `false` if not supplied. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`policy_types` -: A list of policy types of all the resources. - -: **Field**: `policy_type` - -`modes` -: A list of modes of all the resources. - -: **Field**: `mode` - -`metadata_versions` -: A list of metadata versions of the resources. - -: **Field**: `metadata_version` - -`metadata_categories` -: A list of metadata categories of the resources. - -: **Field**: `metadata_category` - -`parameters` -: A list of parameters of the resources. - -: **Field**: `parameters` - -`policy_rules` -: A list of policy rules of the resources. - -: **Field**: `policy_rule` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check a specific Policy definition is present - -```ruby -describe azure_policy_definitions do - its('names') { should include 'my-policy' } -end -``` - -### Filters the results to include only those Policy definitions which include the specified name - -```ruby -describe azure_policy_definitions.where{ name.include?('my-policy') } do - it { should exist } -end -``` - -### Filters the results to include only the custom Policy definitions - -```ruby -describe azure_policy_definitions.where(policy_type: "Custom") do - it { should exist } - its('count') { should be 15 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_policy_definitions do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_exemption.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_exemption.md deleted file mode 100644 index 27b3dac301..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_exemption.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "azure_policy_exemption Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_exemption" -identifier = "inspec/resources/azure/azure_policy_exemption Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_exemption` InSpec audit resource to test the properties related to an Azure Policy Exemption. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_policy_exemption(resource_group: 'RESOURCE_GROUP', name: 'POLICY_EXEMPTION_NAME') do - it { should exist } - its('name') { should cmp '3b8b3f3bbec24cd6af583694' } - its('type') { should cmp 'Microsoft.Authorization/policyExemptions' } - its('properties.exemptionCategory') { should cmp 'Waiver' } - its('properties.policyAssignmentId') { should cmp '/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement' } - its('systemData.createdByType') { should cmp 'User' } -end -``` - -```ruby -describe azure_policy_exemption(name: 'POLICY_EXEMPTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The name of the Azure Policy Exemption to test. - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`id` -: Resource ID. - -`name` -: Policy Exemption Name. - -`type` -: Resource type. - -`properties.policyAssignmentId` -: The ID of the policy assignment that is being exempted. - -`properties.policyDefinitionReferenceIds` -: The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. - -`properties.exemptionCategory` -: The policy exemption category. Possible values are `Waiver` and `Mitigated`. - -`properties.displayName` -: The display name of the policy exemption. - -`properties.description` -: The description of the policy exemption. - -`systemData.createdBy` -: The identity that created the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/policy/policy-exemptions/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that the policy exemption category is `Waiver` - -```ruby -describe azure_policy_exemption(name: 'POLICY_EXEMPTION_NAME') do - its('properties.exemptionCategory') { should eq 'Waiver' } -end -``` - -### Test that the definition reference ID list includes a particular reference ID - -```ruby -describe azure_policy_exemption(resource_group: 'RESOURCE_GROUP', name: 'POLICY_EXEMPTION_NAME') do - its('properties.policyDefinitionReferenceIds') { should include 'POLICY_DEFINITION_REFERENCE_ID' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a policy exemption is found, it will exist. - -describe azure_policy_exemption(name: 'POLICY_EXEMPTION_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# policy exemptions that aren't found will not exist. - -describe azure_policy_exemption('3b8b3f3bbec24cd6af583694') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_exemptions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_exemptions.md deleted file mode 100644 index 0a6787ad51..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_exemptions.md +++ /dev/null @@ -1,176 +0,0 @@ -+++ -title = "azure_policy_exemptions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_exemptions" -identifier = "inspec/resources/azure/azure_policy_exemptions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_exemptions` InSpec audit resource to test properties related to all Azure Policy Exemptions for the subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_policy_exemptions` resource block returns all Azure Policy Exemptions within a subscription. - -```ruby -describe azure_policy_exemptions do - #... -end -``` - -## Parameters - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the resources. - -: **Field**: `name` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources. - -: **Field**: `properties` - -`system_data` -: A list of System Data for all the resources. - -: **Field**: `system_data` - -`policy_assignment_ids` -: A list of Policy Assignment IDs. - -: **Field**: `policy_assignment_id` - -`policy_definition_reference_ids` -: A list of Policy Definition Reference IDs. - -: **Field**: `policy_definition_reference_ids` - -`exemption_categories` -: A list of categories of exemptions. - -: **Field**: `exemption_category` - -`display_names` -: A list of display names of the exemptions. - -: **Field**: `display_name` - -`descriptions` -: A list of descriptions of the exemptions. - -: **Field**: `description` - -`metadata` -: A list of metadata info of the exemptions. - -: **Field**: `metadata` - -`created_by` -: A list of creators of the exemptions. - -: **Field**: `created_by` - -`created_by_types` -: A list of the type of creators of the exemptions. - -: **Field**: `created_by_type` - -`created_at` -: A list of created_at timestamps of the exemptions. - -: **Field**: `created_at` - -`last_modified_by` -: A list of the last modifiers of the exemptions. - -: **Field**: `last_modified_by` - -`last_modified_by_types` -: A list of the type of modifiers of the exemptions. - -: **Field**: `last_modified_by_type` - -`last_modified_at` -: A list of `modified_at` timestamps of the exemptions. - -: **Field**: `last_modified_at` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Policy Exemptions by their names - -```ruby -azure_policy_exemptions.names.each do |name| - describe azure_policy_exemption(name: name) do - it { should exist } - end -end -``` - -### Test that there are Policy Exemptions that are of waiver exemption category - -```ruby -describe azure_policy_exemptions.where(exemption_category: 'Waiver') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### not_exists - -```ruby -# Should not exist if no policy exemptions are present in the subscription. - -describe azure_policy_exemptions do - it { should_not exist } -end -``` - -### exists - -```ruby -# Should exist if the filter returns at least one policy exemption in the subscription. - -describe azure_policy_exemptions do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_insights_query_result.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_insights_query_result.md deleted file mode 100644 index b40bb18fe9..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_insights_query_result.md +++ /dev/null @@ -1,178 +0,0 @@ -+++ -title = "azure_policy_insights_query_result Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_insights_query_result" -identifier = "inspec/resources/azure/azure_policy_insights_query_result Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_insights_query_result` InSpec audit resource to test the properties and configuration of an Azure Policy Insights query result. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `policy_definition` and the `resource_id` are required parameters. - -```ruby -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - it { should exist } -end -``` - -```ruby -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - it { should exist } -end -``` - -## Parameters - -`policy_definition` -: Name of the policy definition. `policyDefinitionName`. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderId}`. - -Submit both parameters for a valid query: - -- `resource_id` -- `policy_definition` - -## Properties - -`resource_id` -: Resource ID. - -`policy_assignment_id` -: Policy assignment ID. - -`policy_definition_id` -: Policy definition ID. - -`policy_assignment_name` -: Policy assignment name. - -`policy_definition_name` -: Policy definition name. - -`policy_definition_action` -: Policy definition action. For example, `effect`. - -`compliance_state` -: Compliance state of the resource. - -`effective_parameters` -: Effective parameters for the policy assignment. - -`is_compliant` -: Flag indicating whether the resource is compliant against the policy assignment it was evaluated. - -{{< note >}} - -This property is deprecated; please use `ComplianceState` instead. - -{{< /note >}} - -`policy_assignment_owner` -: Policy assignment owner. - -`policy_assignment_parameters` -: Policy assignment parameters. - -`policy_assignment_scope` -: Policy assignment scope. - -`subscription_id` -: Subscription ID. - -`resource_type` -: Resource type. - -`resource_location` -: Resource location. - -`resource_group` -: Resource group name. - -`resource_tags` -: List of resource tags. - -`policy_definition_category` -: Policy definition category. - -`management_group_ids` -: Comma separated list of management group IDs, which represent the hierarchy of the management groups the resource is part of. - -`compliance_reason_code` -: Populated with the failure error code sometimes. - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/policy/policystates/listqueryresultsforsubscription#policystate) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test a policy definition resource type - -```ruby -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - its('resourceType') { should eq 'Microsoft.VirtualMachineImages/imageTemplates' } -end -``` - -### Test a policy definition and policy assignment scope - -```ruby -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - its('policyAssignmentScope') { should cmp '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### compliant - -Test if a policy definition type is `Compliant` or not. - -```ruby -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - it { should be_compliant } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_policy_insights_query_result(policy_definition: 'de875639-505c-4c00-b2ab-bb290dab9a54', resource_id: '/subscriptions/80b824de-ec53-4116-9868-3deeab10b0cd/resourcegroups/jfm-winimgbuilderrg2/providers/microsoft.virtualmachineimages/imagetemplates/win1021h1') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_insights_query_results.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_insights_query_results.md deleted file mode 100644 index 85afaa38d4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_policy_insights_query_results.md +++ /dev/null @@ -1,188 +0,0 @@ -+++ -title = "azure_policy_insights_query_results Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_policy_insights_query_results" -identifier = "inspec/resources/azure/azure_policy_insights_query_results Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_policy_insights_query_results` InSpec audit resource to test properties and configuration of multiple Azure Policy Insights query results. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_policy_insights_query_results` resource block returns all policy insights query results, compliant or not, within a subscription. - -```ruby -describe azure_policy_insights_query_results do - it { should exist } -end -``` - -Or - -```ruby -describe azure_policy_insights_query_results do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`resource_ids` -: A list of the unique resource IDs. - -: **Field**: `resource_id` - -`policy_assignment_ids` -: A list of all policy assignment IDs. - -: **Field**: `policyAssignment_id` - -`policy_definition_ids` -: A list of all policy definition IDs. - -: **Field**: `policyDefinition_id` - -`is_compliant` -: A list of boolean flags indicating whether the resource is compliant or not. - -: **Field**: `is_compliant` - -`subscription_ids` -: A list of subscription IDs. - -: **Field**: `subscription_id` - -`resource_types` -: A list of resource types. - -: **Field**: `resource_type` - -`resource_locations` -: A list of resource locations. - -: **Field**: `resource_location` - -`resource_groups` -: A list of resource group names. - -: **Field**: `resource_group` - -`resource_tags` -: A list of resource tags. - -: **Field**: `resource_tags` - -`policy_assignment_names` -: A list of policy assignment names. - -: **Field**: `policy_assignment_name` - -`policy_definition_names` -: A list of policy definition names. - -: **Field**: `policy_definition_name` - -`policy_assignment_scopes` -: A list of policy assignment scopes. - -: **Field**: `policy_assignment_scope` - -`policy_assignment_parameters` -: A list of policy assignment parameters. - -: **Field**: `policy_assignment_parameters` - -`policy_definition_actions` -: A list of policy definition actions. - -: **Field**: `policy_definition_action` - -`policy_definition_categories` -: A list of policy definition categories. - -: **Field**: `policy_definition_category` - -`management_group_ids` -: A list of management group IDs. - -: **Field**: `management_group_ids` - -`compliance_states` -: A list compliance state of the resource. - -: **Field**: `compliance_state` - -`compliance_reason_codes` -: A list of reason codes recorded for failure. - -: **Field**: `compliance_reason_code` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific resource type is present - -```ruby -describe azure_policy_insights_query_results do - its('resource_types') { should include 'Microsoft.VirtualMachineImages/imageTemplates' } -end -``` - -### Filters the results to include only those Policy Insights query results that have specified location - -```ruby -describe azure_policy_insights_query_results.where(resource_location: 'RESOURCE_LOCATION') do - it { should exist } -end -``` - -### Filters the results to include only the compliant Policy Insights query results - -```ruby -describe azure_policy_insights_query_results.where(is_compliant: true) do - it { should exist } - its('count') { should be 120 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect **zero** matches. - -```ruby -describe azure_policy_insights_query_results do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_database.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_database.md deleted file mode 100644 index bf349e7116..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_database.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azure_postgresql_database Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_postgresql_database" -identifier = "inspec/resources/azure/azure_postgresql_database Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_postgresql_database` InSpec audit resource to test the properties and configuration of an Azure PostgreSQL database on a PostgreSQL server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `server_name` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_postgresql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DATABASE_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_postgresql_database(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforPostgreSQL/servers/{serverName}/databases/{databaseName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server on which the database resides. - -`name` -: The unique name of the database. - -`database_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforPostgreSQL/servers/{serverName}/databases/{databaseName}`. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `server_name`, and `name` -- `resource_group`, `server_name`, and `database_name` - -## Properties - -`properties.charset` -: The charset of the database. - -For properties applicable to all resources, such as `type`, `tags`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/flexibleserver(preview)/databases/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the resource name - -```ruby -describe azure_postgresql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DATABASE_NAME') do - its('name') { should be 'order-db' } -end -``` - -```ruby -describe azure_postgresql_database(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforPostgreSQL/servers/{serverName}/databases/order-db') do - its('name') { should be 'order-db' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_postgresql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DATABASE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_postgresql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DATABASE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_databases.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_databases.md deleted file mode 100644 index f75aeceb4e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_databases.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azure_postgresql_databases Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_postgresql_databases" -identifier = "inspec/resources/azure/azure_postgresql_databases Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_postgresql_databases` InSpec audit resource to test the properties and configuration of Azure PostgreSQL Databases. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and `server_name` are required parameters. - -```ruby -describe azure_postgresql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server in which the database resides. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check resources are present - -````ruby -describe azure_postgresql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } - its('names') { should include 'my-db' } -end -```` - -### Filter the results to include only those with names that match the specified string value - -```ruby -describe azure_postgresql_databases.(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME').where{ name.eql?('production-db') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect **zero** matches. - -```ruby -# If we expect resources to exist. - -describe azure_postgresql_databases(resource_group: 'EXAMPLEGROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect resources not to exist. - -describe azure_postgresql_databases(resource_group: 'EXAMPLEGROUP', server_name: 'SERVER_NAME) do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_server.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_server.md deleted file mode 100644 index cbea095400..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_server.md +++ /dev/null @@ -1,154 +0,0 @@ -+++ -title = "azure_postgresql_server Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_postgresql_server" -identifier = "inspec/resources/azure/azure_postgresql_server Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_postgresql_server` InSpec audit resource to test the properties and configuration of an Azure PostgreSql server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_postgresql_server(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.DBforPostgreSQL/servers/{serverName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the PostgreSql server to test. - -`server_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -`configurations_api_version` -: The endpoint API version for the `configurations` property. The latest version will be used unless provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `server_name` - -## Properties - -`configurations` -: An object containing all the configurations of a DB server available through [configurations](https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server) endpoint. Configuration values can be accessed as follows, `configurations.client_encoding.properties.value`, `configurations.deadlock_timeout.properties.value`, and so on. - -`sku` -: The SKU (pricing tier) of the server. - -`firewall_rules` -: An object of firewall rules applied on postgresql server. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/flexibleserver(preview)/servers/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test the administrator's login name of a PostgreSql server - -```ruby -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - its('properties.administratorLogin') { should cmp 'admin' } -end -``` - -### Test the fully qualified domain name of a PostgreSql server - -```ruby -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'i-dont-exist') do - its('properties.fullyQualifiedDomainName') { should cmp 'pgtestsvc1.postgres.database.azure.com' } -end -``` - -### Test the client encoding configuration value of a PostgreSql server - -```ruby -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - its('configurations.client_encoding.properties.value') { should cmp 'sql_ascii' } -end -``` - -### Test the deadlock timeout configuration value of a PostgreSql server - -```ruby -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - its('configurations.deadlock_timeout.properties.value') { should cmp '1000' } -end -``` - -### Test a PostgreSql server's location and maximum replica capacity - -```ruby -describe azure_postgresql_server(resource_id: '/subscriptions/.../my-server') do - its('properties.replicaCapacity') { should cmp 2 } - its('location') { should cmp 'westeurope' } -end -``` -### Test a PostgreSql server's firewall rules - -```ruby -describe azure_postgresql_server(resource_id: '/subscriptions/.../my-server') do - its('firewall_rules') { should eq {} } -end -``` -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_postgresql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_servers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_servers.md deleted file mode 100644 index b6b00f9327..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_postgresql_servers.md +++ /dev/null @@ -1,142 +0,0 @@ -+++ -title = "azure_postgresql_servers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_postgresql_servers" -identifier = "inspec/resources/azure/azure_postgresql_servers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_postgresql_servers` InSpec audit resource to test the properties and configuration of multiple Azure PostgreSQL servers. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_postgresql_servers` resource block returns all Azure PostgreSQL servers within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_postgresql_servers do - it { should exist } -end -``` - -Or - -```ruby -describe azure_postgresql_servers(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`skus` -: A list of the SKUs (pricing tiers) of the servers. - -: **Field**: `sku` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check a specific PostgreSQL server is present - -```ruby -describe azure_postgresql_servers do - its('names') { should include 'my-server-name' } -end -``` - -### Filters the results to include only those servers having specified names (Client Side Filtering) - -```ruby -describe azure_postgresql_servers.where{ name.include?('production') } do - it { should exist } -end -``` - -### Filters the results to include only those servers residing in a specified location (Client Side Filtering) - -```ruby -describe azure_postgresql_servers.where{ location.eql?('westeurope') } do - it { should exist } -end -``` - -### Filters the results to include only those servers residing in a specified location and has the specified name (Server Side Filtering - Recommended) - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.DBforPostgreSQL/servers', substring_of_name: 'production', location: 'westeurope') do - it {should exist} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect **zero** matches. - -```ruby -describe azure_postgresql_servers do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app.md deleted file mode 100644 index e87ce1cf69..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "azure_power_bi_app Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app" -identifier = "inspec/resources/azure/azure_power_bi_app Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app` InSpec audit resource to test the properties related to Azure Power BI apps. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`app_id` is a required parameter. - -```ruby -describe azure_power_bi_app(app_id: 'APP_ID') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ - -: The app ID. - -## Properties - -`id` -: The app ID. - -`name` -: The app name. - -`description` -: The app description. - -`publishedBy` -: The app publisher. - -`lastUpdate` -: The last time the app was updated. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-app) for other available properties. - -## Examples - -### Test that the Power BI app is published by inspec-devs - -```ruby -describe azure_power_bi_app(app_id: 'APP_ID') do - its('publishedBy') { should eq 'inspec-devs' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Azure Power BI app is found, it will exist. - -describe azure_power_bi_app(app_id: 'APP_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Azure Power BI app is not found, it will not exist. - -describe azure_power_bi_app(app_id: 'APP_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -This API does not support Service Principal Authentication. Use your Active Directory account access tokens to access this resource. -Your Active Directory account must be set up with an `App.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard.md deleted file mode 100644 index b2c3d10979..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "azure_power_bi_app_dashboard Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_dashboard" -identifier = "inspec/resources/azure/azure_power_bi_app_dashboard Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_dashboard` InSpec audit resource to test the properties of an Azure Power BI app dashboard. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_power_bi_app_dashboard(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ -: The app ID. - -`dashboard_id` _(required)_ -: The app dashboard ID. - -## Properties - -`id` -: The app ID. - -`displayName` -: The dashboard display name. - -`embedUrl` -: The dashboard embed URL. - -`isReadOnly` -: Is ReadOnly dashboard. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-dashboard) for other available properties. - -## Examples - -### Test that the Power BI app dashboard is read-only - -```ruby -describe azure_power_bi_app_dashboard(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID') do - its('isReadOnly') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If the Azure Power BI app dashboard is found, it will exist. -describe azure_power_bi_app_dashboard(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Azure Power BI app dashboard is not found, it will not exist. - -describe azure_power_bi_app_dashboard(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use the Active Directory (AD) account access token to access this resource. -Your AD account must be set up with a `Dashboard.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard_tile.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard_tile.md deleted file mode 100644 index afccd21f34..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard_tile.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_power_bi_app_dashboard_tile Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_dashboard_tile" -identifier = "inspec/resources/azure/azure_power_bi_app_dashboard_tile Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_dashboard_tile` InSpec audit resource to test the properties related to an Azure Power BI app dashboard tile. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`app_id`, `dashboard_id`, and `tile_id` are required parameters. - -```ruby -describe azure_power_bi_app_dashboard_tile(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID', tile_id: 'TILE_ID') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ - -: The app ID. - -`dashboard_id` _(required)_ - -: The app Dashboard ID. - -`tile_id` _(required)_ - -: The app dashboard tile ID. - -## Properties - -`id` -: The tile ID. - -`title` -: The dashboard display name. - -`embedUrl` -: The tile embed URL. - -`rowSpan` -: number of rows a tile should span. - -`colSpan` -: number of columns a tile should span. - -`reportId` -: The report ID, which is available only for tiles created from a report. - -`datasetId` -: The dataset ID, which is available only for tiles created from a report or using a dataset, such as Q&A tiles. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-tile) for other available properties. - -## Examples - -### Test that the Power BI app dashboard tile is at the left corner - -```ruby -describe azure_power_bi_app_dashboard_tile(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID', tile_id: 'TILE_ID') do - its('rowSpan') { should eq 0 } - its('colSpan') { should eq 0 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Azure Power BI app dashboard tile is found, it will exist. - -describe azure_power_bi_app_dashboard_tile(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID', tile_id: 'TILE_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Azure Power BI app dashboard tile is not found, it will not exist. - -describe azure_power_bi_app_dashboard_tile(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID', tile_id: 'TILE_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use an Active Directory account access token to access this resource. -Your Active Directory account must be set up with a `Dashboard.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard_tiles.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard_tiles.md deleted file mode 100644 index 7b0361c64c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboard_tiles.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azure_power_bi_app_dashboard_tiles Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_dashboard_tiles" -identifier = "inspec/resources/azure/azure_power_bi_app_dashboard_tiles Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_dashboard_tiles` InSpec audit resource to test the properties related to all Azure Power BI app dashboard tiles. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_app_dashboard_tiles` resource block returns all Azure Power BI app dashboard tiles. - -```ruby -describe azure_power_bi_app_dashboard_tiles(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID') do - #... -end -``` - -## Parameters - -`app_id` _(required)_ - -: The app ID. - -`dashboard_id` _(required)_ - -: The app Dashboard ID. - -## Properties - -`ids` -: List of all app dashboard tile IDs. - -: **Field**: `id` - -`titles` -: List of all the dashboard titles. - -: **Field**: `title` - -`embedUrls` -: List of all the dashboard embed URLs. - -: **Field**: `embedUrl` - -`rowSpans` -: List of all the row span values. - -: **Field**: `rowSpan` - -`colSpans` -: List of all the col span values. - -: **Field**: `colSpan` - -`reportIds` -: List of all the report IDs. - -: **Field**: `reportId` - -`datasetIds` -: List of all the dataset IDs. - -: **Field**: `datasetId` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-tiles) for other available properties. - -## Examples - -### Loop through Power BI app dashboard tiles by their IDs - -```ruby -azure_power_bi_app_dashboard_tiles(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID').ids.each do |id| - describe azure_power_bi_app_dashboard_tile(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID', tile_id: id) do - it { should exist } - end -end -``` - -### Test to filter out Power BI app dashboard tiles that are in the left corner - -```ruby -describe azure_power_bi_app_dashboard_tiles(app_id: 'APP_ID', dashboard_id: 'DASHBOARD_ID').where(rowSpan: 0, colSpan: 0) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -Use `should` to test that an entity exists. - -```ruby -describe azure_power_bi_app_dashboard_tiles(app_id: 'APP_ID') do - it { should_not exist } -end -``` - -### not_exists - -Use `should_not` to test that the entity does not exist. - -```ruby -describe azure_power_bi_app_dashboard_tiles(app_id: 'APP_ID') do - it { should exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use an Active Directory account access token to access this resource. -Your Active Directory account must be set up with a `Dashboard.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboards.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboards.md deleted file mode 100644 index 24b0064899..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_dashboards.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "azure_power_bi_app_dashboards Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_dashboards" -identifier = "inspec/resources/azure/azure_power_bi_app_dashboards Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_dashboards` InSpec audit resource to test the properties of all Azure Power BI app dashboards. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_app_dashboards` resource block returns all Azure Power BI app dashboards. - -```ruby -describe azure_power_bi_app_dashboards(app_id: 'APP_ID') do - #... -end -``` - -## Parameters - -`app_id` _(required)_ -: The app ID. - -## Properties - -`ids` -: List of all app IDs. - -: **Field**: `id` - -`displayNames` -: List of all the dashboard display names. - -: **Field**: `displayName` - -`embedUrls` -: List of all the dashboard embed URLs. - -: **Field**: `embedUrl` - -`isReadOnlies` -: List of all the boolean read-only dashboard flags. - -: **Field**: `isReadOnly` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-dashboards) for other available properties. - -## Examples - -### Loop through Power BI app dashboards by their IDs - -```ruby -azure_power_bi_app_dashboards(app_id: 'APP_ID').ids.each do |id| - describe azure_power_bi_app_dashboard(app_id: 'APP_ID', dashboard_id: id) do - it { should exist } - end -end -``` - -### Test to filter out Power BI app dashboards that are read-only - -```ruby -describe azure_power_bi_app_dashboards(app_id: 'APP_ID').where(isReadOnly: true) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI apps are present. - -describe azure_power_bi_app_dashboards(app_id: 'APP_ID') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI app. - -describe azure_power_bi_app_dashboards(app_id: 'APP_ID') do - it { should exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use the Active Directory (AD) account access token to access this resource. -Your AD account must be set up with a `Dashboard.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_report.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_report.md deleted file mode 100644 index 401c147637..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_report.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_power_bi_app_report Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_report" -identifier = "inspec/resources/azure/azure_power_bi_app_report Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_report` InSpec audit resource to test the properties related to an Azure Power BI app report. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_power_bi_app_report(app_id: 'APP_ID', report_id: 'REPORT_ID') do - it { should exist } -end -``` - -## Parameters - -`app_id` _(required)_ - -: The app ID. - -`report_id` _(required)_ - -: The app report ID. - -## Properties - -`id` -: The report ID. - -`appId` -: The app ID. - -`embedUrl` -: The report embed URL. - -`datasetId` -: The dataset ID. - -`name` -: The report name. - -`webUrl` -: The report web URL. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-report) for other available properties. - -## Examples - -### Test that the Power BI app report is paginated and embed URL is present - -```ruby -describe azure_power_bi_app_report(app_id: 'APP_ID', report_id: 'REPORT_ID') do - its('reportType') { should eq 'PaginatedReport' } - its('embedUrl') { should_not be_empty } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -Use `should` to test that the entity exists. - -```ruby -describe azure_power_bi_app_report(app_id: 'APP_ID', report_id: 'REPORT_ID') do - it { should exist } -end -``` - -### not_exists - -Use `should_not` to test that the entity does not exist. - -```ruby -describe azure_power_bi_app_report(app_id: 'APP_ID', report_id: 'REPORT_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use an Active Directory account access token to access this resource. -Your Active Directory account must be set up with a `Report.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_reports.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_reports.md deleted file mode 100644 index 45d314f6c7..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_app_reports.md +++ /dev/null @@ -1,127 +0,0 @@ -+++ -title = "azure_power_bi_app_reports Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_reports" -identifier = "inspec/resources/azure/azure_power_bi_app_reports Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_reports` InSpec audit resource to test the properties related to all Azure Power BI app reports. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_app_reports` resource block returns all Azure Power BI app reports. - -```ruby -describe azure_power_bi_app_reports(app_id: 'APP_ID') do - #... -end -``` - -## Parameters - -`app_id` _(required)_ - -: The app ID. - -## Properties - -`ids` -: List of all app report IDs. - -: **Field**: `id` - -`embedUrls` -: List of all the report embed URLs. - -: **Field**: `embedUrl` - -`appIds` -: List of all the app IDs. - -: **Field**: `appId` - -`datasetIds` -: List of all the Dataset IDs. - -: **Field**: `datasetId` - -`names` -: List of all the report names. - -: **Field**: `name` - -`webUrls` -: List of all the report web URLs. - -: **Field**: `webUrl` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-reports) for other available properties. - -## Examples - -### Loop through Power BI app reports by their IDs - -```ruby -azure_power_bi_app_reports(app_id: 'APP_ID').ids.each do |id| - describe azure_power_bi_app_report(app_id: 'APP_ID', report_id: id) do - it { should exist } - end -end -``` - -### Test to filter out Power BI app reports by report name - -```ruby -describe azure_power_bi_app_reports(app_id: 'APP_ID').where(name: 'REPORT_NAME') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI app reports are present. - -describe azure_power_bi_app_reports(app_id: 'APP_ID') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI app reports. - -describe azure_power_bi_app_reports(app_id: 'APP_ID') do - it { should exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use an Active Directory account access token to access this resource. -Your Active Directory account must be set up with a `Report.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_apps.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_apps.md deleted file mode 100644 index 7f712725b6..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_apps.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_power_bi_apps Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_apps" -identifier = "inspec/resources/azure/azure_power_bi_apps Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_apps` InSpec audit resource to test the properties related to all Azure Power BI apps. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_apps` resource block returns all Azure Power BI apps. - -```ruby -describe azure_power_bi_apps do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: List of all app IDs. - -: **Field**: `id` - -`names` -: List of all the app names. - -: **Field**: `name` - -`descriptions` -: List of all the app Descriptions. - -: **Field**: `description` - -`lastUpdates` -: List of all Last updated times of the apps. - -: **Field**: `lastUpdate` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/apps/get-apps) for other available properties. - -## Examples - -### Loop through Power BI apps by their IDs - -```ruby -azure_power_bi_apps.ids.each do |id| - describe azure_power_bi_app(app_id: id) do - it { should exist } - end -end -``` - -### Test that a Power BI app named 'Finance' exists - -```ruby -describe azure_power_bi_apps.where(name: 'Finance') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI apps are present. - -describe azure_power_bi_apps do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI apps. - -describe azure_power_bi_apps do - it { should exist } -end -``` - -## Azure Permissions - -This API does not support Service Principal Authentication. Use your Active Directory account access tokens to access this resource. -Your Active Directory account must be set up with an `App.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacities.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacities.md deleted file mode 100644 index 13a539044e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacities.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "azure_power_bi_app_capacities Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_app_capacities" -identifier = "inspec/resources/azure/azure_power_bi_app_capacities Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_app_capacities` InSpec audit resource to test the properties related to all Azure Power BI capacities. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_app_capacities` resource block returns all Azure Power BI capacities. - -```ruby -describe azure_power_bi_app_capacities do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: List of all Power BI capacity IDs. - -: **Field**: `id` - -`displayNames` -: List of all the Power BI capacity names. - -: **Field**: `displayName` - -`admins` -: An array of capacity admins. - -: **Field**: `admin` - -`skus` -: List of all capacity SKUs. - -: **Field**: `sku` - -`states` -: List of the capacity states. - -: **Field**: `state` - -`regions` -: List of the Azure regions where the capacity is provisioned. - -: **Field**: `region` - -`capacityUserAccessRights` -: List of access rights user has on the capacity. - -: **Field**: `capacityUserAccessRight` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/capacities/get-capacities) for other available properties. - -## Examples - -### Test to ensure Power BI capacities are active - -```ruby -describe azure_power_bi_app_capacities.where(state: 'Active') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -Use `should` to test that the entity exists. - -```ruby -describe azure_power_bi_app_capacities do - it { should exist } -end -``` - -### not_exists - -Use `should_not` to test that the entity does not exist. - -```ruby -describe azure_power_bi_app_capacities do - it { should_not exist } -end -``` - -## Azure Permissions - -This API does not support service principal authentication. Instead, use an Active Directory account access token to access this resource. -Your Active Directory account must be set up with a `Capacity.Read.All` role on the Azure Power BI workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_refreshable.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_refreshable.md deleted file mode 100644 index 310622b89b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_refreshable.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_power_bi_capacity_refreshable Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_capacity_refreshable" -identifier = "inspec/resources/azure/azure_power_bi_capacity_refreshable Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_capacity_refreshable` InSpec audit resource to test the properties of an Azure Power BI Capacity refreshable. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_power_bi_capacity_refreshable(capacity_id: 'CAPACITY_ID', name: 'REFRESHABLE_ID') do - it { should exist } -end -``` - -```ruby -describe azure_power_bi_capacity_refreshable(capacity_id: 'CAPACITY_ID', name: 'REFRESHABLE_ID') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The refreshable ID. - -`capacity_id` _(required)_ - -: The capacity ID. - -## Properties - -`id` -: The object ID of the refreshable. - -`kind` -: The refreshable kind. - -`name` -: Display refreshable name. - -`startTime` -: The start time of the window for which summary data exists. - -`endTime` -: The end time of the window for which summary data exists. - -`refreshCount` -: The number of refreshes within the summary time window. - -`refreshFailures` -: The number of refresh failures within the summary time window. - -`refreshesPerDay` -: The number of refreshes (schedule+onDemand) per day within the summary time window with at most 60. - -`refreshSchedule.days` -: Days to execute the refresh. - -`refreshSchedule.enabled` -: Is the refresh enabled. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/capacities/get-refreshable-for-capacity) for other available properties. - -## Examples - -### Test that the Power BI Capacity refreshable schedule is enabled - -```ruby -describe azure_power_bi_capacity_refreshable(capacity_id: 'CAPACITY_ID', name: 'REFRESHABLE_ID') do - its('refreshSchedules.enabled') { should be_truthy } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Power BI Capacity refreshable is found, it will exist. - -describe azure_power_bi_capacity_refreshable(capacity_id: 'CAPACITY_ID', name: 'REFRESHABLE_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Power BI Capacity refreshable is not found, it will not exist. -describe azure_power_bi_capacity_refreshable(capacity_id: 'CAPACITY_ID', name: 'REFRESHABLE_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Capacity.Read.All` role on the Azure Power BI Capacity you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_refreshables.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_refreshables.md deleted file mode 100644 index 6673e4eda8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_refreshables.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "azure_power_bi_capacity_refreshables Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_capacity_refreshables" -identifier = "inspec/resources/azure/azure_power_bi_capacity_refreshables Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_capacity_refreshables` InSpec audit resource to test the properties of multiple Azure Power BI Capacity refreshables. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_capacity_refreshables` resource block returns all Azure Power BI Capacity refreshables. - -```ruby -describe azure_power_bi_capacity_refreshables do - #... -end -``` - -## Parameters - -`capacity_id` _(optional)_ -: The capacity ID. - -## Properties - -`ids` -: List of all Power BI Capacity refreshable IDs. - -: **Field**: `id` - -`names` -: List of all the Power BI Capacity refreshable names. - -: **Field**: `name` - -`kinds` -: List of all the Power BI Capacity refreshable kinds. - -: **Field**: `kind` - -`refreshCounts` -: List of the number of refreshes within the summary time windows. - -: **Field**: `refreshCount` - -`refreshFailures` -: List of the number of refresh failures within the summary time window. - -: **Field**: `refreshFailures` - -`refreshesPerDays` -: List of the number of refreshes. - -: **Field**: `refreshesPerDay` - -`medianDurations` -: List of the median duration in seconds of a refresh. - -: **Field**: `medianDuration` - -`averageDurations` -: List of the average duration in seconds of a refresh. - -: **Field**: `averageDuration` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -For additional information, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/capacities/get-refreshables) for other available properties. - -## Examples - -### Test to ensure Power BI Capacity refreshable schedules are enabled - -```ruby -describe azure_power_bi_capacity_refreshables do - its('refreshSchedules') { should_not be empty } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI Capacity refreshables are present. - -describe azure_power_bi_capacity_refreshables do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI Capacity refreshables - -describe azure_power_bi_capacity_refreshables do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Capacity.Read.All` role on the Azure Power BI Capacity you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_workload.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_workload.md deleted file mode 100644 index 8dd20a4a89..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_workload.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "azure_power_bi_capacity_workload Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_capacity_workload" -identifier = "inspec/resources/azure/azure_power_bi_capacity_workload Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_capacity_workload` InSpec audit resource to test the properties related to Azure Power BI Capacity workload. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `capacity_id` are required parameters. - -```ruby -describe azure_power_bi_capacity_workload(capacity_id: 'CAPACITY_ID', name: 'WORKLOAD_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_power_bi_capacity_workload(capacity_id: 'CAPACITY_ID', name: 'WORKLOAD_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: The workload Name. - -`capacity_id` _(required)_ -: The capacity ID. - -## Properties - -`name` -: The workload name. - -`state` -: The capacity workload state. - -`maxMemoryPercentageSetByUser` -: The memory percentage maximum Limit set by the user. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/capacities/get-workload) for other available properties. - -## Examples - -### Test that the Power BI Capacity workload is enabled - -```ruby -describe azure_power_bi_capacity_workload(capacity_id: 'CAPACITY_ID', name: 'WORKLOAD_NAME') do - its('state') { should eq 'Enabled' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If the Power BI Capacity workload is found, it will exist. - -describe azure_power_bi_capacity_workload(capacity_id: 'CAPACITY_ID', name: 'WORKLOAD_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Power BI Capacity workload is not found, it will not exist. - -describe azure_power_bi_capacity_workload(capacity_id: 'CAPACITY_ID', name: 'WORKLOAD_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Capacity.Read.All` role on the Azure Power BI Capacity you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_workloads.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_workloads.md deleted file mode 100644 index 6706a87963..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_capacity_workloads.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "azure_power_bi_capacity_workloads Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_capacity_workloads" -identifier = "inspec/resources/azure/azure_power_bi_capacity_workloads Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_capacity_workloads` InSpec audit resource to test the properties related to all Azure Power BI Capacity workloads. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_capacity_workloads` resource block returns all Azure Power BI Capacity workloads. - -```ruby -describe azure_power_bi_capacity_workloads(capacity_id: 'CAPACITY_ID') do - #... -end -``` - -## Parameters - -`capacity_id` -: The capacity ID. - -## Properties - -`states` -: List of all Power Bi Capacity Workload IDs. - -: **Field**: `state` - -`names` -: List of all the Power Bi Capacity Workload names. - -: **Field**: `name` - -`maxMemoryPercentageSetByUsers` -: List of all the Power Bi Capacity Workload Kinds. - -: **Field**: `maxMemoryPercentageSetByUser` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/capacities/get-Workloads) for other available properties. - -## Examples - -### Test to ensure Power BI Capacity Workload is enabled - -```ruby -describe azure_power_bi_capacity_workloads(capacity_id: 'CAPACITY_ID').where(state: 'Enabled') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI Capacity Workloads are present. - -describe azure_power_bi_capacity_workloads(capacity_id: 'CAPACITY_ID') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI Capacity Workloads. - -describe azure_power_bi_capacity_workloads(capacity_id: 'CAPACITY_ID') do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Capacity.Read.All` role on the Azure Power BI Capacity you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard.md deleted file mode 100644 index 06cab48249..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "azure_power_bi_dashboard Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dashboard" -identifier = "inspec/resources/azure/azure_power_bi_dashboard Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dashboard` InSpec audit resource to test the properties related to Azure Power BI Dashboard. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`dashboard_id` is a required parameter, and `group_id` is an optional parameter. - -```ruby -describe azure_power_bi_dashboard(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID') do - it { should exist } -end -``` - -## Parameters - -`dashboard_id` _(required)_ - -: The dashboard ID. - -`group_id` _(optional)_ - -: The workspace ID. - -## Properties - -`id` -: Power BI dashboard ID. - -`displayName` -: The dashboard display name. - -`embedUrl` -: The dashboard embed URL. - -`isReadOnly` -: Is ReadOnly dashboard. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/dashboards/get-dashboard) for other available properties. - -## Examples - -### Test that the Power BI Dashboard is read-only - -```ruby -describe azure_power_bi_dashboard(group_id: 'GROUP_ID', dashboard_id: 'DASHBOARD_ID') do - its('isReadOnly') { should eq 'true' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# Should exist if the Power BI dashboard is present in the group. - -describe azure_power_bi_dashboard(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Should not exist if the Power BI dashboard is not present in the group. - -describe azure_power_bi_dashboard(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dashboard.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard_tile.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard_tile.md deleted file mode 100644 index 963851864f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard_tile.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "azure_power_bi_dashboard_tile Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dashboard_tile" -identifier = "inspec/resources/azure/azure_power_bi_dashboard_tile Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dashboard_tile` InSpec audit resource to test the properties related to an Azure Power BI dashboard tile. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_power_bi_dashboard_tile(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID', title_id: 'TITLE_ID') do - it { should exist } -end -``` - -## Parameters - -`dashboard_id` _(required)_ - -: The dashboard ID. - -`tile_id` _(required)_ - -: The tile ID. - -`group_id` _(optional)_ - -: The workspace ID. - -## Properties - -`id` -: Power BI dashboard tile ID. - -`title` -: The dashboard display name. - -`embedUrl` -: The tile embed URL. - -`rowSpan` -: The number of rows a tile should span. - -`colSpan` -: The number of columns a tile should span. - -`reportId` -: The report ID available only for tiles created from a report. - -`datasetId` -: The dataset ID available only for tiles created from a report or using a dataset, such as Q&A tiles. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/dashboards/get-tile) for other available properties. - -## Examples - -### Test that the Power BI dashboard tile is on the left corner - -```ruby -describe azure_power_bi_dashboard_tile(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID', title_id: 'TITLE_ID') do - its('rowSpan') { should eq 0 } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# Use should to test for an Azure Power BI dashboard tile that should be in the resource group. - -describe azure_power_bi_dashboard_tile(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID', title_id: 'TITLE_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Use should_not to test for an Azure Power BI dashboard tile that should not be in the resource group. - -describe azure_power_bi_dashboard_tile(group_id: 'GROUP_ID', dashboard_id: 'dashboard_ID', title_id: 'TITLE_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `dashboard.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard_tiles.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard_tiles.md deleted file mode 100644 index 237d397f36..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboard_tiles.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "azure_power_bi_dashboard_tiles Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dashboard_tiles" -identifier = "inspec/resources/azure/azure_power_bi_dashboard_tiles Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dashboard_tiles` InSpec audit resource to test the properties related to all Azure Power BI dashboard tiles within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_dashboard_tiles` resource block returns all Azure Power BI dashboard tiles within a dashboard and a group. - -```ruby -describe azure_power_bi_dashboard_tiles(dashboard_id: 'dashboard_ID') do - #... -end -``` - -```ruby -describe azure_power_bi_dashboard_tiles(group_id: 'GROUP_ID') do - #... -end -``` - -## Parameters - -`group_id` _(required)_ -: The workspace ID. - -`dashboard_id` _(optional)_ -: The dashboard ID. - -## Properties - -`ids` -: List of all dashboard IDs. - -: **Field**: `id` - -`titles` -: List of all the titles. - -: **Field**: `title` - -`embedUrls` -: List of all dashboard embed URLs. - -: **Field**: `embedUrl` - -`rowSpans` -: List of all row spans. - -: **Field**: `rowSpan` - -`colSpans` -: List of all col spans. - -: **Field**: `colSpan` - -`reportIds` -: List of all report IDs. - -: **Field**: `reportId` - -`datasetIds` -: List of all dataset IDs. - -: **Field**: `datasetId` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/dashboards/get-dashboards) for other available properties. - -## Examples - -### Loop through Power BI dashboard tiles by their IDs - -```ruby -azure_power_bi_dashboard_tiles.ids.each do |id| - describe azure_power_bi_dashboard_tile(dashboard_id: id) do - it { should exist } - end -end -``` - -### Test to ensure all Power BI dashboard tiles that are in the top left corner - -```ruby -describe azure_power_bi_dashboard_tiles.where(rowSpan: true) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Use should to test for an Azure Power BI dashboard tile that should be in the resource group. - -describe azure_power_bi_dashboard_tiles do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Use should_not to test for an Azure Power BI dashboard tile that should not be in the resource group. - -describe azure_power_bi_dashboard_tiles do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `dashboard.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboards.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboards.md deleted file mode 100644 index 9e144f1646..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dashboards.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_power_bi_dashboards Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dashboards" -identifier = "inspec/resources/azure/azure_power_bi_dashboards Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dashboards` InSpec audit resource to test the properties related to all AzurePower BI Dashboards within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_dashboards` resource block returns all AzurePower BI Dashboards within a group. - -```ruby -describe azure_power_bi_dashboards do - #... -end -``` - -```ruby -describe azure_power_bi_dashboards(group_id: 'GROUP_ID') do - #... -end -``` - -## Parameters - -`group_id` _(optional)_ -: The workspace ID. - -## Properties - -`ids` -: List of all dashboard IDs. - -: **Field**: `id` - -`displayNames` -: List of all the dashboard display names. - -: **Field**: `displayName` - -`embedUrls` -: List of all dashboard embed URLs. - -: **Field**: `embedUrl` - -`isReadOnly` -: List of all read-only dashboards. - -: **Field**: `isReadOnlies` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/dashboards/get-dashboards) for other available properties. - -## Examples - -### Loop throughPower BI Dashboards by their IDs - -```ruby -azure_power_bi_dashboards.ids.each do |id| - describe azure_power_bi_dashboard(dashboard_id: id) do - it { should exist } - end -end -``` - -### Test to ensure all Power BI dashboards are ready-only - -```ruby -describe azure_power_bi_dashboards.where(isReadOnly: true) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI dashboards are present in the group. - -describe azure_power_bi_dashboards do - it { should_not exist } -end - -# Should exist if the filter returns at least one Power BI dashboard in the group. - -describe azure_power_bi_dashboards do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `dashboard.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflow.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflow.md deleted file mode 100644 index c40fda377d..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflow.md +++ /dev/null @@ -1,102 +0,0 @@ -+++ -title = "azure_power_bi_dataflow Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dataflow" -identifier = "inspec/resources/azure/azure_power_bi_dataflow Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dataflow` InSpec audit resource to test the properties of a single Azure Power BI dataflow. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_power_bi_dataflow(group_id: 'GROUP_ID', name: 'DATAFLOW_ID') do - it { should exist } -end -``` - -```ruby -describe azure_power_bi_dataflow(group_id: 'GROUP_ID', name: 'DATAFLOW_ID') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: The dataflow ID. - -`group_id` _(required)_ - -: The workspace ID. - -## Properties - -`name` -: The dataflow name. - -`objectId` -: The dataflow ID. - -`description` -: The dataflow description. - -`modelUrl` -: A URL to the dataflow definition file (model.json). - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/dataflows/get-dataflows) for other available properties. - -## Examples - -### Test that the Power BI dataflow name exists - -```ruby -describe azure_power_bi_dataflow(group_id: 'GROUP_ID', name: 'DATAFLOW_ID') do - it { should exist } - its('name') { should eq 'DATAFLOW_NAME' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -Use `should` to test that the entity exists. - -```ruby -describe azure_power_bi_dataflow(group_id: 'GROUP_ID', name: 'DATAFLOW_ID') do - it { should exist } -end -``` - -### not_exists - -Use `should_not` to test if the entity does not exist. - -```ruby -describe azure_power_bi_dataflow(group_id: 'GROUP_ID', name: 'DATAFLOW_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataflow.Read.All` role on the Azure Power BI dataflow you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflow_storage_accounts.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflow_storage_accounts.md deleted file mode 100644 index 7a4b4b294c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflow_storage_accounts.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "azure_power_bi_dataflow_storage_accounts Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dataflow_storage_accounts" -identifier = "inspec/resources/azure/azure_power_bi_dataflow_storage_accounts Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dataflow_storage_accounts` InSpec audit resource to test the properties related to all Azure Power BI dataflow storage accounts. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_dataflow_storage_accounts` resource block returns all Azure Power BI dataflow storage accounts. - -```ruby -describe azure_power_bi_dataflow_storage_accounts do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: List of all Power BI dataflow storage account IDs. - -: **Field**: `id` - -`names` -: List of all the dataflow storage account names. - -: **Field**: `name` - -`isEnableds` -: List of the flags that indicates if workspaces can be assigned to the storage accounts. - -: **Field**: `isEnabled` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/dataflow-storage-accounts/get-dataflow-storage-accounts) for other available properties. - -## Examples - -### Test that the Power BI dataflow storage account is enabled - -```ruby -describe azure_power_bi_dataflow_storage_accounts.where(isEnabled: true) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI dataflow storage account is present. - -describe azure_power_bi_dataflow_storage_accounts do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI dataflow storage account. - -describe azure_power_bi_dataflow_storage_accounts do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `StorageAccount.Read.All` role on the Azure Power BI dataflow storage Account you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflows.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflows.md deleted file mode 100644 index 5f64f92618..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataflows.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "azure_power_bi_dataflows Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dataflows" -identifier = "inspec/resources/azure/azure_power_bi_dataflows Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dataflows` InSpec audit resource to test the properties related to all Azure Power BI dataflows. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_dataflows` resource block returns all Azure Power BI dataflows. - -```ruby -describe azure_power_bi_dataflows(group_id: 'GROUP_ID') do - #... -end -``` - -## Parameters - -`group_id` -: The Workspace ID. - -## Properties - -`objectIds` - -: List of all Power BI dataflow IDs. - -: **Field**: `objectId` - -`names` - -: List of all the Power BI dataflow names. - -: **Field**: `name` - -`descriptions` - -: List of all the Power BI dataflow descriptions. - -: **Field**: `descriptions` - -`modelUrls` - -: List of all URLs to the dataflow definition file - -: **Field**: `modelUrl` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test to ensure Power BI Dataflow for Finance exists - -```ruby -describe azure_power_bi_dataflows(group_id: 'GROUP_ID').where(name: 'DATAFLOW_NAME') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI dataflows are present. - -describe azure_power_bi_dataflows(group_id: 'GROUP_ID') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI dataflows. - -describe azure_power_bi_dataflows(group_id: 'GROUP_ID') do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataflow.Read.All` role on the Azure Power BI Dataflow you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataset.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataset.md deleted file mode 100644 index f92f0826f4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataset.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_power_bi_dataset Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dataset" -identifier = "inspec/resources/azure/azure_power_bi_dataset Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dataset` InSpec audit resource to test the properties related to an Azure Power BI dataset. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_power_bi_dataset(name: 'DATASET_ID') do - it { should exist } -end -``` - -```ruby -describe azure_power_bi_dataset(group_id: 'GROUP_ID', name: 'DATASET_ID') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: The dataset ID. - -`group_id` _(optional)_ -: The workspace ID. - -## Properties - -`name` -: The dataset name. - -`addRowsAPIEnabled` -: Whether the dataset allows adding new rows. - -`configuredBy` -: The dataset owner. - -`isRefreshable` -: Can this dataset be refreshed. - -`isEffectiveIdentityRequired` -: Whether the dataset requires an effective identity. This indicates that you must send an effective identity using the GenerateToken API. - -`isEffectiveIdentityRolesRequired` -: Whether RLS is defined inside the PBIX file. This indicates that you must specify a role. - -`isOnPremGatewayRequired` -: dataset requires an On-premises Data Gateway. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/get-dataset) for other available properties. - -## Examples - -### Test that the Power BI dataset requires an on-prem gateway - -```ruby -describe azure_power_bi_dataset(name: 'DATASET_ID') do - it { should exist } - its('IsOnPremGatewayRequired') { should eq true } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Power BI dataset is found, it will exist. - -describe azure_power_bi_dataset(name: 'DATASET_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Power BI dataset is not found, it will not exist. - -describe azure_power_bi_dataset(name: 'DATASET_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI dataset you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataset_datasources.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataset_datasources.md deleted file mode 100644 index b4b9571328..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_dataset_datasources.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "azure_power_bi_dataset_datasources Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_dataset_datasources" -identifier = "inspec/resources/azure/azure_power_bi_dataset_datasources Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_dataset_datasources` Chef InSpec audit resource to test the properties of all Azure Power BI dataset data sources. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_dataset_datasources` resource block returns all Azure Power BI dataset data sources. - -```ruby -describe azure_power_bi_dataset_datasources(dataset_id: 'DATASET_ID') do - #... -end -``` - -## Parameters - -`dataset_id` _(required)_ -: The dataset ID. - -`group_id` _(optional)_ -: The workspace ID. - -## Properties - -`datasourceIds` -: List of all Power BI data source IDs. - -: **Field**: `datasourceId` - -`gatewayIds` -: List of all the bound gateway IDs. - -: **Field**: `gatewayId` - -`datasourceTypes` -: List of the data source types. - -: **Field**: `datasourceType` - -`connectionDetails` -: List of the data source connection details. - -: **Field**: `connectionDetails` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/get-datasources) for other available properties. - -## Examples - -### Verify that a Power BI dataset data source for a server exists - -```ruby -describe azure_power_bi_dataset_datasources(dataset_id: 'DATASET_ID').where{ connectionDetails[:server] == 'CONNECTION_SERVER' } do - it { should exist } -end -``` - -## Matchers - -This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exists - -Verify that a Power BI dataset data source is not present. - -```ruby -describe azure_power_bi_dataset_datasources(dataset_id: 'DATASET_ID') do - it { should_not exist } -end -``` - -### not_exists - -Verify that at least one Power BI dataset data source exists. - -``` ruby -describe azure_power_bi_dataset_datasources(dataset_id: 'DATASET_ID') do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI data set you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_datasets.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_datasets.md deleted file mode 100644 index e940e60e5e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_datasets.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "azure_power_bi_datasets Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_datasets" -identifier = "inspec/resources/azure/azure_power_bi_datasets Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_datasets` InSpec audit resource to test the properties of all Azure Power BI datasets. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_datasets` resource block returns all Azure Power BI datasets. - -```ruby -describe azure_power_bi_datasets do - #... -end -``` - -## Parameters - -`group_id` _(optional)_ -: The workspace ID. - -## Properties - -`ids` -: List of all Power BI dataset IDs. - -: **Field**: `id` - -`names` -: List of all the Power BI dataset names. - -: **Field**: `name` - -`addRowsAPIEnableds` -: List of boolean flags which describe whether the dataset allows adding new rows. - -: **Field**: `addRowsAPIEnabled` - -`isRefreshables` -: List of boolean flags that represent refreshable parameters of datasets. - -: **Field**: `isRefreshable` - -`isEffectiveIdentityRequireds` -: List of boolean flags that represent effective identity. - -: **Field**: `isEffectiveIdentityRequired` - -`isEffectiveIdentityRolesRequireds` -: List of boolean flags that describe whether `RLS` is defined inside the `PBIX` file. - -: **Field**: `isEffectiveIdentityRolesRequired` - -`isOnPremGatewayRequireds` -: List of boolean flags that describe whether the dataset requires an On-premises Data Gateway. - -: **Field**: `isOnPremGatewayRequired` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/get-datasets) for other available properties. - -## Examples - -### Test to ensure the Power BI dataset is refreshable - -```ruby -describe azure_power_bi_datasets.where(isRefreshable: true) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI datasets are present. - -describe azure_power_bi_datasets do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI dataset. - -describe azure_power_bi_datasets do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI dataset you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_embedded_capacities.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_embedded_capacities.md deleted file mode 100644 index 06b69a5903..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_embedded_capacities.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "azure_power_bi_embedded_capacities Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_embedded_capacities" -identifier = "inspec/resources/azure/azure_power_bi_embedded_capacities Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_embedded_capacities` InSpec audit resource to test the properties related to all Azure Power BI Embedded Capacities within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_embedded_capacities` resource block returns all Azure Power BI Embedded Capacities within a project. - -```ruby -describe azure_power_bi_embedded_capacities do - #... -end -``` - -## Parameters - -`account_name` -: The Azure Storage account name. - -`dns_suffix` -: The DNS suffix for the Azure Data Lake Storage endpoint. - -The following parameters are optional,`account_name` and `dns_suffix`. - -## Properties - -`ids` -: A list of Power BI dedicated resources. - -: **Field**: `id` - -`names` -: The names of all the Power BI dedicated resources. - -: **Field**: `name` - -`locations` -: A location list of all the Power BI dedicated resources. - -: **Field**: `location` - -`modes` -: A list of all the capacity modes. - -: **Field**: `mode` - -`provisioningStates` -: A list of all provisioning states. - -: **Field**: `provisioningState` - -`states` -: The current state of all Power BI dedicated resources. - -: **Field**: `state` - -`sku_names` -: The SKU name of the Power BI dedicated resource. - -: **Field**: `sku_name` - -`sku_tiers` -: The SKU tier of the Power BI dedicated resource. - -: **Field**: `sku_tier` - -`sku_capacities` -: The SKU capacities of the Power BI dedicated resource. - -: **Field**: `sku_capacity` - -`administration_members` -: A collection of dedicated capacity administrators. - -: **Field**: `administration_members` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Power BI Embedded Capacities by their names - -```ruby -azure_power_bi_embedded_capacities.names.each do |name| - describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test to ensure Power BI Embedded Capacities where `sku_capacities` greater than 1 - -```ruby -describe azure_power_bi_embedded_capacities.where(sku_capacity > 1 ) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should exist if the filter returns at least one Migrate Assessment in the project and the resource group. - -describe azure_power_bi_embedded_capacities do - it { should exist } -end -``` - -### not_exists - -```ruby -# Should not exist if no Power BI Embedded Capacities are present in the project and the resource group. - -describe azure_power_bi_embedded_capacities do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_embedded_capacity.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_embedded_capacity.md deleted file mode 100644 index 40cef8f1ee..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_embedded_capacity.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_power_bi_embedded_capacity Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_embedded_capacity" -identifier = "inspec/resources/azure/azure_power_bi_embedded_capacity Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_embedded_capacity` InSpec audit resource to test the properties related to an Azure Power BI Embedded Capacity. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `name` and `resource_group` are required parameters. - -```ruby -describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do - it { should exist } -end -``` - -```ruby -describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Power BI Embedded Capacity to test. - -`resource_group` -: Azure Resource Group. - -The parameter set for a valid query that should be provided is `name` and `account_name`. - -## Properties - -`id` -: An identifier that represents the Power BI dedicated resource. - -`location` -: Location of the Power BI dedicated resource. - -`name` -: The name of the Power BI dedicated resource. - -`properties.administration` -: A collection of dedicated capacity administrators. - -`properties.mode` -: The capacity mode. - -`properties.state` -: The current state of Power BI dedicated resource. The state is to indicate more states outside of resource provisioning. - -`sku` -: The SKU of the Power BI dedicated resource. - -`tags` -: Key-value pairs of additional resource provisioning properties. - -`type` -: The type of the Power BI dedicated resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi-embedded/capacities/get-details) for other available properties. - -## Examples - -### Test that the Power BI Embedded Capacity - -```ruby -describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do - its('count') { should eq 1.0 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If the Power BI Embedded Capacity is found, it will exist. - -describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Power BI Embedded Capacity is not found, it will not exist. - -describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_gateway.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_gateway.md deleted file mode 100644 index b0ea45bc5b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_gateway.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "azure_power_bi_gateway Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_gateway" -identifier = "inspec/resources/azure/azure_power_bi_gateway Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_gateway` InSpec audit resource to test the properties related to an Azure Power BI gateway. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `gateway_id` is a required parameter. - -```ruby -describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do - it { should exist } -end -``` - -## Parameters - -`gateway_id` _(required)_ -: The gateway ID. - -## Properties - -`id` -: The gateway ID. - -`name` -: The gateway name. - -`type` -: The gateway type. - -`publicKey.exponent` -: The public key exponent. - -`publicKey.modulus` -: The public key modulus. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway) for other available properties. - -## Examples - -### Test that the Power BI gateway's exponent is 'AQAB' - -```ruby -describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do - its('publicKey.exponent') { should eq 'AQAB' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If the Azure Power BI gateway is found, it will exist. - -describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if the Azure Power BI gateway is not found, it will not exist. - -describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_gateways.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_gateways.md deleted file mode 100644 index eff80b7dac..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_power_bi_gateways.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_power_bi_gateways Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_power_bi_gateways" -identifier = "inspec/resources/azure/azure_power_bi_gateways Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_power_bi_gateways` InSpec audit resource to test the properties related to all Azure Power BI gateways. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_power_bi_gateways` resource block returns all Azure Power BI gateways. - -```ruby -describe azure_power_bi_gateways do - #... -end -``` - -## Properties - -`ids` -: List of all gateway IDs. - -: **Field**: `id` - -`names` -: List of all the gateway names. - -: **Field**: `name` - -`types` -: List of all the gateway types. - -: **Field**: `type` - -`exponents` -: List of all public key exponents. - -: **Field**: `exponent` - -`modulus` -: List of all public key modulus. - -: **Field**: `modulus` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/Gateways/get-Gateways) for other available properties. - -## Examples - -### Loop through Power BI gateways by their IDs - -```ruby -azure_power_bi_gateways.ids.each do |id| - describe azure_power_bi_gateway(gateway_id: id) do - it { should exist } - end -end -``` - -### Test to ensure all Power BI gateways exponent is 'AQAB' - -```ruby -describe azure_power_bi_gateways.where(exponent: 'AQAB') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Power BI gateways are present. - -describe azure_power_bi_gateways do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Power BI gateway. - -describe azure_power_bi_gateways do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_public_ip.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_public_ip.md deleted file mode 100644 index 0e4741075a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_public_ip.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "azure_public_ip Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_public_ip" -identifier = "inspec/resources/azure/azure_public_ip Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_public_ip` InSpec audit resource to test the properties of an Azure Public IP address. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_public_ip` resource block identifies a public IP address by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_public_ip(resource_group: 'RESOURCE_GROUP', name: 'ADDRESS_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_public_ip(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPAddresses/{publicIpAddressName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The unique name of the public IP address. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`properties.ipAddress` -: The IP address associated with the public IP address resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/publicipaddresses/get#publicipaddress) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the IP Address of a Public IP Resource - -```ruby -describe azure_public_ip(resource_group: 'RESOURCE_GROUP', name: 'ADDRESS_NAME') do - its('properties.ipAddress') { should cmp '51.224.11.75' } -end -``` - -```ruby -describe azure_public_ip(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPAddresses/{publicIpAddressName}') do - its('properties.ipAddress') { should cmp '51.224.11.75' } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_public_ip.rb) for more examples. - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_public_ip(resource_group: 'RESOURCE_GROUP', name: 'ADDRESS_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource not to exist. - -describe azure_public_ip(resource_group: 'RESOURCE_GROUP', name: 'ADDRESS_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_redis_cache.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_redis_cache.md deleted file mode 100644 index fe3ee2cea2..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_redis_cache.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "azure_redis_cache Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_redis_cache" -identifier = "inspec/resources/azure/azure_redis_cache Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_redis_cache` InSpec audit resource to test the properties related to an Azure Redis cache. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name` are required parameters. - -```ruby -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - it { should exist } - its('name') { should cmp 'REDIS_CACHE_NAME' } - its('type') { should cmp 'Microsoft.Cache/Redis' } - its('sku.name') { should cmp 'Standard' } - its('sku.family') { should cmp 'C' } - its('location') { should cmp 'southcentralus' } -end -``` - -```ruby -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the Azure Redis cache to test. - -The parameter set should be provided for a valid query are `resource_group` and `name`. - -## Properties - -`id` -: Resource ID. - -`name` -: Redis cache name. - -`location` -: Redis cache location. - -`type` -: Resource type. - -`tags` -: Resource tags. - -`properties.sku.name` -: The type of Redis cache to deploy. Valid values are `Basic`, `Standard`, and `Premium`. - -`properties.sku.family` -: The SKU family to use. Valid values are `C` and `P` (C = Basic/Standard, P = Premium). - -`properties.sku.capacity` -: The size of the Redis cache to deploy. Valid values are `C` (Basic/Standard; family: 0, 1, 2, 3, 4, 5, 6) and `P` (Premium, family: 1, 2, 3, 4). - -`properties.provisioningState` -: The resource's provisioning state. - -`properties.redisVersion` -: Redis version. - -`properties.enableNonSslPort` -: Specifies whether the non-SSL Redis server port (6379) is enabled. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/redis/redis/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that the Redis instance's provisioning status equals 'Succeeded' - -```ruby -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -### Test that the Redis instance Skuname equals 'Standard' - -**Skuname** is the Redis cache to deploy. Valid values are `Basic`, `Standard`, and `Premium`. - -```ruby -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - its('properties.sku.name') { should eq 'Standard' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Redis cache is found, it will exist. - -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby - -# Redis Caches that aren't found, will not exist. -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - it { should_not exist } -end -``` - -### be_enabled_non_ssl_port - -Ensure that the Redis cache supports non-SSL ports. - -```ruby -describe azure_redis_cache(resource_group: 'RESOURCE_GROUP', name: 'REDIS_CACHE_NAME') do - it { should be_enabled_non_ssl_port } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_redis_caches.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_redis_caches.md deleted file mode 100644 index 904df25fdb..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_redis_caches.md +++ /dev/null @@ -1,229 +0,0 @@ -+++ -title = "azure_redis_caches Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_redis_caches" -identifier = "inspec/resources/azure/azure_redis_caches Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_redis_caches` InSpec audit resource to test the properties of multiple Azure Redis caches in a resource group or an entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_redis_caches` resource block returns all Azure Redis caches within a resource group. - -```ruby -describe azure_redis_caches(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -or - -```ruby -describe azure_redis_caches(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -The parameter should be provided for a valid query is `resource_group`. - -`resource_group` -: Azure resource group where the targeted resource resides. - -## Properties - -`IDs` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of name for all the resource names. - -: **Field**: `name` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`locations` -: A list of locations for all the resources. - -: **Field**: `location` - -`properties` -: A list of properties for all the resources. - -: **Field**: `properties` - -`tags` -: A list of resource tags. - -: **Field**: `tags` - -`sku_names` -: A list of the types of Redis caches to deploy. - -: **Field**: `sku_name` - -`sku_capacities` -: A list of the sizes of the Redis caches to deploy. - -: **Field**: `sku_capacity` - -`sku_families` -: A list of the SKU families to use. - -: **Field**: `sku_family` - -`instances_ssl_ports` -: A list of Redis instance SSL Ports. - -: **Field**: `instances_ssl_ports` - -`is_master_instance` -: A list of Redis instance `is_master` flag. - -: **Field**: `is_master_instance` - -`is_primary_instance` -: A list of Redis instance `is_primary` flag. - -: **Field**: `is_primary_instance` - -`max_clients` -: A list of max clients in Redis configuration. - -: **Field**: `max_clients` - -`max_memory_reserves` -: A list of max memory reserves in Redis configuration. - -: **Field**: `max_memory_reserved` - -`max_fragmentation_memory_reserves` -: A list of max fragmentation memory reserves in Redis configuration. - -: **Field**: `max_fragmentation_memory_reserved` - -`max_memory_deltas` -: A list of max memory deltas in Redis configuration. - -: **Field**: `max_memory_delta` - -`provisioning_states` -: A list of provisioning_states from the properties. - -: **Field**: `provisioning_state` - -`redis_versions` -: A list of Redis versions from the properties. - -: **Field**: `redis_version` - -`enable_non_ssl_port` -: A list of Redis caches where the non-SSL Redis server port (6379) is enabled. - -: **Field**: `enable_non_ssl_port` - -`public_network_access` -: A list of public network access from the properties. - -: **Field**: `public_network_access` - -`access_keys` -: A list of access keys from the properties. - -: **Field**: `access_keys` - -`host_names` -: A list of host names from the properties. - -: **Field**: `host_name` - -`ports` -: A list of ports from the properties. - -: **Field**: `port` - -`ssl_ports` -: A list of SSL ports from the properties. - -: **Field**: `ssl_port` - -`linked_servers` -: A list of linked servers from the Redis caches. - -: **Field**: `linked_servers` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Redis Caches by their names - -```ruby -azure_redis_caches(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_redis_cache(name: name) do - it { should exist } - end -end -``` - -### Test that there is Redis cache with a specific string in its names using client-side filtering - -```ruby -describe azure_redis_caches(resource_group: 'RESOURCE_GROUP').where { name.include?('spec-client') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Redis caches are in the resource group. - -describe azure_redis_caches(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Redis cache. - -describe azure_redis_caches(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_group.md deleted file mode 100644 index 58d6216ff4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_group.md +++ /dev/null @@ -1,116 +0,0 @@ -+++ -title = "azure_resource_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_group" -identifier = "inspec/resources/azure/azure_resource_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_group` InSpec audit resource to test the properties and configuration of an Azure resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` or the `resource_id` are required parameters. - -```ruby -describe azure_resource_group(name: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -```ruby -describe azure_resource_group(resource_id: '/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the resource group. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `name` - -## Properties - -`properties.provisioningState` -: The provisioning state. `Succeeded`. - -For properties applicable to all resources, such as `type`, `name`, `id`, `location`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/policy/policy-definitions/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test a resource group location - -```ruby -describe azure_resource_group(name: 'RESOURCE_GROUP') do - its('location') { should cmp 'eastus' } -end -``` - -### Test a resource group provisioning state - -```ruby -describe azure_resource_group(name: 'RESOURCE_GROUP') do - its('properties.provisioningState') { should cmp 'Succeeded' } -end -``` - -### Test a resource group tags - -```ruby -describe azure_resource_group(name: 'RESOURCE_GROUP') do - its('tags') { should include(:owner) } - its('tags') { should include(owner: 'InSpec') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource group to always exist. - -describe azure_resource_group(name: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource group to never exist. - -describe azure_resource_group(name: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_groups.md deleted file mode 100644 index 4913ce56bb..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_groups.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "azure_resource_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_groups" -identifier = "inspec/resources/azure/azure_resource_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_groups` InSpec audit resource to test the properties and configuration of multiple Azure resource groups. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_resource_groups` resource block returns all resource groups within a subscription. - -```ruby -describe azure_resource_groups do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource group IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resource groups. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resource groups. - -: **Field**: `tags` - -`locations` -: A list of locations of all the resource groups. - -: **Field**: `location` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific resource group is present - -```ruby -describe azure_resource_groups do - its('names') { should include 'my-resource-group' } -end -``` - -### Filters the results to include only those resource groups that have the specified name - -```ruby -describe azure_resource_groups.where{ name.include?('my-resource-group') } do - it { should exist } -end -``` - -### Filters the results to include only the resource groups that have specified tag - -```ruby -describe azure_resource_groups.where{ tags.has_key?('owner') && tags['owner'] == "InSpec" } do - it { should exist } - its('count') { should be 15 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_resource_groups do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_availability_status.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_availability_status.md deleted file mode 100644 index 45d37f61e7..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_availability_status.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "azure_resource_health_availability_status Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_health_availability_status" -identifier = "inspec/resources/azure/azure_resource_health_availability_status Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_health_availability_status` InSpec audit resource to test the properties related to an Azure Resource Health availability status. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `resource_type`, and `name` are required parameters. - -```ruby -describe azure_resource_health_availability_status(resource_group: 'AZURE_RESOURCE_GROUP', resource_type: 'AZURE_RESOURCE_TYPE', name: 'RESOURCE_NAME') do - it { should exist } - its('name') { should cmp 'current' } - its('type') { should cmp 'Microsoft.ResourceHealth/AvailabilityStatuses' } - its('location') { should cmp 'ukwest' } - its('properties.availabilityState') { should cmp 'Available' } - its('properties.reasonChronicity') { should cmp 'Persistent' } -end -``` - -## Parameters - -`name` -: Name of the Azure resource to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -`resource_type` -: Azure resource type of the targeted resource. - -The parameter set should be provided for a valid query are `resource_group`, `resource_type`, and `name`. - -## Properties - -`id` -: Azure Resource Manager Identity for the `availabilityStatuses` resource. - -`name` -: current. - -`type` -: `Microsoft.ResourceHealth/AvailabilityStatuses`. - -`location` -: Azure Resource Manager geo location of the resource. - -`properties` -: Properties of availability state. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resourcehealth/availability-statuses/get-by-resource) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test availability status of a resource - -```ruby -describe azure_resource_health_availability_status(resource_group: 'AZURE_RESOURCE_GROUP', resource_type: 'AZURE_RESOURCE_TYPE', name: 'RESOURCE_NAME') do - its('properties.availabilityState') { should eq 'Available' } -end -``` - -### Test the chronicity type of a resource - -```ruby -describe azure_resource_health_availability_status(resource_group: 'AZURE_RESOURCE_GROUP', resource_type: 'AZURE_RESOURCE_TYPE', name: 'RESOURCE_NAME') do - its('properties.reasonChronicity') { should include 'Persistent' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a resource status is found, it will exist. - -describe azure_resource_health_availability_status(resource_group: 'AZURE_RESOURCE_GROUP', resource_type: 'AZURE_RESOURCE_TYPE', name: 'RESOURCE_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_availability_statuses.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_availability_statuses.md deleted file mode 100644 index bc96cdc62a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_availability_statuses.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_resource_health_availability_statuses Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_health_availability_statuses" -identifier = "inspec/resources/azure/azure_resource_health_availability_statuses Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_health_availability_statuses` InSpec audit resource to test the properties related to all Azure Availability Statuses for the subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_resource_health_availability_statuses` resource block returns all Azure Availability Statuses within a subscription. - -```ruby -describe azure_resource_health_availability_statuses do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the Azure Resource Manager Identity for the `availabilityStatuses` resources. - -: **Field**: `id` - -`names` -: current. - -: **Field**: `name` - -`types` -: `Microsoft.ResourceHealth/AvailabilityStatuses`. - -: **Field**: `type` - -`properties` -: A list of Properties of availability state. - -: **Field**: `properties` - -`locations` -: A list of Azure Resource Manager geo locations of the resource. - -: **Field**: `location` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through availability statuses by resource ID - -```ruby -azure_resource_health_availability_statuses.ids.each do |id| - describe azure_resource_health_availability_status(resource_id: id) do - it { should exist } - end -end -``` - -### Test that there are availability statuses that have an 'Available' availability state - -```ruby -describe azure_resource_health_availability_statuses.where{ properties.select{|prop| prop.availabilityState == 'Available' } } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no availability statuses are present in the subscription. - -describe azure_resource_health_availability_statuses do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one availability status in the subscription. - -describe azure_resource_health_availability_statuses do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_emerging_issue.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_emerging_issue.md deleted file mode 100644 index 2175fb8a1b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_emerging_issue.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "azure_resource_health_emerging_issue Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_health_emerging_issue" -identifier = "inspec/resources/azure/azure_resource_health_emerging_issue Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_health_emerging_issue` InSpec audit resource to test the properties related to an Azure Resource Health Emerging issue. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` is a required parameter. - -```ruby -describe azure_resource_health_emerging_issue(name: 'EMERGING_ISSUE_NAME') do - it { should exist } - its('properties.statusActiveEvents') { should be_empty } -end -``` - -```ruby -describe azure_resource_health_emerging_issue(name: 'EMERGING_ISSUE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Resource Health emerging issue to test. - -## Properties - -`id` -: Fully qualified resource ID for the resource. - -`name` -: The name of the resource. - -`type` -: The type of resource. - -`properties.statusActiveEvents` -: The list of emerging issues of the active event type. - -`properties.statusBanners` -: The list of emerging issues of banner type. - -`properties.refreshTimestamp` -: Timestamp for when last time refreshed for ongoing emerging issue. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resourcehealth/emerging-issues/get) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that there are emerging issues with an active event type - -```ruby -describe azure_resource_health_emerging_issue(name: 'default') do - its('properties.statusActiveEvents') { should_not be_empty } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If an emerging issue is found, it will exist. -describe azure_resource_health_emerging_issue(name: 'default') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If no emerging issues are found, it will not exist. -describe azure_resource_health_emerging_issue(name: 'default') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_emerging_issues.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_emerging_issues.md deleted file mode 100644 index 8fd68f3281..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_emerging_issues.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_resource_health_emerging_issues Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_health_emerging_issues" -identifier = "inspec/resources/azure/azure_resource_health_emerging_issues Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_health_emerging_issues` InSpec audit resource to test the properties related to all Azure Resource Health Emerging issues. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_resource_health_emerging_issues` resource block returns all Azure Resource Health Emerging issues. - -```ruby -describe azure_resource_health_emerging_issues do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the resources. - -: **Field**: `name` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`properties` -: A list of Properties for all the resources. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -See [Azure's documentation](https://docs.microsoft.com/en-us/rest/api/resourcehealth/emerging-issues/get) for other available properties. - -## Examples - -### Test that there are emerging health issues that are of lower severity - -```ruby -describe azure_resource_health_emerging_issues.where{ properties.select{|prop| prop.statusActiveEvents.select{ |event| event.severity == 'Warning' } } } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no service health emerging issues are present. - -describe azure_resource_health_emerging_issues do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one service health emerging issue. - -describe azure_resource_health_emerging_issues do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_events.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_events.md deleted file mode 100644 index 6a60117f83..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_resource_health_events.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azure_resource_health_events Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_resource_health_events" -identifier = "inspec/resources/azure/azure_resource_health_events Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_resource_health_events` InSpec audit resource to test the properties related to all Azure Resource Health events for the subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_resource_health_events` resource block returns all Azure Resource Health events within a subscription or for a particular resource. - -```ruby -describe azure_resource_health_events do - #... -end -``` - -or - -```ruby -describe azure_resource_health_events(resource_group: 'RESOURCE_GROUP', resource_type: 'RESOURCE_TYPE', resource_id: 'RESOURCE_ID') do - #... -end -``` - -## Parameters - -{{< note >}} - -To list all service health events in a subscription, do not provide any parameters. -To list events for a particular resource, pass in all three parameters listed below. -If one or more parameters are missing then all events in a subscription will be returned. - -{{< /note >}} - -`resource_group` -: Azure resource group where the targeted resource resides. - -`resource_type` -: The name of the resource type. - -`resource_id` -: The unique identifier of the resource. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the resources. - -: **Field**: `name` - -`types` -: A list of resource types for all the resources. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -See the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resourcehealth/events/list-by-single-resource) for other available properties. - -## Examples - -### Test that there are health events that have a service issue - -```ruby -describe azure_resource_health_events.where{ properties.select{|prop| prop.eventType == 'ServiceIssue' } } do - it { should exist } -end -``` - -### Test that there are health events for a particular resource - -```ruby -describe azure_resource_health_events(resource_group: 'RESOURCE_GROUP', resource_type: 'RESOURCE_TYPE', resource_id: 'RESOURCE_ID') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no service health events are present in the subscription. - -describe azure_resource_health_events do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one service health events in the subscription. - -describe azure_resource_health_events do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_role_definition.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_role_definition.md deleted file mode 100644 index 9f222afae7..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_role_definition.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azure_role_definition Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_role_definition" -identifier = "inspec/resources/azure/azure_role_definition Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_role_definition` InSpec audit resource to test the properties and configuration of an Azure role definition. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` or the `resource_id` are required parameters. - -```ruby -describe azure_role_definition(name: 'abcd-1234') do - it { should exist } -end -``` - -```ruby -describe azure_role_definition(resource_id: '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the role definition. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `name` - -## Properties - -`role_name` -: The role name. - -`role_type` -: The role type. `BuiltInRole`. - -`assignable_scopes` -: Role definition assignable scopes. - -`permissions_allowed` -: A list of allowed actions within role definition permissions. - -`permissions_not_allowed` -: A list of denied actions within role definition permissions. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/authorization/roledefinitions/get#roledefinition) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test allowed permissions on a role definition - -```ruby -describe azure_role_definition(name: 'policy-reader-only') - it { should exist } - its('permissions_allowed') { should include 'Microsoft.Authorization/policyassignments/read'} - its('permissions_allowed') { should_not include 'Microsoft.Authorization/policyassignments/write'} - its('permissions_allowed') { should_not include '*'} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_role_definition(name: 'abcd-1234') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_role_definition(name: 'abcd-1234') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_role_definitions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_role_definitions.md deleted file mode 100644 index fc9661c133..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_role_definitions.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "azure_role_definitions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_role_definitions" -identifier = "inspec/resources/azure/azure_role_definitions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_role_definitions` InSpec audit resource to test the properties and configuration of multiple Azure role definitions. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_role_definitions` resource block returns all role definitions within a subscription. - -```ruby -describe azure_role_definitions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`role_names` -: A list of role names of all the role definitions being interrogated. - -: **Field**: `role_name` - -`types` -: A list of role type of all the role definitions being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check a specific role definition is present - -```ruby -describe azure_role_definitions do - its('names') { should include 'my-role' } -end -``` - -### Filter the results to include only those role definitions that have the specified name - -```ruby -describe azure_role_definitions.where{ name.include?('my-role') } do - it { should exist } -end -``` - -### Filter the results to include only the built-in role definitions - -```ruby -describe azure_role_definitions.where{ type == "BuiltInRole" } do - it { should exist } - its('count') { should be 15 } -end -``` - -### Filter the results to include only the role definitions that contain 'Kubernetes' in the role name - -```ruby -describe azure_role_definitions.where{ role_name.include?('Kubernetes') } do - it { should exist } - its('count') { should be 15 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_role_definitions do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_security_center_policies.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_security_center_policies.md deleted file mode 100644 index 82bcdc211d..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_security_center_policies.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_security_center_policies Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_security_center_policies" -identifier = "inspec/resources/azure/azure_security_center_policies Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_security_center_policies` InSpec audit resource to test the properties and configuration of multiple Azure Policies. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_subscriptions` resource block returns all security policies for a subscription. - -```ruby -describe azure_security_center_policies do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`policy_names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific policy is present - -```ruby -describe azure_security_center_policies do - its('names') { should include 'my-policy' } -end -``` - -### Filter the results to include only those policies that have a specified string in their names - -```ruby -describe azure_security_center_policies.where{ name.include?('production') } do - it { should exist } -end -``` - -### Filter the results to include only those policies that the log collection is enabled - -```ruby -describe azure_security_center_policies.where{ properties[:logCollection] == 'On' } do - it { should exist } - its('count') { should eq 4 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_security_center_policies do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_security_center_policy.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_security_center_policy.md deleted file mode 100644 index 4da54f3bac..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_security_center_policy.md +++ /dev/null @@ -1,195 +0,0 @@ -+++ -title = "azure_security_center_policy Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_security_center_policy" -identifier = "inspec/resources/azure/azure_security_center_policy Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_security_center_policy` InSpec audit resource to test the properties and configuration of an Azure security policy. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_security_center_policy` resource block will lookup the `default` policy unless `resource_group` and `name`, or the `resource_id` parameter is given. - -```ruby -# The default security policy will be interrogated. - -describe azure_security_center_policy do - its('name') { should cmp 'default' } -end -``` - -```ruby -describe azure_security_center_policy(resource_group: 'RESOURCE_GROUP', name: 'POLICY_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_security_center_policy(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.Security/policies/{policy-name}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the security policy to test. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.Security/policies/{policy-name}`. - -`default_policy_api_version*` -: The endpoint API version for the `default_policy` property. The latest version will be used unless provided. - -`auto_provisioning_settings_api_version*` -: The endpoint API version for the `auto_provisioning_settings` property. The latest version will be used unless provided. - -* It will be ignored unless the default policy is tested. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `name: 'default'`: This is for backward compatibility. It is advised not to pass any parameters if the default security policy is tested. - -## Properties - -`log_collection` -: Indicates if the log collection is enabled (`On`, `Off`). - -`pricing_tier` -: Cost/Feature Model under which the subscription is operating. - -`patch` -: Indicates if patch scanner notifications are enabled (`On`, `Off`). - -`baseline` -: Indicates if baseline scanner notifications are enabled (`On`, `Off`). - -`anti_malware` -: Indicates if anti-malware protection task notifications are enabled (`On`, `Off`). - -`network_security_groups` -: Indicates if network security group recommendations are enabled are enabled (`On`, `Off`). - -`web_application_firewall` -: Indicates if WAF protection task notifications are enabled (`On`, `Off`). - -`vulnerability_assessment` -: Indicates if vulnerability assessment recommendations are enabled (`On`, `Off`). - -`storage_encryption` -: Indicates if storage encryption recommendations are enabled (`On`, `Off`). - -`just_in_time_network_access` -: Indicates if just in time network access recommendations are enabled (`On`, `Off`). - -`app_whitelisting` -: Indicates if app whitelisting recommendations are enabled (`On`, `Off`). - -`sql_auditing` -: Indicates if sql auditing recommendations are enabled (`On`, `Off`). - -`sql_transparent_data_encryption` -: Indicates if sql transparent data encryption recommendations are enabled (`On`, `Off`). - -`notifications_enabled` -: Indicates if security alerts are emailed to the security contact (`true`, `false`). - -`send_security_email_to_admin` -: Indicates if the subscription admin will receive security alerts (`true`, `false`). - -`contact_emails` -: Contains a list of security email addresses. - -`contact_phone` -: Contains the security contact phone number. - -`default_policy*` -: This is the default set of policies monitored by Azure security center. - -`auto_provisioning_settings*` -: This is the default auto provisioning setting for the subscription. - -*Only applicable to the default security policy. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if log collection is enabled - -```ruby -describe azure_security_center_policy(resource_group: 'my-rg', name: 'my_policy') do - its('log_collection') { should cmp 'On' } -end -``` - -**Test If Notifications are Enabled.** - -```ruby -describe azure_security_center_policy(resource_group: 'RESOURCE_GROUP', name: 'POLICY_NAME') do - its('notifications_enabled') { should be true } -end -``` - -See [integration tests](https://github.com/inspec/inspec-azure/blob/main/test/integration/verify/controls/azure_security_center_policy.rb) for more examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_auto_provisioning_enabled - -Test if auto provisioning is enabled. This can be used via the default security policy only. - -```ruby -describe azure_security_center_policy do - it { should have_auto_provisioning_enabled } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_security_center_policy(resource_group: 'RESOURCE_GROUP', name: 'POLICY_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_security_center_policy(resource_group: 'RESOURCE_GROUP', name: 'POLICY_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_namespace.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_namespace.md deleted file mode 100644 index d0725d03ce..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_namespace.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_service_bus_namespace Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_namespace" -identifier = "inspec/resources/azure/azure_service_bus_namespace Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_namespace` InSpec audit resource to test the properties related to an Azure Service Bus Namespace. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces' } - its('location') { should eq 'East US' } -end -``` - -```ruby -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Bus namespaces to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.ServiceBus/Namespaces`. - -`location` -: The Geo-location where the resource lives. - -`properties` -: The properties of the Service Bus Namespace. - -`properties.serviceBusEndpoint` -: Endpoint you can use to perform Service Bus operations. - -`properties.metricId` -: Identifier for Azure Insights metrics. - -`properties.provisioningState` -: Provisioning state of the Namespace. - -`sku.name` -: Name of this SKU. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/namespaces/get) for other available properties. - -## Examples - -### Test that the Service Bus Namespaces are provisioned successfully - -```ruby -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Bus Namespace is found, it will exist. - -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Service Bus Namespace is not found, it will not exist. - -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_namespaces.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_namespaces.md deleted file mode 100644 index 78fc78840f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_namespaces.md +++ /dev/null @@ -1,144 +0,0 @@ -+++ -title = "azure_service_bus_namespaces Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_namespaces" -identifier = "inspec/resources/azure/azure_service_bus_namespaces Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_namespaces` InSpec audit resource to test the properties related to all Azure Service Bus Namespaces within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_bus_namespaces` resource block returns all Azure Service Bus Namespaces within a project. - -```ruby -describe azure_service_bus_namespaces do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Service Bus Namespaces. - -: **Field**: `properties` - -`locations` -: A list of the Geo-locations. - -: **Field**: `location` - -`serviceBusEndpoints` -: A list of endpoints you can use to perform Service Bus operations. - -: **Field**: `serviceBusEndpoint` - -`metricIds` -: A list of identifiers for Azure Insights metrics. - -: **Field**: `metricId` - -`provisioningStates` -: A list of provisioning states of the namespace. - -: **Field**: `provisioningState` - -`sku_names` -: A list of names for the sku. - -: **Field**: `sku_name` - -`sku_tiers` -: A list of tiers for the sku. - -: **Field**: `sku_tier` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Service Bus Namespaces by their names - -```ruby -azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Service Bus Namespaces that are successfully provisioned - -```ruby -describe azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Bus Namespaces are present. - -describe azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Bus Namespaces. - -describe azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_regions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_regions.md deleted file mode 100644 index 45cf031375..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_regions.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "azure_service_bus_regions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_regions" -identifier = "inspec/resources/azure/azure_service_bus_regions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_regions` InSpec audit resource to test the properties related to all Azure Service Bus regions. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_bus_regions` resource block returns all Azure Service Bus regions. - -```ruby -describe azure_service_bus_regions(sku: 'SKU_NAME') do - #... -end -``` - -## Parameters - -`sku` _(required)_ -: The sku type. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Service Bus regions. - -: **Field**: `properties` - -`locations` -: A list of the resource locations. - -: **Field**: `location` - -`codes` -: A list of region codes. - -: **Field**: `code` - -`fullNames` -: A list of full names of the regions. - -: **Field**: `fullName` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that there are Service Bus regions that are successfully provisioned - -```ruby -describe azure_service_bus_regions(sku: 'SKU_NAME').where(code: 'Central US') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Bus regions are present. - -describe azure_service_bus_regions(sku: 'SKU_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Bus region. - -describe azure_service_bus_regions(sku: 'SKU_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription.md deleted file mode 100644 index 462ee6b5b8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_service_bus_subscription Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_subscription" -identifier = "inspec/resources/azure/azure_service_bus_subscription Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_subscription` InSpec audit resource to test the properties related to an Azure Service Bus subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_bus_subscription(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } - its('properties.filterType') { should eq 'SqlFilter' } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Bus subscription to test. - -`namespace_name` _(required)_ -: The namespace name. - -`topic_name` _(required)_ -: The topic name. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. - -`properties` -: The properties of the Service Bus subscription. - -`properties.lockDuration` -: ISO 8061 lock duration timespan for the subscription. The default value is **1 minute**. - -`properties.status` -: Enumerates the possible values for the status of a messaging entity. - -`properties.countDetails` -: Message count details. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/subscriptions/get) for other available properties. - -## Examples - -### Test that the Service Bus subscription is active - -```ruby -describe azure_service_bus_subscription(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_NAME') do - its('properties.status') { should eq 'Active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Bus subscription is found, it will exist. - -describe azure_service_bus_subscription(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If a Service Bus subscription is not found, it will not exist. - -describe azure_service_bus_subscription(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md deleted file mode 100644 index 04a9ac1bea..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_service_bus_subscription_rule Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_subscription_rule" -identifier = "inspec/resources/azure/azure_service_bus_subscription_rule Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_subscription_rule` InSpec audit resource to test the properties related to an Azure Service Bus subscription rule. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } - its('properties.filterType') { should eq 'SqlFilter' } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Bus subscription rule to test. - -`namespace_name` _(required)_ -: The namespace name. - -`subscription_name` _(required)_ -: The subscription name. - -`topic_name` _(required)_ -: The topic name. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. - -`properties` -: The properties of the Service Bus subscription rule. - -`properties.action` -: Represents the filter actions that are allowed for the transformation of a message that has been matched by a filter expression. - -`properties.filterType` -: Filter type that is evaluated against a BrokeredMessage. - -`properties.sqlFilter` -: Properties of sqlFilter. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/rules/get) for other available properties. - -## Examples - -### Test that the Service Bus subscription rule is of SQL Filter type - -```ruby -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - its('properties.filterType') { should eq 'SqlFilter' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Bus subscription rule is found, it will exist. - -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If a Service Bus subscription rule is not found, it will not exist. - -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md deleted file mode 100644 index 8564e46225..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azure_service_bus_subscription_rules Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_subscription_rules" -identifier = "inspec/resources/azure/azure_service_bus_subscription_rules Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_subscription_rules` InSpec audit resource to test the properties related to all Azure Service Bus subscription rules. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_bus_subscription_rules` resource block returns all Azure Service Bus subscription rules. - -```ruby -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do - #... -end -``` - -## Parameters - -`namespace_name` _(required)_ -: The namespace name. - -`subscription_name` _(required)_ -: The subscription name. - -`topic_name` _(required)_ -: The topic name. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Service Bus subscription rules. - -: **Field**: `properties` - -`filterTypes` -: A list of the filter types. - -: **Field**: `filterType` - -`sqlFilter` -: A list of sqlFilters. - -: **Field**: `sqlFilter` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that there are Service Bus subscription rules that are of SQL Filter type - -```ruby -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME').where(filterType: 'SqlFilter') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Bus subscription rules are present. - -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Bus subscription rule. - -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscriptions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscriptions.md deleted file mode 100644 index 8023944dd3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_subscriptions.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_service_bus_subscriptions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_subscriptions" -identifier = "inspec/resources/azure/azure_service_bus_subscriptions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_subscriptions` InSpec audit resource to test the properties related to all Azure Service Bus subscriptions. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_bus_subscriptions` resource block returns all Azure Service Bus subscriptions. - -```ruby -describe azure_service_bus_subscriptions(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME') do - #... -end -``` - -## Parameters - -`namespace_name` _(required)_ -: The namespace name. - -`topic_name` _(required)_ -: The topic name. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Service Bus subscriptions. - -: **Field**: `properties` - -`lockDurations` -: A list of the lock duration timespans. - -: **Field**: `lockDuration` - -`statuses` -: A list of statuses of a messaging entity. - -: **Field**: `status` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that there are Service Bus subscriptions that are active - -```ruby -describe azure_service_bus_subscriptions(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME').where(status: 'Active') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Bus subscriptions are present. - -describe azure_service_bus_subscriptions(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Bus subscription. - -describe azure_service_bus_subscriptions(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', topic_name: 'TOPIC_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_topic.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_topic.md deleted file mode 100644 index 7382c7835a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_topic.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "azure_service_bus_topic Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_topic" -identifier = "inspec/resources/azure/azure_service_bus_topic Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_topic` InSpec audit resource to test the properties related to an Azure Service Bus topic. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics' } -end -``` - -```ruby -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Bus topics to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`namespace_name` _(required)_ -: Name of the namespace where the topic resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.ServiceBus/Namespaces/Topics`. - -`properties` -: The properties of the Service Bus topic. - -`properties.maxSizeInMegabytes` -: Maximum size of the topic in megabytes, the memory size allocated for the topic. The default value is **1024**. - -`properties.sizeInBytes` -: Size of the topic, in bytes. - -`properties.status` -: Enumerates the possible values for the status of a messaging entity. - -`properties.countDetails` -: Message count details. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/topics/get) for other available properties. - -## Examples - -### Test that the Service Bus topics are provisioned successfully - -```ruby -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - its('properties.status') { should eq 'Active' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Bus topic is found, it will exist. - -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Service Bus topic is not found, it will not exist. - -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_topics.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_topics.md deleted file mode 100644 index 4d4a8e5106..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_bus_topics.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "azure_service_bus_topics Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_bus_topics" -identifier = "inspec/resources/azure/azure_service_bus_topics Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_bus_topics` InSpec audit resource to test the properties related to all Azure Service Bus topics within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_bus_topics` resource block returns all Azure Service Bus topics within a project. - -`name`, `namespace_name`, and `resource_group` are the required parameters. - -```ruby -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. `MyResourceGroup`. - -`namespace_name` _(required)_ -: Name of the namespace where the topic resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Service Bus topics. - -: **Field**: `properties` - -`maxSizeInMegabytes` -: A list of maximum sizes of the topics. - -: **Field**: `maxSizeInMegabytes` - -`sizeInBytes` -: A list of sizes of the topics. - -: **Field**: `sizeInBytes` - -`statuses` -: A list of the status of a messaging entity. - -: **Field**: `status` - -`countDetails` -: A list of message count details. - -: **Field**: `countDetails` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Service Bus topics by their names - -```ruby -azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME').names.each do |name| - describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: name) do - it { should exist } - end -end -``` - -### Test that there are Service Bus topics that are successfully provisioned - -```ruby -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME').where(status: 'Active') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Bus topics are present. - -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Bus topic. - -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_application.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_application.md deleted file mode 100644 index 3ce5ca2970..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_application.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_application Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_application" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_application Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_application` InSpec audit resource to test the properties of an Azure Service Fabric Mesh application. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceFabricMesh/applications' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Fabric Mesh applications to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.ServiceFabricMesh/applications`. - -`location` -: The Geo-location where the resource lives. - -`properties` -: The properties of the Service Fabric Mesh application. - -`properties.description` -: User-readable description of the application. - -`properties.debugParams` -: Internal use. - -`properties.provisioningState` -: State of the resource. - -`properties.healthState` -: The health state of a resource such as application, Service, or Network. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-application_get) for other available properties. - -## Examples - -### Test that the Service Fabric Mesh application is provisioned successfully - -```ruby -describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Fabric Mesh application is found, it will exist. - -describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If a Service Fabric Mesh application is not found, it will not exist. - -describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_applications.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_applications.md deleted file mode 100644 index 3864e83f09..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_applications.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_applications Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_applications" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_applications Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_applications` InSpec audit resource to test the properties of all Azure Service Fabric Mesh applications. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_fabric_mesh_applications` resource block returns all Azure Service Fabric Mesh applications. - -```ruby -describe azure_service_fabric_mesh_applications do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the Service Fabric Mesh applications. - -: **Field**: `properties` - -`locations` -: A list of the Geo-locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of the Service Fabric Mesh applications. - -: **Field**: `provisioningState` - -`healthStates` -: A list of the health states of a resource such as application, Service, or Network. - -: **Field**: `healthState` - -`serviceNames` -: A list of the services in the application. - -: **Field**: `serviceNames` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Service Fabric Mesh applications by their names - -```ruby -azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Service Fabric Mesh applications that are successfully provisioned - -```ruby -describe azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Fabric Mesh applications are present. - -describe azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Fabric Mesh application. - -describe azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_network.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_network.md deleted file mode 100644 index bfb117329b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_network.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_network Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_network" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_network Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_network` InSpec audit resource to test the properties of an Azure Service Fabric Mesh network. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceFabricMesh/networks' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Service Fabric Mesh networks to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -The parameter set that should be provided for a valid query is `resource_group` and `name`. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.ServiceFabricMesh/networks`. - -`location` -: The Geo-location where the resource lives. - -`properties` -: The properties of the Service Fabric Mesh network. - -`properties.addressPrefix` -: the address prefix for this network. - -`properties.provisioningState` -: State of the resource. - -`properties.ingressConfig.qosLevel` -: The QoS tier for ingress. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-network_get) for other available properties. - -## Examples - -### Test that the Service Fabric Mesh network is provisioned successfully - -```ruby -describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Fabric Mesh network is found, it will exist. - -describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If a Service Fabric Mesh network is not found, it will not exist. - -describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_networks.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_networks.md deleted file mode 100644 index e1708a2c78..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_networks.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_networks Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_networks" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_networks Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_networks` InSpec audit resource to test the properties of all Azure Service Fabric Mesh networks. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_fabric_mesh_networks` resource block returns all Azure Service Fabric Mesh networks. - -```ruby -describe azure_service_fabric_mesh_networks do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the Service Fabric Mesh networks. - -: **Field**: `properties` - -`locations` -: A list of the Geo-locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of the Service Fabric Mesh networks. - -: **Field**: `provisioningState` - -`addressPrefixes` -: A list of address prefixes. - -: **Field**: `addressPrefix` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Service Fabric Mesh networks by their names - -```ruby -azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Service Fabric Mesh networks that are successfully provisioned - -```ruby -describe azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Fabric Mesh networks are present. - -describe azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Fabric Mesh networks. - -describe azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_replica.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_replica.md deleted file mode 100644 index a40f8b8a00..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_replica.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_replica Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_replica" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_replica Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_replica` InSpec audit resource to test the properties of an Azure Service Fabric Mesh replica. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_fabric_mesh_replica(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME', name: 'SERVICE_FABRIC_MESH_SERVICE_REPLICA_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceFabricMesh/applications' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_service_fabric_mesh_replica(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME', name: 'SERVICE_FABRIC_MESH_SERVICE_REPLICA_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Fabric Mesh replicas to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`application_name` _(required)_ -: The identity of the application. - -`service_name` _(required)_ -: The identity of the service. - -## Properties - -`osType` -: The Operating system type required by the code in service. - -`codePackages` -: Describes the set of code packages that form the service. - -`networkRefs` -: The names of the private networks that this service needs to be part. - -`replicaName` -: Name of the replica. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-replica_get) for other available properties. - -## Examples - -### Test that the Service Fabric Mesh replica Replica is equal to 1 - -```ruby -describe azure_service_fabric_mesh_replica(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME', name: 'SERVICE_FABRIC_MESH_SERVICE_REPLICA_NAME') do - its('replicaName') { should eq '1' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Fabric Mesh replica is found, it will exist. - -describe azure_service_fabric_mesh_replica(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME', name: 'SERVICE_FABRIC_MESH_SERVICE_REPLICA_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If a Service Fabric Mesh replica is not found, it will not exist. - -describe azure_service_fabric_mesh_replica(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME', name: 'SERVICE_FABRIC_MESH_SERVICE_REPLICA_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_replicas.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_replicas.md deleted file mode 100644 index 30f15cdbab..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_replicas.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_replicas Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_replicas" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_replicas Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_replicas` InSpec audit resource to test the properties of all Azure Service Fabric Mesh replicas. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_fabric_mesh_replicas` resource block returns all Azure Service Fabric Mesh replicas. - -```ruby -describe azure_service_fabric_mesh_replicas(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`application_name` _(required)_ -: The identity of the application. - -`service_name` _(required)_ -: The identity of the service. - -## Properties - -`osTypes` -: A list of OS Types. - -: **Field**: `osType` - -`codePackages` -: A list of code packages. - -: **Field**: `codePackages` - -`networkRefs` -: A list of the network refs. - -: **Field**: `networkRefs` - -`replicaNames` -: A list of the replica names. - -: **Field**: `replicaName` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that there are Service Fabric Mesh replicas with at least one replica - -```ruby -describe azure_service_fabric_mesh_replicas(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME').where{ replicaName > 1 } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Fabric Mesh replicas are present. - -describe azure_service_fabric_mesh_replicas(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Fabric Mesh replica. - -describe azure_service_fabric_mesh_replicas(resource_group: 'RESOURCE_GROUP', application_name: 'SERVICE_FABRIC_MESH_APPLICATION_NAME', service_name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_service.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_service.md deleted file mode 100644 index ec77878edc..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_service.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_service Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_service" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_service Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_service` InSpec audit resource to test the properties of an Azure Service Fabric Mesh service. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_fabric_mesh_service(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceFabricMesh/applications' } -end -``` - -```ruby -describe azure_service_fabric_mesh_service(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Fabric Mesh service to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.ServiceFabricMesh/services`. - -`properties` -: The properties of the **Service Fabric Mesh Service**. - -`properties.osType` -: The Operating system type required by the code in service. - -`properties.replicaCount` -: The number of replicas of the service to create. Defaults to 1 if not specified. - -`properties.healthState` -: Describes the health state of a services resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-service_get) for other available properties. - -## Examples - -### Test that the 'Service Fabric Mesh Service' is healthy - -```ruby -describe azure_service_fabric_mesh_service(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - its('properties.healthState') { should eq 'Ok' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Fabric Mesh Service is found, it will exist. - -describe azure_service_fabric_mesh_service(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Service Fabric Mesh Service is not found, it will not exist. - -describe azure_service_fabric_mesh_service(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_SERVICE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_services.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_services.md deleted file mode 100644 index f550f3924c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_services.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_services Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_services" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_services Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_services` InSpec audit resource to test the properties of all Azure Service Fabric Mesh services within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_fabric_mesh_services` resource block returns all Azure service Fabric Mesh services within a project. - -```ruby -describe azure_service_fabric_mesh_services do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the service Fabric Mesh services. - -: **Field**: `properties` - -`osTypes` -: The Operating system type required by the code in services. - -: **Field**: `replicaCount` - -`replicaCounts` -: The number of replicas of the service to create. Defaults to 1 if not specified. - -: **Field**: `metricId` - -`healthStates` -: The health state of a services resource. - -: **Field**: `healthState` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through service Fabric Mesh services by their names - -```ruby -azure_service_fabric_mesh_services(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_service_fabric_mesh_service(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are service Fabric Mesh services that are healthy - -```ruby -describe azure_service_fabric_mesh_services(resource_group: 'RESOURCE_GROUP').where(replicaCounts: 2) do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no service Fabric Mesh services are present. - -describe azure_service_fabric_mesh_services(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one service Fabric Mesh services. - -describe azure_service_fabric_mesh_services(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_volume.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_volume.md deleted file mode 100644 index 4e2d42ba20..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_volume.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_volume Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_volume" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_volume Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_volume` InSpec audit resource to test the properties of an Azure Service Fabric Mesh volume. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_service_fabric_mesh_volume(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_VOLUME_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceFabricMesh/applications' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_service_fabric_mesh_volume(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_VOLUME_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Service Fabric Mesh volumes to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.ServiceFabricMesh/applications`. - -`location` -: The Geo-location where the resource lives. - -`properties` -: The properties of the Service Fabric Mesh volume. - -`properties.description` -: User-readable description of the application. - -`properties.provisioningState` -: State of the resource. - -`properties.azureFileParameters.shareName` -: Name of the Azure Files file share that provides storage for the volume. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-volume_get) for other available properties. - -## Examples - -### Test that the Service Fabric Mesh volume is provisioned successfully - -```ruby -describe azure_service_fabric_mesh_volume(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_VOLUME_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Service Fabric Mesh volume is found, it will exist. - -describe azure_service_fabric_mesh_volume(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_VOLUME_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Service Fabric Mesh volume is not found, it will not exist. - -describe azure_service_fabric_mesh_volume(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_VOLUME_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_volumes.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_volumes.md deleted file mode 100644 index ed537b52f5..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_volumes.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azure_service_fabric_mesh_volumes Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_service_fabric_mesh_volumes" -identifier = "inspec/resources/azure/azure_service_fabric_mesh_volumes Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_service_fabric_mesh_volumes` InSpec audit resource to test the properties of all Azure Service Fabric Mesh volumes. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_service_fabric_mesh_volumes` resource block returns all Azure Service Fabric Mesh volumes. - -```ruby -describe azure_service_fabric_mesh_volumes do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the Service Fabric Mesh volumes. - -: **Field**: `properties` - -`locations` -: A list of the Geo-locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of the Service Fabric Mesh volumes. - -: **Field**: `provisioningState` - -`providers` -: A list of providers of the volume. - -: **Field**: `provider` - -`shareNames` -: A list of the Name of the Azure Files file share that provides storage for the volume. - -: **Field**: `shareName` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Service Fabric Mesh volumes by their names - -```ruby -azure_service_fabric_mesh_volumes(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_service_fabric_mesh_volume(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Service Fabric Mesh volumes that are successfully provisioned - -```ruby -describe azure_service_fabric_mesh_volumes(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Service Fabric Mesh volumes are present. - -describe azure_service_fabric_mesh_volumes(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Service Fabric Mesh volume. - -describe azure_service_fabric_mesh_volumes(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_snapshot.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_snapshot.md deleted file mode 100644 index 3aafe78cd4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_snapshot.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "azure_snapshot Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_snapshot" -identifier = "inspec/resources/azure/azure_snapshot Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_snapshot` InSpec audit resource to test the properties and configuration of an Azure snapshot. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name` are required parameters. - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`name` _(required)_ -: The name of the snapshot that is being created. - -## Properties - -`id` -: The id of the snapshot. - -`name` -: The name of the snapshot. - -`type` -: The type of the snapshot. - -`location` -: The location of the snapshot. - -`properties` -: The properties of the snapshot. - -`sku` -: The sku of the snapshot. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -See the [Azure documentation](https://learn.microsoft.com/en-us/rest/api/compute/snapshots/get?tabs=HTTP) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a snapshot is referenced with a valid name - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - it { should exist } -end -``` - -### Test if a snapshot is referenced with an invalid name - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - it { should_not exist } -end -``` - -### Test if a snapshot has the `Windows' operating system type - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - its('properties.osType') { should cmp 'Windows' } -end -``` - -### Test if the snapshot has a valid disk size - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - its('properties.diskSizeGB') { should cmp 127 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -Use `should exist` to test for a resource that should exist. - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - it { should exist } -end -``` - -Use `should_not exist` to test for a resource that should not exist. - -```ruby -describe azure_snapshot(resource_group: 'RESOURCE_GROUP', name: 'SNAPSHOT_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_snapshots.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_snapshots.md deleted file mode 100644 index 687ed55ce4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_snapshots.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "azure_snapshots Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_snapshots" -identifier = "inspec/resources/azure/azure_snapshots Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_snapshots` InSpec audit resource to test the properties and configurations of multiple Azure snapshots. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_snapshots do - it { should exist } -end -``` - -## Parameters - -No required parameters. - -## Properties - -`ids` -: The id of the snapshot. - -: **Field**: `id` - -`names` -: The name of the snapshot. - -: **Field**: `name` - -`types` -: The type of the snapshot. - -: **Field**: `type` - -`locations` -: The location of the snapshot. - -: **Field**: `location` - -`properties` -: The properties of the snapshot. - -: **Field**: `properties` - -`skus` -: The sku of the snapshot. - -: **Field**: `sku` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -See the [Azure documentation](https://learn.microsoft.com/en-us/rest/api/compute/snapshots/list-by-resource-group?tabs=HTTP) for other available properties. - -## Examples - -### Test if a snapshot has a valid type - -```ruby -describe azure_snapshots do - its('types') { should cmp 'Microsoft.Compute/snapshots' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -Use `should exist` to test that a resource exists. - -```ruby -describe azure_snapshots do - it { should exist } -end -``` - -Use `should_not exist` to test that resources do not exist. - -```ruby -describe azure_snapshots do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database.md deleted file mode 100644 index 351044651c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database.md +++ /dev/null @@ -1,157 +0,0 @@ -+++ -title = "azure_sql_database Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_database" -identifier = "inspec/resources/azure/azure_sql_database Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_database` InSpec audit resource to test the properties and configuration of an Azure SQL Database. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `server_name`, and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_sql_database(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server on which the database resides. - -`name` -: Name of the SQL database to test. - -`database_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -`auditing_settings_api_version` -: The endpoint API version for the `auditing_settings` property. The latest version will be used unless provided. - -`threat_detection_settings_api_version` -: The endpoint API version for the `threat_detection_settings` property. The latest version will be used unless provided. - -`encryption_settings_api_version` -: The endpoint API version for the `encryption_settings` property. The latest version will be used unless provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `server_name`, and `name` -- `resource_group`, `server_name`, and `database_name` - -## Properties - -`encryption_settings` -: Database's transparent data encryption configuration with [these](https://docs.microsoft.com/en-us/rest/api/sql/transparentdataencryptions/get#transparentdataencryption) properties. - -`auditing_settings` -: Database's blob auditing policy with [these](https://docs.microsoft.com/en-us/rest/api/sql/database%20auditing%20settings/get#databaseblobauditingpolicy) properties. - -`threat_detection_settings` -: Threat detection settings for the targeted database with [these](https://docs.microsoft.com/en-us/rest/api/sql/databasethreatdetectionpolicies/get#databasesecurityalertpolicy) properties. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/sql/databases/get#database) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a SQL database is referenced with a valid name - -```ruby -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - it { should exist } -end -``` - -### Test if a SQL database is referenced with an invalid name - -```ruby -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - it { should_not exist } -end -``` - -### Test if a SQL database has transparent data encryption is enabled - -```ruby -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - its('encryption_settings.properties.status') { should cmp 'Enabled' } -end -``` - -### Test if a SQL database auditing is enabled - -```ruby -describe azure_sql_database(resource_group: 'inspec-rg', server_name: 'customer_server', name: 'order-db') do - its('auditing_settings.properties.status') { should cmp 'Enabled' } -end -``` - -### Test if a SQL database threat detection is enabled - -```ruby -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - its('threat_detection_settings.properties.status') { should cmp 'Enabled' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_sql_database(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'DB_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database_server_vulnerability_assessment.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database_server_vulnerability_assessment.md deleted file mode 100644 index aa8b1daeb5..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database_server_vulnerability_assessment.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "azure_sql_database_server_vulnerability_assessment Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_database_server_vulnerability_assessment" -identifier = "inspec/resources/azure/azure_sql_database_server_vulnerability_assessment Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_database_server_vulnerability_assessment` InSpec audit resource to test the properties and configuration of an Azure SQL Database server vulnerability assessment. - -## Syntax - -`resource_group` and `server_name` are required parameters. - -```ruby -describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`server_name` _(required)_ -: The name of the server on which the database resides. - -## Properties - -`id` -: The ID of the resource. - -`name` -: The name of the resource. The name of the vulnerability assessment is `default`. - -`type` -: The type of the resource. - -`properties.recurringScans.isEnabled` -: Recurring scans state. - -`properties.recurringScans.emailSubscriptionAdmins` -: Specifies that the schedule scan notification will be is sent to the subscription administrators. - -`properties.recurringScans.emails` -: Specifies an array of e-mail addresses to which the scan notification is sent. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -See the [Azure documentation](https://learn.microsoft.com/en-us/rest/api/sql/2020-11-01-preview/server-vulnerability-assessments/get?tabs=HTTP) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a SQL database server vulnerability assessment has recurring scans enabled - -```ruby -describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - its('properties.recurringScans.isEnabled') { should eq false } -end -``` - -### Verify the type of the resource. - -```ruby -describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - its('type') { should eq 'Microsoft.Sql/servers/vulnerabilityAssessments' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control passes if the filter returns a result. Use `should_not` if a resource should not exist. - -```ruby -describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database_server_vulnerability_assessments.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database_server_vulnerability_assessments.md deleted file mode 100644 index a306756b5a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_database_server_vulnerability_assessments.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azure_sql_database_server_vulnerability_assessments Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_database_server_vulnerability_assessments" -identifier = "inspec/resources/azure/azure_sql_database_server_vulnerability_assessments Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_database_server_vulnerability_assessments` InSpec audit resource to test the properties and configuration of multiple Azure SQL Database server vulnerability assessments. - -## Syntax - -The `resource_group` and `server_name` are required parameters. - -```ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -`server_name` _(required)_ -: The name of the server in which the database resides. - -## Properties - -`ids` -: The ID of the resource. - -: **Field**: `id` - -`names` -: The name of the resource. The name of the vulnerability assessment is `default`. - -: **Field**: `name` - -`types` -: The type of the resource. - -: **Field**: `type` - -`isEnabled` -: Recurring scans state. - -: **Field**: `properties.recurringScans.isEnabled` - -`emailSubscriptionAdmins` -: Specifies that the schedule scan notification will be is sent to the subscription administrators. - -: **Field**: `properties.recurringScans.emailSubscriptionAdmins` - -`emails` -: Specifies an array of e-mail addresses to which the scan notification is sent. - -: **Field**: `properties.recurringScans.emails` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check resources are present - -````ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } - its('names') { should include 'Default' } -end -```` - -### Filter the results to include only those with names that match the specified string value - -```ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -### Verify the types of the resource - -```ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - its('types') { should include 'Microsoft.Sql/servers/vulnerabilityAssessments' } -``` - -### Verify whether the recurring scans are enabled or not - -```ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - its('isEnabled') { should include false } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_databases.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_databases.md deleted file mode 100644 index 7c8af8d53c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_databases.md +++ /dev/null @@ -1,141 +0,0 @@ -+++ -title = "azure_sql_databases Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_databases" -identifier = "inspec/resources/azure/azure_sql_databases Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_databases` InSpec audit resource to test the properties and configuration of Azure SQL Databases. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and `server_name` are required parameters. - -```ruby -describe azure_sql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`server_name` -: The name of the server in which the database resides. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`kinds` -: A list of kinds of all the resources being interrogated. - -: **Field**: `kind` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check resources are present - -````ruby -describe azure_sql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } - its('names') { should include 'my-db' } -end -```` - -### Filter the results to include only those with names that match the specified string value - -```ruby -describe azure_sql_databases.(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME').where{ name.eql?('production-db') } do - it { should exist } -end -``` - -### Filter the results to include only those with 'GRS' storage account type - -```ruby -describe azure_sql_databases.(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME').where{ properties[:storageAccountType] == 'GRS' } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect resources to exist. - -describe azure_sql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect resources not to exist. - -describe azure_sql_databases(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_managed_instance.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_managed_instance.md deleted file mode 100644 index cb2dec8681..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_managed_instance.md +++ /dev/null @@ -1,118 +0,0 @@ -+++ -title = "azure_sql_managed_instance Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_managed_instance" -identifier = "inspec/resources/azure/azure_sql_managed_instance Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_managed_instance` InSpec audit resource to test the properties related to an Azure SQL managed instance. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and`resource_group` are required parameters. - -```ruby -describe azure_sql_managed_instance(resource_group: 'RESOURCE_GROUP', name: 'INSTANCE_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.Sql/managedInstances' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_sql_managed_instance(resource_group: 'RESOURCE_GROUP', name: 'INSTANCE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure SQL managed instances to test. - -`resource_group` -: Azure resource group where the targeted resource resides. - -The parameter set that should be provided for a valid query is `resource_group` and `name`. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. - -`location` -: Resource location. - -`properties` -: The properties of the SQL-Managed Instance. - -`properties.minimalTlsVersion` -: Minimal TLS version. Allowed values are `None`, `1.0`, `1.1`, and `1.2`. - -`properties.maintenanceConfigurationId` -: Specifies maintenance configuration ID to apply to this managed instance. - -`properties.provisioningState` -: Provisioning state of the SQL-managed instance. - -`sku.name` -: The name of the SKU, typically a letter with a number code. For example, `P3`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties` refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/sql/2021-02-01-preview/managed-instances/get) for other available properties. - -## Examples - -### Test that the SQL managed instances are provisioned successfully - -```ruby -describe azure_sql_managed_instance(resource_group: 'RESOURCE_GROUP', name: 'INSTANCE_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a SQL-managed instance is found, it will exist. - -describe azure_sql_managed_instance(resource_group: 'RESOURCE_GROUP', name: 'INSTANCE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if SQL managed instance is not found, it will not exist. - -describe azure_sql_managed_instance(resource_group: 'RESOURCE_GROUP', name: 'INSTANCE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_managed_instances.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_managed_instances.md deleted file mode 100644 index 9fd12e9540..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_managed_instances.md +++ /dev/null @@ -1,140 +0,0 @@ -+++ -title = "azure_sql_managed_instances Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_managed_instances" -identifier = "inspec/resources/azure/azure_sql_managed_instances Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_managed_instances` InSpec audit resource to test the properties related to all Azure SQL-managed instances within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_sql_managed_instances` resource block returns all Azure SQL-managed instances within a project. - -```ruby -describe azure_sql_managed_instances do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the SQL-managed instances. - -: **Field**: `properties` - -`locations` -: A list of the locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of all the SQL-managed instances. - -: **Field**: `provisioningState` - -`minimalTlsVersions` -: A list of minimalTlsVersion for all the SQL-managed instances. - -: **Field**: `minimalTlsVersion` - -`sku_names` -: A list of names for the sku. - -: **Field**: `sku_name` - -`sku_tiers` -: A list of tiers for the sku. - -: **Field**: `sku_tier` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -**Loop through SQL managed instances by their names.** - -```ruby -azure_sql_managed_instances(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_sql_managed_instance(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are SQL-managed instances that are successfully provisioned - -```ruby -describe azure_sql_managed_instances.where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no SQL-Managed Instances are present. - -describe azure_sql_managed_instances do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one SQL-Managed Instance. - -describe azure_sql_managed_instances do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_server.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_server.md deleted file mode 100644 index 26c82aca43..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_server.md +++ /dev/null @@ -1,173 +0,0 @@ -+++ -title = "azure_sql_server Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_server" -identifier = "inspec/resources/azure/azure_sql_server Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_server` InSpec audit resource to test the properties and configuration of an Azure SQL Server. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_sql_server(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the SQL server to test. - -`server_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -`firewall_rules_api_version` -: The endpoint API version for the `firewall_rules` property. The latest version will be used unless provided. - -`auditing_settings_api_version` -: The endpoint API version for the `auditing_settings` property. The latest version will be used unless provided. - -`threat_detection_settings_api_version` -: The endpoint API version for the `threat_detection_settings` property. The latest version will be used unless provided. - -`administrators_api_version` -: The endpoint API version for the `administrators` property. The latest version will be used unless provided. - -`encryption_protector_api_version` -: The endpoint API version for the `encryption_protector` property. The latest version will be used unless provided. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_group` and `server_name` - -## Properties - -`firewall_rules` -: A list of all firewall rules in the targeted server with [these](https://docs.microsoft.com/en-us/rest/api/sql/firewallrules/listbyserver#firewallrulelistresult) properties. - -`administrators` -: A list of all administrators for the targeted server with [these](https://docs.microsoft.com/en-us/rest/api/sql/serverazureadadministrators/listbyserver#serverazureadadministrator) properties. - -`encryption_protector` -: A list of all encryption protectors for the targeted server with [these](https://docs.microsoft.com/en-us/rest/api/sql/encryptionprotectors/listbyserver#encryptionprotector) properties. - -`auditing_settings` -: Auditing settings for the targeted server with [these](https://docs.microsoft.com/en-us/rest/api/sql/server%20auditing%20settings/listbyserver#serverblobauditingpolicylistresult) properties. - -`threat_detection_settings` -: Threat detection settings for the targeted server with [these](https://docs.microsoft.com/en-us/rest/api/sql/databasethreatdetectionpolicies/get#databasesecurityalertpolicy) properties. - -`sku` -: The SKU (pricing tier) of the server. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/sql/servers/get#server) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a SQL server is referenced with a valid name - -```ruby -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -### Test if a SQL server is referenced with an invalid name - -```ruby -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'i-dont-exist') do - it { should_not exist } -end -``` - -### Test if a SQL server has firewall rules set - -```ruby -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - its('firewall_rules') { should_not be_empty } -end -``` - -### Test a SQL server's location and kind - -```ruby -describe azure_sql_server(resource_id: '/subscriptions/.../my-server') do - its('kind') { should cmp 'v12.0' } - its('location') { should cmp 'westeurope' } -end -``` - -### Test a SQL server's auditing settings - -```ruby -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - its('auditing_settings.properties.state') { should cmp 'Disabled' } - its('auditing_settings.properties.retentionDays') { should be 0 } - its('auditing_settings.properties.isStorageSecondaryKeyInUse') { should be false } - its('auditing_settings.properties.isAzureMonitorTargetEnabled') { should be false } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_sql_server(resource_group: 'RESOURCE_GROUP', name: 'SERVER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_servers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_servers.md deleted file mode 100644 index e30827a77b..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_servers.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azure_sql_servers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_servers" -identifier = "inspec/resources/azure/azure_sql_servers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_servers` InSpec audit resource to test the properties and configuration of multiple Azure SQL Servers. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_sql_servers` resource block returns all Azure SQL Servers, either within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_sql_servers do - it { should exist } -end -``` - -Or - -```ruby -describe azure_sql_servers(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`kinds` -: A list of kinds of all the resources being interrogated. - -: **Field**: `kind` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`skus` -: A list of the SKUs (pricing tiers) of the servers. - -: **Field**: `sku` - -`types` -: A list of the types of resources being interrogated. - -: **Field**: `type` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Checks if a specific SQL server is present - -```ruby -describe azure_sql_servers do - its('names') { should include 'my-server-name' } -end -``` - -### Filters the results to include only those servers that have the specified name (Client Side Filtering) - -```ruby -describe azure_sql_servers.where{ name.include?('production') } do - it { should exist } -end -``` - -### Filters the results to include only those servers that reside in a specified location (Client Side Filtering) - -```ruby -describe azure_sql_servers.where{ location.eql?('westeurope') } do - it { should exist } -end -``` - -### Filters the results to include only those servers that reside in a specified location and have the specified name (Server Side Filtering - Recommended) - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.Sql/servers', substring_of_name: 'production', location: 'westeurope') do - it {should exist} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_sql_servers do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine.md deleted file mode 100644 index a8a736f506..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_sql_virtual_machine Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_virtual_machine" -identifier = "inspec/resources/azure/azure_sql_virtual_machine Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_virtual_machine` Chef InSpec audit resource to test the properties of an Azure SQL virtual machine. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_sql_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'SQL_VM_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.SqlVirtualMachine/sqlVirtualMachines' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_sql_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'SQL_VM_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: Name of the Azure SQL Virtual Machine to test. - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: The resource ID. - -`name` -: The resource name. - -`type` -: The resource type. `Microsoft.SqlVirtualMachine/sqlVirtualMachines`. - -`location` -: The resource location. - -`properties` -: The properties of the SQL virtual machine. - -`properties.provisioningState` -: State of the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/get) for other available properties. - -## Examples - -### Test that the SQL virtual machine is provisioned successfully - -```ruby -describe azure_sql_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'SQL_VM_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a SQL Virtual Machine is found, it will exist. - -describe azure_sql_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'SQL_VM_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If SQL Virtual Machine is not found, it will not exist. - -describe azure_sql_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'SQL_VM_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group.md deleted file mode 100644 index 475adeee78..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "azure_sql_virtual_machine_group Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_virtual_machine_group" -identifier = "inspec/resources/azure/azure_sql_virtual_machine_group Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_virtual_machine_group` InSpec audit resource to test the properties related to an Azure SQL virtual machine group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_sql_virtual_machine_group(resource_group: 'RESOURCE_GROUP', name: 'SQL_VIRTUAL_MACHINE_GROUP') do - it { should exist } - its('type') { should eq 'Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_sql_virtual_machine_group(resource_group: 'RESOURCE_GROUP', name: 'SQL_VIRTUAL_MACHINE_GROUP') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: Name of the Azure SQL virtual machine group to test. - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups`. - -`location` -: The Geo-location where the resource lives. - -`properties` -: The properties of the SQL virtual machine group. - -`properties.provisioningState` -: State of the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/sqlvm/2021-11-01-preview/sql-virtual-machine-groups/get) for other available properties. - -## Examples - -### Test that the SQL virtual machine group is provisioned successfully - -```ruby -describe azure_sql_virtual_machine_group(resource_group: 'RESOURCE_GROUP', name: 'SQL_VIRTUAL_MACHINE_GROUP') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a SQL virtual machine group is found, it will exist. - -describe azure_sql_virtual_machine_group(resource_group: 'RESOURCE_GROUP', name: 'SQL_VIRTUAL_MACHINE_GROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If SQL virtual machine group is not found, it will not exist. - -describe azure_sql_virtual_machine_group(resource_group: 'RESOURCE_GROUP', name: 'SQL_VIRTUAL_MACHINE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group_availability_listener.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group_availability_listener.md deleted file mode 100644 index 9ce1cdabec..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group_availability_listener.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_sql_virtual_machine_group_availability_listener Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_virtual_machine_group_availability_listener" -identifier = "inspec/resources/azure/azure_sql_virtual_machine_group_availability_listener Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_virtual_machine_group_availability_listener` InSpec audit resource to test the properties related to an Azure SQL virtual machine group availability listener. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_sql_virtual_machine_group_availability_listener(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME', name: 'AVAILABILITY_LISTENER_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups/availabilityGroupListeners' } -end -``` - -```ruby -describe azure_sql_virtual_machine_group_availability_listener(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME', name: 'AVAILABILITY_LISTENER_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ - -: Name of the Azure SQL virtual machine group availability listeners to test. - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`sql_virtual_machine_group_name` _(required)_ - -: The Azure SQL virtual machine group name. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. - -`properties` -: The properties of the SQL virtual machine group availability listener. - -`properties.provisioningState` -: State of the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-application_get) for other available properties. - -## Examples - -### Test that the SQL virtual machine group availability listener is provisioned successfully - -```ruby -describe azure_sql_virtual_machine_group_availability_listener(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME', name: 'AVAILABILITY_LISTENER_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a SQL virtual machine group availability listener is found, it will exist. - -describe azure_sql_virtual_machine_group_availability_listener(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME', name: 'AVAILABILITY_LISTENER_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# if SQL virtual machine group availability listener is not found, it will not exist - -describe azure_sql_virtual_machine_group_availability_listener(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME', name: 'AVAILABILITY_LISTENER_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group_availability_listeners.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group_availability_listeners.md deleted file mode 100644 index 11cf3ac011..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_group_availability_listeners.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "azure_sql_virtual_machine_group_availability_listeners Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_virtual_machine_group_availability_listeners" -identifier = "inspec/resources/azure/azure_sql_virtual_machine_group_availability_listeners Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_virtual_machine_group_availability_listeners` InSpec audit resource to test the properties related to all Azure SQL virtual machine group availability listeners. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_sql_virtual_machine_group_availability_listeners` resource block returns all Azure SQL virtual machine group availability listeners. - -```ruby -describe azure_sql_virtual_machine_group_availability_listeners(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME') do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`sql_virtual_machine_group_name` _(required)_ - -: Azure SQL virtual machine group name. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the SQL virtual machine group availability listeners. - -: **Field**: `properties` - -`provisioningStates` -: A list of provisioning states of the SQL virtual machine group availability listeners. - -: **Field**: `provisioningState` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through SQL virtual machine group availability listeners by their names - -```ruby -azure_sql_virtual_machine_group_availability_listeners(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME').names.each do |name| - describe azure_sql_virtual_machine_group_availability_listener(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME', name: name) do - it { should exist } - end -end -``` - -### Test that there are SQL virtual machine group availability listeners that are successfully provisioned - -```ruby -describe azure_sql_virtual_machine_group_availability_listeners(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no SQL virtual machine group availability listeners are present. - -describe azure_sql_virtual_machine_group_availability_listeners(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one SQL virtual machine group availability listener. - -describe azure_sql_virtual_machine_group_availability_listeners(resource_group: 'RESOURCE_GROUP', sql_virtual_machine_group_name: 'SQL_VIRTUAL_MACHINE_GROUP_NAME') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_groups.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_groups.md deleted file mode 100644 index efb37b6e59..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machine_groups.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "azure_sql_virtual_machine_groups Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_virtual_machine_groups" -identifier = "inspec/resources/azure/azure_sql_virtual_machine_groups Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_virtual_machine_groups` InSpec audit resource to test the properties related to all Azure SQL virtual machine groups. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_sql_virtual_machine_groups` resource block returns all Azure SQL Virtual Machine groups. - -```ruby -describe azure_sql_virtual_machine_groups do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the SQL virtual machine groups. - -: **Field**: `properties` - -`locations` -: A list of the resource locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of the SQL virtual machine groups. - -: **Field**: `provisioningState` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through SQL virtual machine groups by their names - -```ruby -azure_sql_virtual_machine_groups(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_sql_virtual_machine_group(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are SQL virtual machine groups that are successfully provisioned - -```ruby -describe azure_sql_virtual_machine_groups(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no SQL Virtual Machine Groups are present. - -describe azure_sql_virtual_machine_groups(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one SQL Virtual Machine group. - -describe azure_sql_virtual_machine_groups(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machines.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machines.md deleted file mode 100644 index e1a5d6bfd7..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_sql_virtual_machines.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "azure_sql_virtual_machines Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_sql_virtual_machines" -identifier = "inspec/resources/azure/azure_sql_virtual_machines Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_sql_virtual_machines` InSpec audit resource to test the properties of all Azure SQL virtual machines. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_sql_virtual_machines` resource block returns all Azure SQL virtual machines. - -```ruby -describe azure_sql_virtual_machines do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of Properties for all the SQL virtual machines. - -: **Field**: `properties` - -`locations` -: A list of the Geo-locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of the SQL virtual machines. - -: **Field**: `provisioningState` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through SQL virtual machines by their names - -```ruby -azure_sql_virtual_machines(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_sql_virtual_machine(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are SQL virtual machines that are successfully provisioned - -```ruby -describe azure_sql_virtual_machines(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no SQL virtual machines are present. - -describe azure_sql_virtual_machines(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one SQL virtual machine. - -describe azure_sql_virtual_machines(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account.md deleted file mode 100644 index 3f1bf6abd6..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account.md +++ /dev/null @@ -1,207 +0,0 @@ -+++ -title = "azure_storage_account Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_storage_account" -identifier = "inspec/resources/azure/azure_storage_account Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_storage_account` InSpec audit resource to test the properties related to an Azure Storage account. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_storage_account` resource block identifies an Azure storage account by `name` and `resource_group`, or the `resource_id`. - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -```ruby -describe azure_storage_account(resource_id: '/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: The name of the storage account within the specified resource group. - -`resource_id` -: The unique resource ID. - -`activity_log_alert_api_version` -: The activity log alerts endpoint API version used in the `have_recently_generated_access_key` matcher. The latest version will be used unless provided. - -`storage_service_endpoint_api_version` -: The storage service endpoint API version. `2019-12-12` will be used unless provided. - -`resource_data` -: In-memory cached Azure Network security group data. Passing data to this parameter can increase performance since it avoids multiple network calls to the same Azure resource. When provided, it binds the values directly to the resource. Data passed to the `resource_data` parameter could be stale. It is the user's responsibility to refresh the data. - -Pass one of the following parameter sets for a valid query: - -- `resource_id` -- `resource_group` and `name` -- `resource_data` - -## Properties - -`queues*` -: Lists all of the queues in a given storage account. For more information, see the [Azure Storage Services List Queues documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/list-queues1). - -`queue_properties*` -: Gets the properties of a storage account's Queue service, including properties for Storage Analytics and CORS (Cross-Origin Resource Sharing) rules. For more information, see the [Azure Queue Service Properties documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/get-queue-service-properties). - -`blobs*` -: Lists all of the blob containers in a given storage account. For more information, see the [Azure Storage Services List Containers](https://docs.microsoft.com/en-us/rest/api/storageservices/list-containers2). - -`blob_properties*` -: Gets the properties of a storage account's Blob service, including properties for Storage Analytics and CORS (Cross-Origin Resource Sharing) rules. For more information, see the [Azure Storage Services Blob Service Properties documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/get-blob-service-properties). - -`table_properties*` -: Gets the properties of a storage account's Table service, including properties for Storage Analytics and CORS (Cross-Origin Resource Sharing) rules. For more information, see the [Azure Storage Services Table Service Properties documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/get-table-service-properties). - -*: These Azure endpoints return data in XML format. However, they're converted to make the properties accessible with dot notation. - -The property names are in snake case, `property_name`. Therefore, you can test `` with `its('enumeration_results.service_endpoint)`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagerp/storageaccounts/getproperties#storageaccount) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test the primary endpoints - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.primaryEndpoints.blob') { should cmp 'https://mysa.blob.core.windows.net/' } - its('properties.primaryEndpoints.queue') { should cmp 'https://mysa.queue.core.windows.net/' } - its('properties.primaryEndpoints.table') { should cmp 'https://mysa.table.core.windows.net/' } - its('properties.primaryEndpoints.file') { should cmp 'https://mysa.file.core.windows.net/' } -end -``` - -### Verify that only HTTPS is supported - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('properties.supportsHttpsTrafficOnly') { should be true } -end -``` - -### Test queues service endpoint - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('queues.enumeration_results.service_endpoint') { should cmp 'https://mysa.queue.core.windows.net/' } -end -``` - -### Test Blobs service endpoint - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('blobs.enumeration_results.service_endpoint') { should cmp 'https://mysa.blob.core.windows.net/' } -end -``` - -### Test queue properties logging version - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('queue_properties.logging.version') { should cmp '1.0' } -end -``` - -### Test Blob properties logging version - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('blob_properties.logging.version') { should cmp '1.0' } -end -``` - -### Test table properties logging version - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - its('table_properties.logging.version') { should cmp '1.0' } -end -``` - -### Loop through all storage accounts and test a blob service endpoint exists from already cached data - -```ruby -azure_storage_accounts.entries.each do |azure_storage_account_data| - describe azure_storage_account(resource_data: azure_storage_account_data) do - its('blobs.enumeration_results.service_endpoint') { should cmp 'https://mysa.blob.core.windows.net/' } - end -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### have_encryption_enabled - -Test if encryption is enabled. - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should have_encryption_enabled } -end -``` - -### have_recently_generated_access_key - -Test if an access key has been generated within the last **90** days. - -```ruby -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should have_recently_generated_access_key } -end -``` - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_storage_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account_blob_container.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account_blob_container.md deleted file mode 100644 index 2e3f6d35ac..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account_blob_container.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azure_storage_account_blob_container Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_storage_account_blob_container" -identifier = "inspec/resources/azure/azure_storage_account_blob_container Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_storage_account_blob_container` InSpec audit resource to test the properties related to a Blob Container in an Azure Storage account. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `storage_account_name`, and `name` or the `resource_id` are required parameters. - -```ruby -describe azure_storage_account_blob_container(resource_group: 'RESOURCE_GROUP', storage_account_name: 'ACCOUNT_NAME', name: 'LOGS') do - it { should exist } -end -``` - -```ruby -describe azure_storage_account_blob_container(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/blobServices/default/containers/{containerName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`storage_account_name` -: The name of the storage account within the specified resource group. - -`name` -: The name of the blob container within the specified storage account. - -`blob_container_name` -: Alias for the `name` parameter. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `storage_account_name` and `name` -- `resource_group`, `storage_account_name` and `blob_container_name` - -## Properties - -`properties.deleted` -: Indicates whether the Blob Container was deleted. - -`properties.lastModifiedTime` -: Returns the date and time the container was last modified. - -`properties.remainingRetentionDays` -: Remaining retention days for soft deleted blob container. - -`properties.publicAccess` -: Specifies whether data in the container may be accessed publicly and the level of access. See the [Azure blob containers PublicAccess documentation](https://docs.microsoft.com/en-us/rest/api/storagerp/blobcontainers/get#publicaccess) for valid values. - -For properties applicable to all resources, such as `type`, `tags`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagerp/blobcontainers/get#blobcontainer) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test if a Blob Container is deleted - -```ruby -describe azure_storage_account_blob_container(resource_group: 'RESOURCE_GROUP', storage_account_name: 'DEFAULT', name: 'LOGS') do - its('properties.deleted') { should be true } -end -``` - -### Ensure that the Blob Container is private - -```ruby -describe azure_storage_account_blob_container(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION', name: 'LOGS') do - its('properties') { should have_attributes(publicAccess: 'None') } -end -``` - -### Loop through resources via 'resource_id' - -```ruby -azure_storage_account_blob_containers.(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION').ids.each do |id| - describe azure_storage_account_blob_container(resource_id: id) do - its('properties') { should have_attributes(publicAccess: 'None') } - end -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect the resource to always exist. - -describe azure_storage_account_blob_container(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION', name: 'LOGS') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect the resource to never exist. - -describe azure_storage_account_blob_container(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION', name: 'LOGS') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account_blob_containers.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account_blob_containers.md deleted file mode 100644 index b093a64ac5..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_account_blob_containers.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "azure_storage_account_blob_containers Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_storage_account_blob_containers" -identifier = "inspec/resources/azure/azure_storage_account_blob_containers Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_storage_account_blob_containers` InSpec audit resource to test the properties and configuration of Blob Containers within an Azure Storage Account. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and `storage_account_name` are required parameters. - -```ruby -describe azurerm_storage_account_blob_containers(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION') do - its('names') { should include 'my-container'} -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`storage_account_name` -: The name of the storage account within the specified resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`etags` -: A list of etags defined on the resources. - -: **Field**: `etag` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific container exists - -```ruby -describe azurerm_storage_account_blob_containers(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION') do - its('names') { should include('my-container') } -end -``` - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -**If we expect at least one resource to exist on a specified account.** - -describe azurerm_storage_account_blob_containers(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION') do - it { should exist } -end -``` - -### not_exists - -```ruby -**If we expect not to exist containers on a specified account.** - -describe azurerm_storage_account_blob_containers(resource_group: 'RESOURCE_GROUP', storage_account_name: 'PRODUCTION') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_accounts.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_accounts.md deleted file mode 100644 index 2fe7aea496..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_storage_accounts.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "azure_storage_accounts Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_storage_accounts" -identifier = "inspec/resources/azure/azure_storage_accounts Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_storage_accounts` InSpec audit resource to test the properties and configuration of multiple Azure Storage accounts. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_storage_accounts` resource block returns all Azure storage accounts, either within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_storage_accounts do - #... -end -``` - -Or - -```ruby -describe azure_storage_accounts(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`type` -: A list of types of all the resources being interrogated. - -: **Field**: `type` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`properties` -: A list of all properties of all the resources. - -: **Field**: `properties` -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check if a specific storage account exists - -```ruby -describe azurerm_storage_accounts(resource_group: 'RESOURCE_GROUP') do - its('names') { should include('mysa') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect at least one account to exist in a resource group. - -describe azure_storage_accounts(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect no storage accounts to exist in a resource group. - -describe azure_storage_accounts(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_streaming_analytics_function.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_streaming_analytics_function.md deleted file mode 100644 index ebc2aeb7eb..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_streaming_analytics_function.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "azure_streaming_analytics_function Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_streaming_analytics_function" -identifier = "inspec/resources/azure/azure_streaming_analytics_function Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_streaming_analytics_function` InSpec audit resource to test the properties and configuration of an Azure Streaming Analytics function. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`,`job_name/name`, and `function_name` are required parameters. - -```ruby -describe azure_streaming_analytics_function(resource_group: 'RESOURCE_GROUP', job_name: 'JOB_NAME', function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`job_name` -: Name of the job. - -`function_name` -: Name of the function made in the job mentioned. - -All three parameters are required for a valid query. - -## Properties - -`properties.binding` -: The physical binding of the function. For example, in the Azure Machine Learning web service's case, this describes the endpoint. - -`properties.inputs` -: A list of inputs describing the parameters of the function. - -`properties.binding` -: The output of the function. - -`etag` -: The current entity tag for the function. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/streamanalytics/) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test that a resource group has the specified type - -```ruby -describe azure_streaming_analytics_function(resource_group: 'RESOURCE_GROUP', job_name: 'JOB_NAME', function_name: 'FUNCTION_NAME') do - it { should exist } - its('type') { should cmp 'Microsoft.StreamAnalytics/streamingjobs/functions' } - its('properties.type') { should cmp 'Scalar' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### Test streaming function to ensure it's using Javascript UDF - -```ruby -describe azure_streaming_analytics_function(resource_group: 'RESOURCE_GROUP', job_name: 'JOB_NAME', function_name: 'FUNCTION_NAME') do - its('properties.binding.type') { should cmp 'Microsoft.StreamAnalytics/JavascriptUdf' } -end -``` - -### exists - -If we expect a resource to always exist. - -```ruby -describe azure_streaming_analytics_function(resource_group: 'RESOURCE_GROUP', job_name: 'JOB_NAME', function_name: 'FUNCTION_NAME') do - it { should exist } -end -``` - -### not_exists - -If we expect a resource to never exist. - -```ruby -describe azure_streaming_analytics_function(resource_group: 'RESOURCE_GROUP', job_name: 'JOB_NAME', function_name: 'FUNCTION_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_streaming_analytics_functions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_streaming_analytics_functions.md deleted file mode 100644 index 5eb285f793..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_streaming_analytics_functions.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "azure_streaming_analytics_functions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_streaming_analytics_functions" -identifier = "inspec/resources/azure/azure_streaming_analytics_functions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_streaming_analytics_functions` InSpec audit resource to test the properties and configuration of multiple Azure Streaming Analytics functions. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_streaming_analytics_functions` resource block returns all functions under a job. - -```ruby -describe azure_streaming_analytics_functions(resource_group: "RESOURCE_GROUP", job_name: "AZURE_STREAMING_JOB_NAME") do - #... -end -``` - -## Parameters - -`resource_group` _(required)_ - -: Azure resource group where the targeted resource resides. - -`job_name` _(required)_ - -: Name of the job. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/streamanalytics/) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that the names should be an array - -```ruby -describe azure_streaming_analytics_functions(resource_group: "RESOURCE_GROUP", job_name: "AZURE_STREAMING_JOB_NAME") do - its('names') { should be_an(Array) } -end - -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. - -```ruby -describe azure_streaming_analytics_functions(resource_group: "RESOURCE_GROUP", job_name: "AZURE_STREAMING_JOB_NAME") do - it { should exist } -end -``` - -### not_exists - -Use `should_not` if you expect zero matches. - -```ruby -describe azure_streaming_analytics_functions(resource_group: "RESOURCE_GROUP", job_name: "AZURE_STREAMING_JOB_NAME") do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subnet.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subnet.md deleted file mode 100644 index bac347c59e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subnet.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "azure_subnet Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_subnet" -identifier = "inspec/resources/azure/azure_subnet Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_subnet` InSpec audit resource to test the properties related to a subnet for a given virtual network. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group`, `vnet`, and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_subnet(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME', name: 'SUBNET_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_subnet(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/virtualNetworks/{vnName}/subnets/{subnetName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`vnet` -: Name of the Azure virtual network where the subnet is created. - -`name` -: Name of the Azure subnet to test. - -`resource_id` -: The unique resource ID. - -Provide one of the following parameter sets for a valid query: - -- `resource_id` -- `resource_group`, `vnet`, and `name` - -## Properties - -`address_prefix` - -: The address prefix for the subnet. - -`nsg` - -: The network security group attached to the subnet. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/subnets/get#subnet) for other available properties. -Any property in the response may be accessed with the key names separated by dots (`.`). - -## Examples - -### Ensure that the subnets address prefix is configured as expected - -```ruby -describe azure_subnet(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME', name: 'SUBNET_NAME') do - its('address_prefix') { should eq '192.168.0.0/24' } -end -``` - -### Ensure that the subnet is attached to the right network security group - -```ruby -describe azure_subnet(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME', name: 'SUBNET_NAME') do - its('nsg') { should eq 'NetworkSecurityGroupName'} -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a subnet is found, it will exist. - -describe azure_subnet(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME', name: 'SUBNET_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# subnets that aren't found, will not exist. - -describe azure_subnet(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME', name: 'SUBNET_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subnets.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subnets.md deleted file mode 100644 index 467d24d2e0..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subnets.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "azure_subnets Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_subnets" -identifier = "inspec/resources/azure/azure_subnets Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_subnets` InSpec audit resource to test the properties related to subnets of a virtual network. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -The `resource_group` and `vnet` are required parameters. - -```ruby -describe azure_subnets(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`vnet` -: The virtual network where the subnet you wish to test is a part of. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of all the resources being interrogated. - -: **Field**: `name` - -`etags` -: A list of etags defined on the resources. - -: **Field**: `etag` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Exists if any subnets exist for a specified virtual network in the resource group - -```ruby -describe azure_subnets(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME') do - it { should exist } -end -``` - -### Filters the results to only those that match the specified name - -```ruby -describe azure_subnets(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME') - .where(name: 'MySubnet') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no subnets are in the virtual network. - -describe azure_subnets(resource_group: 'RESOURCE_GROUP', vnet: 'VNET_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subscription.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subscription.md deleted file mode 100644 index cc992f8f02..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subscription.md +++ /dev/null @@ -1,172 +0,0 @@ -+++ -title = "azure_subscription Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_subscription" -identifier = "inspec/resources/azure/azure_subscription Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_subscription` InSpec audit resource to test the properties of the current subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource will retrieve the current subscription ID that InSpec uses unless it is provided via `id` or `resource_id` parameters. - -```ruby -describe azure_subscription do - it { should exist } -end -``` - -Or - -```ruby -describe azure_subscription(id: '2e0b423p-aaaa-bbbb-1111-ee558463aabbd') do - it { should exist } -end -``` - -Or - -```ruby -describe azure_subscription(resource_id: '/subscriptions/2e0b423p-aaaa-bbbb-1111-ee558463aabbd') do - it { should exist } -end -``` - -## Parameters - -`id` -: The ID of the target subscription. `2e0b423p-aaaa-bbbb-1111-ee558463aabbd`. - -`resource_id` -: The fully qualified ID for the subscription. `/subscriptions/2e0b423p-aaaa-bbbb-1111-ee558463aabbd`. - -`locations_api_version` -: The endpoint API version for the `locations` property. Optional. The latest version will be used unless provided. - -## Properties - -`name` -: The subscription display name. - -`id` -: The subscription ID. `2e0b423p-aaaa-bbbb-1111-ee558463aabbd`. - -`locations` -: The list of all available geo-location names that have the `metadata.physicalLocation` is set. - -`all_locations` -: The list of all available geo-location names. This includes physical and logical locations. - -`physical_locations*` -: The list of all available geo-location names with the `metadata.regionType` is set to `Physical`. - -`logical_locations` -: The list of all available geo-location names with the `metadata.regionType` is set to `Logical`. - -`locations_list` -: The list of all available geo-location objects in [this](https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/listlocations#location) format. - -`managedByTenants` -: An array containing the [tenants](https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/get#managedbytenant) managing the subscription. - -`diagnostic_settings` -: The diagnostic settings set at a subscription level. - -`diagnostic_settings_enabled_logging` -: The enabled logging types from diagnostic settings set at a subscription level. - -`diagnostic_settings_disabled_logging` -: The disabled logging types from diagnostic settings set at a subscription level. - -* `physical_locations` might be different than the `locations` property depending on the API version. -This is because of the change in the Azure API terminology. It is advised to see the [official documentation](https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/listlocations) for more information. - -For properties applicable to all resources, such as `type` and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/get#subscription) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test subscription`s display name - -```ruby -describe azure_subscription do - its('name') { should cmp 'Demo Resources' } -end -``` - -### Test subscription`s authorization source - -```ruby -describe azure_subscription do - its('authorizationSource') { should cmp 'RoleBased' } -end -``` - -### Test subscription`s locations - -```ruby -describe azure_subscription do - its('locations') { should include('eastus') } -end -``` - -### Test subscription`s enabled logging types (via diagnostic settings) - -```ruby -describe azure_subscription do - its('diagnostic_settings_enabled_logging_types') { should include('ResourceHealth') } -end -``` - -### Test subscription`s disabled logging types (via diagnostic settings) - -```ruby -describe azure_subscription do - its('diagnostic_settings_disabled_logging_types') { should include('Recommendation') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_subscription do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_subscription(id: 'fake_id') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subscriptions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subscriptions.md deleted file mode 100644 index adad56f72a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_subscriptions.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "azure_subscriptions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_subscriptions" -identifier = "inspec/resources/azure/azure_subscriptions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_subscriptions` InSpec audit resource to test the properties and configuration of all Azure subscriptions for a tenant. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_subscriptions` resource block returns all subscriptions for a tenant. - -```ruby -describe azure_subscriptions do - it { should exist } -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the subscription IDs. - -: **Field**: `id` - -`names` -: A list of display names of all the subscriptions. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the subscriptions. - -: **Field**: `tags` - -`tenant_ids` -: A list of tenant IDs of all the subscriptions. - -: **Field**: `tenant_id` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Check a specific subscription is present - -```ruby -describe azure_subscriptions do - its('names') { should include 'my-subscription' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -describe azure_subscriptions do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_notebook.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_notebook.md deleted file mode 100644 index dd7a372b1f..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_notebook.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "azure_synapse_notebook Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_synapse_notebook" -identifier = "inspec/resources/azure/azure_synapse_notebook Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_synapse_notebook` InSpec audit resource to test the properties related to an Azure Synapse notebook in a Synapse workspace. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource requires the `endpoint` and `name` parameters for a valid query. - -```ruby -describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: 'NOTEBOOK_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: 'NOTEBOOK_NAME') do - it { should exist } - its('name') { should eq 'NOTEBOOK_NAME' } - its('type') { should eq 'Microsoft.Synapse/workspaces/notebooks' } - its('properties.sessionProperties.executorCores') { should eq CORE_NUMBER } -end -``` - -## Parameters - -`endpoint` -: The Azure Synapse workspace development endpoint. - -`name` -: Name of the Azure Synapse Notebook to test. - -This resource requires the `endpoint` and `name` parameters for a valid query. - -## Properties - -`id` -: Fully qualified resource ID for the resource. - -`name` -: The name of the resource. - -`type` -: The type of the resource. - -`etag` -: The resource Etag. - -`properties` -: The properties of the notebook. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/synapse/data-plane/notebook/get-notebook) for other available properties. - -Access any property in the response by separating the key names with a period (`.`). - -## Examples - -### Test that there are four cores for each executor - -```ruby -describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: 'NOTEBOOK_NAME') do - its('properties.sessionProperties.executorCores') { should eq 4 } -end -``` - -### Test that the notebook uses the Python kernel - -```ruby -describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: 'NOTEBOOK_NAME') do - its('properties.metadata.language_info.name') { should 'Python' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Synapse Notebook is found, it will exist. - -describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: 'NOTEBOOK_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Synapse Notebooks that aren't found, will not exist. - -describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: 'NOTEBOOK_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_notebooks.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_notebooks.md deleted file mode 100644 index a099a3b382..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_notebooks.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "azure_synapse_notebooks Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_synapse_notebooks" -identifier = "inspec/resources/azure/azure_synapse_notebooks Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_synapse_notebooks` InSpec audit resource to test the properties related to all Azure Synapse notebooks in a Synapse Analytics workspace. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_synapse_notebooks` resource block returns all Azure Synapse notebooks within a Synapse workspace. - -```ruby -describe azure_synapse_notebooks(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT') do - #... -end -``` - -## Parameters - -This resource requires the `endpoint` parameter for a valid query. - -`endpoint` -: The Azure Synapse workspace development endpoint. - -## Properties - -`ids` -: A list of the unique fully qualified resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the Synapse notebooks. - -: **Field**: `name` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`properties` -: A list of properties for all the notebooks. - -: **Field**: `properties` - -`etags` -: A list of resource Etags. - -: **Field**: `tags` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Synapse Notebooks by their names - -```ruby -azure_synapse_notebooks(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT').names.each do |name| - describe azure_synapse_notebook(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT', name: name) do - it { should exist } - end -end -``` - -### Test that there are Synapse Notebooks that include a certain string in their names (Client Side Filtering) - -```ruby -describe azure_synapse_notebooks(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT').where { name.include?('analytics-trends') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if there aren't any Synapse notebooks in the resource group. - -describe azure_synapse_notebooks(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Synapse notebook. - -describe azure_synapse_notebooks(endpoint: 'WORKSPACE_DEVELOPMENT_ENDPOINT') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_workspace.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_workspace.md deleted file mode 100644 index bbad1b4423..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_workspace.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_synapse_workspace Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_synapse_workspace" -identifier = "inspec/resources/azure/azure_synapse_workspace Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_synapse_workspace` InSpec audit resource to test the properties related to an Azure Synapse workspace. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -```ruby -describe azure_synapse_workspace(resource_group: 'RESOURCE_GROUP', name: 'SYNAPSE_WORKSPACE_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups' } - its('location') { should eq 'eastus' } -end -``` - -```ruby -describe azure_synapse_workspace(resource_group: 'RESOURCE_GROUP', name: 'SYNAPSE_WORKSPACE_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` _(required)_ -: Name of the Azure Synapse workspace to test. - -`resource_group` _(required)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. `Microsoft.Synapse/workspaces`. - -`location` -: The Geo-location where the resource lives. - -`properties` -: The properties of the Synapse workspaces. - -`properties.provisioningState` -: State of the resource. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/synapse/workspaces/get) for other available properties. - -## Examples - -### Test that the Synapse workspaces are provisioned successfully - -```ruby -describe azure_synapse_workspace(resource_group: 'RESOURCE_GROUP', name: 'SYNAPSE_WORKSPACE_NAME') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Synapse workspace is found, it will exist. - -describe azure_synapse_workspace(resource_group: 'RESOURCE_GROUP', name: 'SYNAPSE_WORKSPACE_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Synapse workspaces are not found, it will not exist. - -describe azure_synapse_workspace(resource_group: 'RESOURCE_GROUP', name: 'SYNAPSE_WORKSPACE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_workspaces.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_workspaces.md deleted file mode 100644 index 7751d15440..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_synapse_workspaces.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "azure_synapse_workspaces Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_synapse_workspaces" -identifier = "inspec/resources/azure/azure_synapse_workspaces Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_synapse_workspaces` InSpec audit resource to test the properties related to all Azure Synapse workspaces. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_synapse_workspaces` resource block returns all Azure Synapse workspaces. - -```ruby -describe azure_synapse_workspaces do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ -: Azure resource group where the targeted resource resides. - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of the resource types. - -: **Field**: `type` - -`properties` -: A list of properties for all the Synapse workspaces. - -: **Field**: `properties` - -`locations` -: A list of the Geo-locations. - -: **Field**: `location` - -`provisioningStates` -: A list of provisioning states of the Synapse workspaces. - -: **Field**: `provisioningState` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Synapse workspaces by their names - -```ruby -azure_synapse_workspaces.names.each do |name| - describe azure_synapse_workspace(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Synapse workspaces that are successfully provisioned - -```ruby -describe azure_synapse_workspaces(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Synapse workspaces are present. - -describe azure_synapse_workspaces(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Synapse workspace. - -describe azure_synapse_workspaces(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine.md deleted file mode 100644 index c8044184e1..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "azure_virtual_machine Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_machine" -identifier = "inspec/resources/azure/azure_virtual_machine Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_machine` InSpec audit resource to test the properties related to a virtual machine. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and virtual machine `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'VM_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_virtual_machine(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the Azure resource to test. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`admin_username` -: The admin user name. - -`resources` -: The virtual machine child extension resources. - -`zones` -: The virtual machine's availability zones. `its('zones') should include('zone1', 'zone2')`. - -`installed_extensions_types` -: List of all installed extensions' types for the virtual machine. `its('installed_extensions_types') { should include('ExtensionType') }`. - -`installed_extensions_names` -: List of all installed extensions' names for the virtual machine. `its('installed_extensions_names') { should include('ExtensionName') }`. - -`has_monitoring_agent_installed?` -: Indicates whether a monitoring agent is installed. - -`has_endpoint_protection_installed?` -: Indicates whether a list of endpoint protection extension types are installed. `it { should have_endpoint_protection_installed(%w{ep_type_1 ep_type_2}) }`. - -`has_only_approved_extensions?` -: Indicates whether only provided extension types are installed. `it { should have_only_approved_extensions(%w{extension_type_1 extension_type_2}) }`. - -`os_disk_name` -: The virtual machine's operating system disk name. `its('os_disk_name') { should cmp 'OsDiskName' }`. - -`data_disk_names` -: The virtual machine's data disk names. `its('data_disk_names') { should include('DataDisk1') }`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get#virtualmachine) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Ensure that the virtual machine has the expected data Disks - -```ruby -describe azure_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - its('data_disk_names') { should include('DataDisk1') } -end -``` - -**Ensure that the Virtual Machine has the Expected Monitoring Agent Installed.** - -```ruby -describe azure_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should have_monitoring_agent_installed } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a virtual machine is found, it will exist. - -describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'VM_NAME') do - it { should exist } -end - -# virtual machines that are not found, will not exist. - -describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'VM_NAME') do - it { should_not exist } -end -``` - -### have_only_approved_extensions - -```ruby -# Check if a virtual machine has only approved extensions. The check will fail if an extension is used that's not on the list. - -describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'VM_NAME') do - it { should have_only_approved_extensions(['ApprovedExtension', 'OtherApprovedExtensions']) } -end -``` - -### have_monitoring_agent_installed - -```ruby -# Will be true if the MicrosoftMonitoringAgent is installed (Windows only). - -describe azure_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should have_monitoring_agent_installed } -end -``` - -### have_endpoint_protection_installed - -```ruby -# Will be true if any of the given extensions are installed. - -describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'VM_NAME') do - it { should have_endpoint_protection_installed(['Extension1', 'Extension2']) } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine_disk.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine_disk.md deleted file mode 100644 index 45b05bdef3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine_disk.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "azure_virtual_machine_disk Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_machine_disk" -identifier = "inspec/resources/azure/azure_virtual_machine_disk Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_machine_disk` InSpec audit resource to test the properties and configuration of an Azure disk. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name`, or the `resource_id` are required parameters. - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'EXAMPLE_DISK') do - it { should exist } -end -``` - -```ruby -describe azure_virtual_machine_disk(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/disks/{diskName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the disk to test. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`encryption_enabled*` -: Indicates whether the `properties.EncryptionSettingsCollection.enabled` is `true` or `false`. Note that this will return `nil` unless the encryption status is defined on the resource explicitly. - -`rest_encryption_type` -: The type of key used to encrypt the data of the disk. - -`sku` -: The SKU (pricing tier) of the disk. - -`managedBy` -: A relative URI containing the ID of the VM that has the disk attached. - -`properties.diskSizeBytes` -: The size of the disk in bytes. - -* The disk can still be encrypted at rest with a platform key, even though the `encryption_enabled` is `nil`. See the [Azure Virtual Machines Server-side encryption documentation](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption) for more details on disk encryption. - -For properties applicable to all resources, such as `type`, `name`, `location`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/disks/get#disk) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test if a disk is referenced with a valid name - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - it { should exist } -end -``` - -### Test if a disk is referenced with an invalid name - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'i-dont-exist') do - it { should_not exist } -end -``` - -### Test the VM that the disk is attached - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - its('managedBy') { should cmp '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}' } -end -``` - -### Test the key type used to encrypt the data at rest - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - its('rest_encryption_type') { should cmp 'EncryptionAtRestWithPlatformKey' } -end -``` - -### Test a disk's size in bytes - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - its('properties.diskSizeBytes') { should cmp 136367308800 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### attached - -Test if a disk is attached to a virtual machine. - -```ruby -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - it { should be_attached } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_virtual_machine_disk(resource_group: 'RESOURCE_GROUP', name: 'OS_DISK') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine_disks.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine_disks.md deleted file mode 100644 index 50a2636c11..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machine_disks.md +++ /dev/null @@ -1,155 +0,0 @@ -+++ -title = "azure_virtual_machine_disks Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_machine_disks" -identifier = "inspec/resources/azure/azure_virtual_machine_disks Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_machine_disks` InSpec audit resource to test the properties related to disks for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_virtual_machine_disks` resource block returns all disks within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_virtual_machine_disks do - it { should exist } -end -``` - -Or - -```ruby -describe azure_virtual_machine_disks(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`attached` -: Indicates whether the disk is currently mounted to a running VM. - -: **Field**: `attached` - -`resource_group` -: A list of resource groups for all the disks. - -: **Field**: `resource_group` - -`names` -: A list of names for all the disks. - -: **Field**: `name` - -`locations` -: A list of locations of the disks. - -: **Field**: `location` - -`properties` -: A list of properties of the disks. - -: **Field**: `properties` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Filter the attached disks - -```ruby -describe azure_virtual_machine_disks(resource_group: 'RESOURCE_GROUP').where(attached: true) do - it { should exist } - its('count') { should eq 3} -end -``` - -### Loop through disks by their IDs - -```ruby -azure_virtual_machine_disks.ids.each do |id| - describe azure_virtual_machine_disk(resource_id: id) do - it { should exist } - end -end -``` - -### Test that there are disks that include a certain string in their names (Client Side Filtering) - -```ruby -describe azure_virtual_machine_disks(resource_group: 'RESOURCE_GROUP').where { name.include?('Windows') } do - it { should exist } -end -``` - -### Test that there are disks that include a certain string in their names (Server Side Filtering via Generic Resource - Recommended) - -```ruby -describe azure_generic_resources(resource_provider: 'Microsoft.Compute/disks', substring_of_name: 'Windows') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no disks are in the resource group. - -describe azure_virtual_machine_disks(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns a single virtual machine. - -describe azure_virtual_machine_disks.where(attached: true ) do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machines.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machines.md deleted file mode 100644 index 7b88bac3a2..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_machines.md +++ /dev/null @@ -1,165 +0,0 @@ -+++ -title = "azure_virtual_machines Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_machines" -identifier = "inspec/resources/azure/azure_virtual_machines Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_machines` InSpec audit resource to test the properties related to virtual machines for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_virtual_machines` resource block returns all Azure virtual machines within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_virtual_machines do - #... -end -``` - -Or - -```ruby -describe azure_virtual_machines(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`os_disks` -: A list of OS disk names for all the virtual machines. - -: **Field**: `os_disk` - -`data_disks` -: A list of data disks for all the virtual machines. - -: **Field**: `data_disks` - -`vm_names` -: A list of all the virtual machine names. - -: **Field**: `name` - -`platforms` -: A list of virtual machine operation system platforms. Supported values are `windows` and `linux`. - -: **Field**: `platform` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test if any virtual machines exist in the resource group - -```ruby -describe azure_virtual_machines(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -**Filters Based on Platform.** - -```ruby -describe azure_virtual_machines(resource_group: 'RESOURCE_GROUP').where(platform: 'windows') do - it { should exist } -end -``` - -### Loop through virtual machines by their IDs - -```ruby -azure_virtual_machines.ids.each do |id| - describe azure_virtual_machine(resource_id: id) do - it { should exist } - end -end -``` - -### Test if there are Windows virtual machines - -```ruby -describe azure_virtual_machines(resource_group: 'RESOURCE_GROUP').where(platform: 'windows') do - it { should exist } -end -``` - -### Test that there are virtual machines that includes a certain string in their names (Client Side Filtering) - -```ruby -describe azure_virtual_machines(resource_group: 'MyResourceGroup').where { name.include?('WindowsVm') } do - it { should exist } -end -``` - -### Test that there are virtual machine that includes a certain string in their names (Server Side Filtering via Generic Resource - Recommended) - -```ruby -describe azure_generic_resources(resource_group: 'RESOURCE_GROUP', resource_provider: 'Microsoft.Compute/virtualMachine', substring_of_name: 'WindowsVm') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no virtual machines are in the resource group. - -describe azure_virtual_machines(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns a single virtual machine. - -describe azure_virtual_machines(resource_group: 'RESOURCE_GROUP').where(platform: 'windows') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network.md deleted file mode 100644 index 54dda4671d..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azure_virtual_network Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network" -identifier = "inspec/resources/azure/azure_virtual_network Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network` InSpec audit resource to test the properties related to a virtual network. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and virtual network `name` or the `resource_id` are required parameters. - -```ruby -describe azure_virtual_network(resource_group: 'RESOURCE_GROUP', name: 'VNET_NAME') do - it { should exist } -end -``` - -```ruby -describe azure_virtual_network(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/virtualNetworks/{vnName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the virtual network to test. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`subnets` -: The list of subnet names that are attached to this virtual network. `its('subnets') { should eq ["MySubnetName"] }`. - -`address_space` -: The list of address spaces used by the virtual network. `its('address_space') { should eq ["x.x.x.x/x"] }`. - -`dns_servers` -: The list of DNS servers configured for the virtual network. The virtual network returns these IP addresses when virtual machines makes a DHCP request. `its('dns_servers') { should eq ["x.x.x.x", "x.x.x.x"] }`. - -`vnet_peerings` -: A mapping of names and the virtual network ids of the virtual network peerings. `its('vnet_peerings') { should eq "MyVnetPeeringConnection"=>"PeeringConnectionID"}`. - -`enable_ddos_protection` -: Boolean value showing if Azure DDoS standard protection is enabled on the virtual network. `its('enable_ddos_protection') { should eq true }`. - -`enable_vm_protection` -: Boolean value showing if the virtual network has VM protection enabled. `its('enable_vm_protection') { should eq false }`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/virtualnetworks/get#virtualnetwork) for other available properties. Any property in the response may be accessed with the key names separated by dots (`.`). - -## Examples - -### Ensure that the Virtual Network exists in the east US region - -```ruby -describe azure_virtual_network(resource_group: 'RESOURCE_GROUP', name: 'VNET_NAME') do - it { should exist } - its('location') { should eq 'eastus' } -end -``` - -### Ensure that the Virtual Network's DNS servers are configured as expected - -```ruby -describe azure_virtual_network(resource_group: 'RESOURCE_GROUP', name: 'VNET_NAME') do - its('dns_servers') { should eq ["192.168.0.6"] } -end -``` - -### Ensure that the Virtual Network's address space is configured as expected - -```ruby -describe azure_virtual_network(resource_group: 'RESOURCE_GROUP', name: 'VNET_NAME') do - its('address_space') { should eq ["192.168.0.0/24"] } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a virtual network is found, it will exist. - -describe azure_virtual_network(resource_group: 'RESOURCE_GROUP', name: 'VNET_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Virtual networks that are not found, will not exist. - -describe azure_virtual_network(resource_group: 'RESOURCE_GROUP', name: 'DOESNOTEXIST') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway.md deleted file mode 100644 index ae7ad4532a..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_virtual_network_gateway Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network_gateway" -identifier = "inspec/resources/azure/azure_virtual_network_gateway Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network_gateway` InSpec audit resource to test the properties and configuration of an Azure Virtual Network Gateway. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name` are required parameters. - -```ruby -describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - it { should exist } -end -``` - -## Parameters - -`resource_group` _(REQUIRED)_ - -: The Azure resource group where the targeted resource resides. - -`name` _(REQUIRED)_ - -: The unique name of the targeted resource. - -## Properties - -`name` -: The resource name. - -`id` -: The resource ID. - -`etag` -: A unique read-only string that changes whenever the resource is updated. - -`type` -: The resource type. - -`location` -: The resource location. - -`tags` -: The resource tags. - -`properties.bgpSettings` -: The virtual network gateway's BGP speaker settings. - -`properties.provisioningState` -: The provisioning state of the virtual network gateway resource. - -`properties.vpnClientConfiguration` -: The reference to the VpnClientConfiguration resource, which represents the P2S VpnClient configurations. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-gateway/virtual-network-gateways/get) for other available properties. Any attribute in the response is accessed with the key names separated by dots (`.`). - -## Examples - -### Test the VPN client protocol of a virtual network gateway - -```ruby -describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - its('properties.vpnClientConfiguration.vpnClientProtocols') { should include 'OpenVPN' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). - -### exists - -```ruby -# If we expect a virtual network gateway to always exist. - -describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a virtual network gateway to never exist. - -describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway_connection.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway_connection.md deleted file mode 100644 index 5a8af94dd3..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway_connection.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "azure_virtual_network_gateway_connection Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network_gateway_connection" -identifier = "inspec/resources/azure/azure_virtual_network_gateway_connection Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network_gateway_connection` InSpec audit resource to test the properties related to an Azure Virtual Network Gateway connection. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Virtual Network Gateway connection to test. - -`resource_group` -: Azure resource group name where the targeted resource resides. - -The parameter set should be provided for a valid query is `resource_group` and `name`. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. - -`eTag` -: A unique read-only string that changes whenever the resource is updated. - -`location` -: Resource location. - -`properties.provisioningState` -: The provisioning state of the virtual network gateway resource. - -`properties.connectionType` -: Gateway connection type. - -`properties.useLocalAzureIpAddresses` -: Use private local Azure IP for the connection. - -`properties.ipsecPolicies` -: The IPSec Policies to be considered by this connection. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-gateway/virtual-network-gateway-connections/get) for other available properties. Any attribute in the response is accessed with the key names separated by dots (`.`). - -## Examples - -### Test that the Virtual Network Gateway connection protocol is IKEv1 - -```ruby -describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - its('connectionProtocol') { should eq 'IKEv1' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Virtual Network Gateway connection is found, it will exist. - -describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If Virtual Network Gateway connection is not found, it will not exist. - -describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway_connections.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway_connections.md deleted file mode 100644 index 4f1e7bfe0e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateway_connections.md +++ /dev/null @@ -1,153 +0,0 @@ -+++ -title = "azure_virtual_network_gateway_connections Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network_gateway_connections" -identifier = "inspec/resources/azure/azure_virtual_network_gateway_connections Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network_gateway_connections` InSpec audit resource to test the properties related to all Azure Virtual Network Gateway connections within a project. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_virtual_network_gateway_connections` resource block returns all Azure Virtual Network Gateway connections within a project. - -```ruby -describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group name where the targeted resource resides. - -The parameter set should be provided for a valid query: - -- `resource_group` - -## Properties - -`ids` -: A list of resource IDs. - -: **Field**: `id` - -`names` -: A list of resource names. - -: **Field**: `name` - -`types` -: A list of types. - -: **Field**: `type` - -`eTags` -: A list of eTags. - -: **Field**: `eTag` - -`locations` -: A list of all locations. - -: **Field**: `location` - -`properties` -: A list of Properties for all the virtual network gateway connections. - -: **Field**: `properties` - -`provisioningStates` -: A list of provisioning states. - -: **Field**: `provisioningState` - -`connectionTypes` -: A list of gateway connection types. - -: **Field**: `connectionType` - -`connectionProtocols` -: A list of connection protocols used for this connection. - -: **Field**: `connectionProtocol` - -`useLocalAzureIpAddresses` -: A list of private local Azure IPs for the connection. - -: **Field**: `datacenterManagementServerName` - -`ipsecPolicies` -: A list of all the IPSec policies to be considered by this connection. - -: **Field**: `ipsecPolicies` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through Virtual Network Gateway connection by their names - -```ruby -azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` - -### Test that there are Virtual Network Gateway connections with IPsec type - -```ruby -describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP').where(connectionType: 'VPN_CONNECTION_TYPE') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no Virtual Network Gateway connection is present in the project and the resource group. - -describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one Virtual Network Gateway connection in the project and the resource group. - -describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="reader" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateways.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateways.md deleted file mode 100644 index bbef6e3337..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_gateways.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_virtual_network_gateways Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network_gateways" -identifier = "inspec/resources/azure/azure_virtual_network_gateways Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network_gateways` InSpec audit resource to test the properties and configuration of multiple Azure Virtual Network Gateways. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_virtual_network_gateways` resource block returns all VPN gateways within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_virtual_network_gateways do - #... -end -``` - -Or - -```ruby -describe azure_virtual_network_gateways(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the resources being interrogated. - -: **Field**: `location` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that an example resource group has the named VPN gateway - -```ruby -describe azure_virtual_network_gateways(resource_group: 'EXAMPLEGROUP') do - its('names') { should include('ExampleName') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have VPN Gateways. - -describe azure_virtual_network_gateways(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group to not have VPN Gateways. - -describe azure_virtual_network_gateways(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_peering.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_peering.md deleted file mode 100644 index e43c18471d..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_peering.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "azure_virtual_network_peering Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network_peering" -identifier = "inspec/resources/azure/azure_virtual_network_peering Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network_peering` InSpec audit resource to test the properties related to peering for a virtual network. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -This resource requires either the `resource_id` parameter or the `resource_group`, `vnet,` and `name` parameters. - -```ruby -describe azure_virtual_network_peering(resource_group: 'RESOURCE_GROUP',vnet: 'VIRTUAL-NETWORK-NAME' name: 'VIRTUAL-NETWORK-PEERING-NAME') do - it { should exist } -end -``` - -```ruby -describe azure_virtual_network_peering(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Network/virtualNetworks/{vnName}/virtualNetworkPeerings/{virtualNetworkPeeringName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`vnet` -: Name of the Azure virtual network where the virtual network peering is created. - -`name` -: Name of the Azure virtual network peering to test. - -`resource_id` -: The unique resource ID. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group`, `vnet` and `name` - -## Properties - -`peering_state` -: The peering state for the virtual network peering. `its('peering_state') { should eq "Connected" }`. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/virtual-network-peerings/get#virtualnetworkpeering) for other available properties. Any property in the response may be accessed with the key names separated by dots (`.`). - -## Examples - -### Ensure that the Virtual Network Peering state is connected - -```ruby -describe azure_virtual_network_peering(resource_group: 'RESOURCE_GROUP',vnet: 'VIRTUAL-NETWORK-NAME' name: 'VIRTUAL-NETWORK-PEERING-NAME') do - its('peering_state') { should eq 'Connected' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# If a Virtual Network Peering is found, it will exist. - -describe azure_virtual_network_peering(resource_group: 'RESOURCE_GROUP',vnet: 'VIRTUAL-NETWORK-NAME' name: 'VIRTUAL-NETWORK-PEERING-NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Virtual Network Peerings that are not found, will not exist. - -describe azure_virtual_network_peering(resource_group: 'RESOURCE_GROUP',vnet: 'VIRTUAL-NETWORK-NAME' name: 'VIRTUAL-NETWORK-PEERING-NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_peerings.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_peerings.md deleted file mode 100644 index 8422fa3728..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_network_peerings.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "azure_virtual_network_peerings Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_network_peerings" -identifier = "inspec/resources/azure/azure_virtual_network_peerings Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_network_peerings` InSpec audit resource to test the properties related to virtual network peerings of a virtual network. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `vnet` are required parameters. - -```ruby -describe azure_virtual_network_peerings(resource_group: 'RESOURCE_GROUP', vnet: 'VIRTUAL-NETWORK-NAME') do - #... -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`vnet` -: The virtual network where the network PEERING you wish to test is part. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of all the resources being interrogated. - -: **Field**: `name` - -`etags` -: A list of etags defined on the resources. - -: **Field**: `etag` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Exists if any Virtual Network Peerings exist for a given Virtual Network in the resource group - -```ruby -describe azure_virtual_network_peerings(resource_group: 'MyResourceGroup', vnet: 'virtual-network-name') do - it { should exist } -end -``` - -**Filters the Results to Only Those that Match the Given Name.** - -```ruby -describe azure_virtual_network_peerings(resource_group: 'RESOURCE_GROUP', vnet: 'VIRTUAL-NETWORK-NAME') do - .where(name: 'MyVirtualNetworkPeering') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no virtual network peerings are in the virtual network. - -describe azure_virtual_network_peerings(resource_group: 'RESOURCE_GROUP', vnet: 'VIRTUAL-NETWORK-NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_networks.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_networks.md deleted file mode 100644 index e562de805c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_networks.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "azure_virtual_networks Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_networks" -identifier = "inspec/resources/azure/azure_virtual_networks Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_networks` InSpec audit resource to test the properties related to virtual networks within your subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_virtual_networks` resource block returns all Azure virtual networks within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_virtual_networks do - #... -end -``` - -Or - -```ruby -describe azure_virtual_networks(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`locations` -: A list of locations for all the virtual networks. - -: **Field**: `location` - -`names` -: A list of all the virtual network names. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources. - -: **Field**: `tags` - -`etags` -: A list of etags defined on the resources. - -: **Field**: `etag` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Exists if any virtual networks exist in the resource group - -```ruby -describe azure_virtual_networks(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` - -### Filters the results to only those that match the given name (Client Side) - -```ruby -**Insist that MyVnetName exists.** - -describe azure_virtual_networks(resource_group: 'RESOURCE_GROUP').where(name: 'VNET_NAME') do - it { should exist } -end -``` - -```ruby -**Insist that you have at least one virtual network that starts with 'prefix'.** - -describe azure_virtual_networks(resource_group: 'RESOURCE_GROUP').where { name.include?('project_A') } do - it { should exist } -end -``` - -### Filters the networks at Azure API to only those that match the given name via a generic resource (Recommended) - -```ruby -**Fuzzy string matching.** - -describe azure_generic_resources(resource_group: 'RESOURCE_GROUP', resource_provider: 'Microsoft.Network/virtualNetworks', substring_of_name: 'project_A') do - it { should exist } -end -``` - -```ruby - -**Exact name matching.** - -describe azure_generic_resources(resource_group: 'RESOURCE_GROUP', resource_provider: 'Microsoft.Network/virtualNetworks', name: 'MyVnetName') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no virtual networks are in the resource group. - -describe azure_virtual_networks(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_wan.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_wan.md deleted file mode 100644 index f4c1a9a32c..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_wan.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azure_virtual_wan Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_wan" -identifier = "inspec/resources/azure/azure_virtual_wan Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_wan` InSpec audit resource to test the properties related to an Azure Virtual WAN in a given resource group. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`name` and `resource_group` are required parameters. - -```ruby -describe azure_virtual_wan(resource_group: 'RESOURCE_GROUP', name: 'DEFAULT_WAN') do - it { should exist } - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -```ruby -describe azure_virtual_wan(resource_group: 'RESOURCE_GROUP', name: 'DEFAULT_WAN') do - it { should exist } -end -``` - -## Parameters - -`name` -: Name of the Azure Virtual WAN to test. - -`resource_group` -: The resource group name of the VirtualWan. - -## Properties - -`id` -: Resource ID. - -`name` -: Resource name. - -`type` -: Resource type. - -`etag` -: A unique read-only string that changes whenever the resource is updated. - -`location` -: Resource location. - -`properties.provisioningState` -: The provisioning state of the Virtual WAN resource. - -`properties.disableVpnEncryption` -: VPN encryption to be disabled or not. - -`properties.allowBranchToBranchTraffic` -: True if branch-to-branch traffic is allowed. - -`properties.office365LocalBreakoutCategory` -: The office local breakout category. - -`properties.type` -: The type of the Virtual WAN. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualwan/virtual-wans/get) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -### Test that a Virtual WAN's encryption is not disabled - -```ruby -describe azure_virtual_wan(resource_group: 'RESOURCE_GROUP', name: 'DEFAULT_WAN') do - its('properties.disableVpnEncryption') { should_not be_falsey } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Virtual WAN is found, it will exist. - -describe azure_virtual_wan(resource_group: 'RESOURCE_GROUP', name: 'DEFAULT_WAN') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If no Virtual WAN's are found, it will not exist. - -describe azure_virtual_wan(resource_group: 'RESOURCE_GROUP', name: 'DEFAULT_WAN') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_wans.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_wans.md deleted file mode 100644 index 9cf31d5d78..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_virtual_wans.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "azure_virtual_wans Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_virtual_wans" -identifier = "inspec/resources/azure/azure_virtual_wans Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_virtual_wans` InSpec audit resource to test the properties related to all Azure Virtual WANs in a subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_virtual_wans` resource block returns all Azure Virtual WANs in a subscription. - -```ruby -describe azure_virtual_wans do - #... -end -``` - -## Parameters - -This resource does not require any parameters. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names for all the resources. - -: **Field**: `name` - -`etags` -: A list of etag for all the resources. - -: **Field**: `etag` - -`types` -: A list of types for all the resources. - -: **Field**: `type` - -`locations` -: A list of locations for all the resources. - -: **Field**: `location` - -`properties` -: A list of properties for all the resources. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that the Virtual WAN type is standard - -```ruby -describe azure_virtual_wans.where{ properties.select{|prop| prop.type == 'Standard' } } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no virtual WANs are present. - -describe azure_virtual_wans do - it { should_not exist } -end - -# Should exist if the filter returns at least one virtual WAN. - -describe azure_virtual_wans do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_web_app_function.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_web_app_function.md deleted file mode 100644 index 6e721a46ea..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_web_app_function.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "azure_web_app_function Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_web_app_function" -identifier = "inspec/resources/azure/azure_web_app_function Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_web_app_function` InSpec audit resource to test the properties related to an Azure function. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `site_name` and `function_name` or the `resource_id` are required parameters. - -```ruby -describe azure_web_app_function(resource_group: resource_group, site_name: site_name, function_name: function_name) do - it { should exist } - its('name') { should cmp "#{site_name}/#{function_name}" } - its('type') { should cmp 'Microsoft.Web/sites/functions' } - its('properties.name') { should cmp function_name } - its('properties.language') { should cmp 'Javascript' } -end -``` - -```ruby -describe azure_web_app_function(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/sites/{siteName}/functions/{functionName}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the Azure function app to test. `FunctionApp`. - -`site_name` -: Name of the Azure function app to test (for backward compatibility). `FunctionApp`. - -`function_name` -: Name of the Azure function to test `Function`. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/sites/{siteName}/functions/{functionName}`. - -Either one of the parameter sets can be provided for a valid query: - -- `resource_id` -- `resource_group` and `name` and `function_name` -- `resource_group` and `site_name` and `function_name` - -## Properties - -`config_href` -: Config URI. - -`function_app_id` -: Function app ID. - -`language` -: The function language. - -`isDisabled` -: Gets or sets a value indicating whether the function is disabled. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/getfunction#functionenvelope) for other available properties. You can access any attribute in the response with the key names separated by dots (`.`). - -## Examples - -**Test <>.** - -```ruby -describe azure_web_app_function(resource_group: 'RESOURCE_GROUP', site_name: 'functions-http', function_name: 'HttpTrigger1') do - its('properties.language') { should eq 'Javascript' } -end -``` - -**Test <>.** - -```ruby -describe azure_web_app_function(resource_group: 'RESOURCE_GROUP', site_name: 'functions-http', function_name: 'HttpTrigger1') do - its('properties.isDisabled') { should be_false } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a key vault is found, it will exist. - -describe azure_web_app_function(resource_group: 'RESOURCE_GROUP', site_name: 'functions-http', function_name: 'HttpTrigger1') do - it { should exist } -end -``` - -### not_exists - -```ruby -# Key vaults that are not found, will not exist. - -describe azure_web_app_function(resource_group: 'RESOURCE_GROUP', site_name: 'functions-http', function_name: 'HttpTrigger1') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_web_app_functions.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_web_app_functions.md deleted file mode 100644 index 7cfd28c8a2..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_web_app_functions.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "azure_web_app_functions Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_web_app_functions" -identifier = "inspec/resources/azure/azure_web_app_functions Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_web_app_functions` InSpec audit resource to test the properties related to azure functions for a resource group or the entire subscription. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_web_app_functions` resource block returns all Azure functions within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_web_app_functions(resource_group: 'RESOURCE_GROUP', site_name: 'function-app-http') do - #... -end -``` - -or - -```ruby -describe azure_web_app_functions(resource_group: 'RESOURCE_GROUP', site_name: 'function-app-http') do - #... -end -``` - -## Parameters - -`resource_group` - -: The name of the resource group. - -`site_name` - -: The name of the function App. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of all the key vault names. - -: **Field**: `name` - -`types` -: A list of types of all the functions. - -: **Field**: `type` - -`locations` -: A list of locations for all the functions. - -: **Field**: `location` - -`properties` -: A list of properties for all the functions. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Loop through functions by their IDs - -```ruby -azure_web_app_functions(resource_group: 'RESOURCE_GROUP', site_name: 'function-app-http').ids.each do |id| - describe azure_web_app_function(resource_id: id) do - it { should exist } - end -end -``` - -### Test that there are functions that include a certain string in their names (Client Side Filtering) - -```ruby -describe azure_web_app_functions(resource_group: 'RESOURCE_GROUP', site_name: 'function-app-http').where { name.include?('queue') } do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -# Should not exist if no functions are in the resource group. - -describe azure_web_app_functions(resource_group: 'RESOURCE_GROUP', site_name: 'function-app-http') do - it { should_not exist } -end -``` - -### not_exists - -```ruby -# Should exist if the filter returns at least one key vault. - -describe azure_web_app_functions(resource_group: 'RESOURCE_GROUP', site_name: 'function-app-http') do - it { should exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_webapp.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_webapp.md deleted file mode 100644 index 6af63124f0..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_webapp.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azure_webapp Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_webapp" -identifier = "inspec/resources/azure/azure_webapp Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_webapp` InSpec audit resource to test the properties and configuration of an Azure webapp. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -`resource_group` and `name` or the `resource_id` are required parameters. - -```ruby -describe azure_webapp(resource_group: 'RESOURCE_GROUP', name: 'MY_APP') do - it { should exist } -end -``` - -```ruby -describe azure_webapp(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}') do - it { should exist } -end -``` - -## Parameters - -`resource_group` -: Azure resource group where the targeted resource resides. - -`name` -: Name of the webapp to test. `my_webapp`. - -`resource_id` -: The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}`. - -`auth_settings_api_version` -: The endpoint API version for the `auth_settings` property. The latest version will be used unless provided. - -`configuration_api_version` -: The endpoint API version for the `configuration` property. The latest version will be used unless provided. - -`supported_stacks_api_version` -: The endpoint API version for the `supported_stacks` property. The latest version will be used unless provided. - -Either one of the parameter sets can be provided for a valid query along with the optional ones: - -- `resource_id` -- `resource_group` and `name` - -## Properties - -`auth_settings` -: Authentication/Authorization settings of the interrogated app with [these](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/getauthsettings#siteauthsettings) properties. - -`configuration` -: Configuration of an app, such as platform version, default documents, virtual applications, or always on. For more information, see the [Azure Web Apps SiteConfigResource documentation](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/getconfiguration#siteconfigresource). - -`supported_stacks` -: Available application frameworks and their versions with [these](https://docs.microsoft.com/en-us/rest/api/appservice/provider/getavailablestacks#applicationstackcollection) properties. - -For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). - -Also, see the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/get#site) for other available properties. -You can access any attribute in the response with the key names separated by dots (`.`). For example, `properties.`. - -## Examples - -### Test that a resource group has the specified Webapp and verify it's authentication settings, platform-specific security token storing is enabled - -```ruby -describe azure_webapp(resource_group: 'EXAMPLE', name: 'WEBAPP_NAME') do - it { should exist } - its('auth_settings.properties') { should have_attributes(enabled: true ) } - its('configuration.properties') { should have_attributes(tokenStoreEnabled: true) } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### Test webapp to ensure it's using the latest supported version of .NET - -```ruby -describe azure_webapp(resource_group: 'EXAMPLE', name: 'WEBAPP_NAME') do - it { should be_using_latest('aspnet') } -end -``` - -### Test webapp to ensure it's using the latest supported version of Python - -```ruby -describe azure_webapp(resource_group: 'EXAMPLE', name: 'WEBAPP_NAME') do - it { should be_using_latest('python') } -end -``` - -### exists - -```ruby -# If we expect a resource to always exist. - -describe azure_webapp(resource_group: 'RESOURCE_GROUP', name: 'WEBAPP_NAME') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect a resource to never exist. - -describe azure_webapp(resource_group: 'RESOURCE_GROUP', name: 'WEBAPP_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_webapps.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_webapps.md deleted file mode 100644 index 602cdebcc8..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/azure_webapps.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "azure_webapps Resource" -platform = "azure" -draft = false -gh_repo = "inspec-azure" - -[menu.inspec] -title = "azure_webapps" -identifier = "inspec/resources/azure/azure_webapps Resource" -parent = "inspec/resources/azure" -+++ - -Use the `azure_webapps` InSpec audit resource to test the properties and configuration of multiple Azure web applications. - -## Azure REST API Version, Endpoint, and HTTP Client Parameters - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_common_parameters.md" >}} - -## Install - -{{< readfile file="content/inspec/resources/reusable/md/inspec_azure_install.md" >}} - -## Syntax - -An `azure_webapps` resource block returns all webapps within a resource group (if provided) or an entire subscription. - -```ruby -describe azure_webapps do - #... -end -``` - -Or - -```ruby -describe azure_webapps(resource_group: 'RESOURCE_GROUP') do - #... -end -``` - -## Parameters - -`resource_group` _(optional)_ - -: The name of the resource group. - -## Properties - -`ids` -: A list of the unique resource IDs. - -: **Field**: `id` - -`names` -: A list of names of all the resources being interrogated. - -: **Field**: `name` - -`tags` -: A list of `tag:value` pairs defined on the resources being interrogated. - -: **Field**: `tags` - -`properties` -: A list of properties for all the resources being interrogated. - -: **Field**: `properties` - -{{< note >}} - -{{< readfile file="content/inspec/reusable/md/inspec_filter_table.md" >}} - -{{< /note>}} - -## Examples - -### Test that an example resource group has the named web application - -```ruby -describe azure_webapps(resource_group: 'EXAMPLEGROUP') do - its('names') { should include('my_web_app') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. - -```ruby -# If we expect 'EXAMPLEGROUP' resource group to have at least one web application. - -describe azure_webapps(resource_group: 'EXAMPLEGROUP') do - it { should exist } -end -``` - -### not_exists - -```ruby -# If we expect 'EMPTYEXAMPLEGROUP' resource group to not have any web applications. - -describe azure_webapps(resource_group: 'EMPTYEXAMPLEGROUP') do - it { should_not exist } -end -``` - -## Azure Permissions - -{{% inspec-azure/azure_permissions_service_principal role="contributor" %}} diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/index.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/index.md deleted file mode 100644 index 41de90ae49..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/index.md +++ /dev/null @@ -1,5 +0,0 @@ -+++ -headless = true -## headless = true makes this directory a headless bundle. -## See https://gohugo.io/content-management/page-bundles/#headless-bundle -+++ diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/md/inspec_azure_common_parameters.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/md/inspec_azure_common_parameters.md deleted file mode 100644 index 697c80a99e..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/md/inspec_azure_common_parameters.md +++ /dev/null @@ -1,8 +0,0 @@ - -This resource interacts with API versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, this resource uses the latest version. -For more information, refer to the [`azure_generic_resource`](/inspec/resources/azure_generic_resource/) document. - -Unless defined, this resource uses the `azure_cloud` global endpoint and default values for the HTTP client. -For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure). diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/md/inspec_azure_install.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/md/inspec_azure_install.md deleted file mode 100644 index 3dd26c5fb4..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/content/inspec/resources/reusable/md/inspec_azure_install.md +++ /dev/null @@ -1,4 +0,0 @@ - -This resource is available in the [Chef InSpec Azure resource pack](https://github.com/inspec/inspec-azure). - -For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the [Chef InSpec documentation for the Azure cloud platform](/inspec/cloud/azure/). diff --git a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/layouts/shortcodes/inspec-azure/azure_permissions_service_principal.md b/_vendor/github.com/inspec/inspec-azure/docs-chef-io/layouts/shortcodes/inspec-azure/azure_permissions_service_principal.md deleted file mode 100644 index 8e66f3cf81..0000000000 --- a/_vendor/github.com/inspec/inspec-azure/docs-chef-io/layouts/shortcodes/inspec-azure/azure_permissions_service_principal.md +++ /dev/null @@ -1,2 +0,0 @@ - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with at least a `{{ .Get "role" }}` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_package.md b/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_package.md deleted file mode 100644 index 99e531fac2..0000000000 --- a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_package.md +++ /dev/null @@ -1,214 +0,0 @@ -+++ -title = "habitat_package resource" -draft = false -platform = "habitat" - -[menu] - [menu.inspec] - title = "habitat_package" - identifier = "inspec/resources/habitat/habitat_package.md habitat_package resource" - parent = "inspec/resources/habitat" -+++ - -[\[edit on GitHub\]](https://github.com/inspec/inspec-habitat/blob/master/docs/resources/habitat_package.md) - -Use the `habitat_package` InSpec audit resource to test properties of a single Habitat package. - -## Availability - -### Status: EXPERIMENTAL - -This resource, like all of the inspec-habitat resource pack, is in the early stages of research and development. Functionality may be defective, incomplete, or be withdrawn in the future. If you are interested in helping this project mature, please join the conversation or contribute code at the [inspec-habitat project](https://github.com/inspec/inspec-habitat). - -### Connecting to Habitat - -To configure `inspec` to be able to communicate with Chef Habitat, be sure [to follow the instructions](https://github.com/inspec/inspec-habitat#configuring-inspec-to-reach-habitat) regarding configuring the connection options. This will prevent 'unsupported platform' errors. - -## Examples - -### Check for core/httpd package - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - it { should exist } - its('version') { should eq '2.4.35'} - its('release') { should eq '20190307151146'} -end -``` - -## Limitations - -### API versus CLI access - -Habitat exposes certain data via the CLI, and other data via the HTTP Gateway API. - -This resource is **only** available using CLI credentials. - -If you use the API interface without the CLI, instances of this resource will behave as if the sought-after package was not found. - -### Behavior when not found - -If the package is not found, then this resource behaves as follows: - -- `it { should exist }` will be a failing test. Check this test if you are unsure if the resource will exist; it is guaranteed to be reliable in the future. -- `name`, `origin`, `version`, and `release` will continue to return their values as set in the resource parameters. This allows output messaging to refer to the missing package clearly. -- `identifier` will return as much information as it can assemble from `name`, `origin`, `version`, and `release`. -- All other single-value properties will return `nil`. -- All array- and hash-valued properties will return empty objects. -- All matchers will return `false`. - -### Behavior when multiple packages match - -A system can have multiple versions of the same-named package installed (or even multiple releases of the same version of the same named package). For this reason, if you under-specify the resource parameters, you may match with multiple packages. Under these conditions, this resource will throw an `ArgumentError` exception, and the resource test will be recorded as a failure. - -To avoid this possibility, fully specify the resource parameters, including `version` and `release`. - -To list all installed versions and releases of a named package, use the plural resource `habitat_packages`. - -## Availability - -### Installation - -This resource is in the `inspec-habitat` resource pack. You can use the resource by setting an InSpec profile dependency on this resource pack. See [inspec-habitat instructions](https://github.com/inspec/inspec-habitat#installation) - -### Version - -This resource was first available in version 0.1.0 of the resource pack. - -## Resource Parameters - -Use [resource parameters](/inspec/glossary/#resource-parameter) to identify the particular package you wish to test. - -`habitat_package` can accept a single resource parameter, a `String` package identifier; or it can accept a `Hash` of identifier components. - -### As a single `String` - -Using this approach, you pass the package identifier as a single `String`. It should consist of `///`, though `version` and `release` are optional. - -```ruby -describe habitat_package('core/httpd') do - it { should exist } -end -``` - -### Using individual identifier components as a `Hash` - -This approach can make it easier to write resource tests that use InSpec inputs or Ruby variables. - -#### origin - -`String`. The name of the `origin` (distribution facility) that provides the package. - -```ruby -# Most common origin is 'core', publicly distributed packages created by Chef -describe habitat_package(origin: 'core', name: 'httpd') do - it { should exist } -end - -# Your company might run a private origin -describe habitat_package(origin: 'mycorp', name: 'secret-sauce') do - it { should exist } -end -``` - -#### name - -`String`. The name (unique within the namespace of the origin) of the package. This may match more than one package; see [Behavior when multiple packages match](#behavior-when-multiple-packages-match). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - it { should exist } -end -``` - -#### release - -`String`, a 14-digit timestamp of the form 'YYYMMDDHHmmSS'. The release number of the package as determined by the packager of the software. If you provide this, you must also provide the version; with all four components, the match is guarenteed to be unique. - -```ruby -describe habitat_package(origin: 'core', name: 'httpd', version: '2.3.5', release: '20190307151146') do - it { should exist } -end -``` - -#### version - -`String`, typically of the form `1.2.3` but formats vary. The version of the package as determined by the author of the software. This may match more than one package, because multiple releases of the same version may be co-installed; see [Behavior when multiple packages match](#behavior-when-multiple-packages-match). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd', version: '2.3.5') do - it { should exist } -end -``` - -## Properties - -Use [properties](/inspec/glossary/#property) to create tests that compare an expected value to the actual value. - -### identifier - -`String`. The origin, name, version (if known) and release (if known) concatenated with `/`, to create the package identifier. - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - its('identifier') { should eq 'core/httpd/2.4.35/20190307151146' } -end -``` - -### name - -`String`. The name of the package, as passed in via the resource parameter. Always available, even if the resource was not found. See also [origin](#origin) and [version](#version). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - its('name') { should cmp 'httpd' } -end -``` - -### origin - -`String`. The origin name of the package, as passed in via the resource parameter. Always available, even if the resource was not found. See also [name](#name) and [version](#version). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - its('origin') { should cmp 'core' } -end -``` - -### pkg_id - -`String`. The full package identifier of the package, in the form `origin/name/version/release`. See also [name](#name) and [version](#version). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - its('pkg_id') { should cmp 'core/httpd/2.4.35/20190307151146' } -end -``` - -### release - -`String`. The release number of the package, as assigned by the packager. These values are always strings, but are 14-digit timestamps. See also [version](#version). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - its('release') { should be >= '20190307151146' } -end -``` - -### version - -`String`. The version of the package, as assigned by the maintainer of the package project. While many versions are of the 3-digit form, there is no set rule, and exceptions are common. See also [release](#release). - -```ruby -describe habitat_package(origin: 'core', name: 'httpd') do - its('version') { should be >= '2.2' } -end -``` - -## Matchers - -Use [matchers](/inspec/glossary/#matcher) to create tests that test a true or false question. - -InSpec includes a number of [universal matchers](/inspec/matchers/). See below for matchers specific to this resource. - -This resource does not provide any resource-specific matchers. diff --git a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_packages.md b/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_packages.md deleted file mode 100644 index 3ccd423b6a..0000000000 --- a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_packages.md +++ /dev/null @@ -1,205 +0,0 @@ -+++ -title = "habitat_packages resource" -draft = false -platform = "habitat" - -[menu] - [menu.inspec] - title = "habitat_packages" - identifier = "inspec/resources/habitat/habitat_packages.md habitat_packages resource" - parent = "inspec/resources/habitat" -+++ - -[\[edit on GitHub\]](https://github.com/inspec/inspec-habitat/blob/master/docs/resources/habitat_packages.md) - -Use the `habitat_package` (singular) InSpec audit resource to perform in-depth auditing of a single package. - -Use the `habitat_packages` (plural) InSpec audit resource to list Habitat packages, and perform bulk operations. - -## Availability - -### Status: EXPERIMENTAL - -This resource, like all of the inspec-habitat resource pack, is in the early stages of research and development. Functionality may be defective, incomplete, or be withdrawn in the future. If you are interested in helping this project mature, please join the conversation or contribute code at the [inspec-habitat project](https://github.com/inspec/inspec-habitat). - -### Connecting to Habitat - -To configure `inspec` to be able to communicate with Chef Habitat, be sure [to follow the instructions](https://github.com/inspec/inspec-habitat#configuring-inspec-to-reach-habitat) regarding configuring the connection options. This will prevent 'unsupported platform' errors. - -## Examples - -### Ensure httpd and memcached are installed - -```ruby -describe habitat_packages do - its('names') { should include 'httpd' } - its('names') { should include 'memcached' } -end -``` - -### Ensure all packages were updated since January 1, 2018 - -```ruby -describe habitat_packages.where { release <= '20180101000000' } do - it { should_not exist } -end -``` - -### Search for packages, then examine them in detail using `habitat_package` - -```ruby -# Use the plural resource as a data lookup (not as a test)... -habitat_packages.where { origin != 'core' }.habitat_package_params.each do |params| - # ... then use the singular resource to do in-depth testing - describe habitat_package(params) do - # ... - end -end -``` - -## Limitations - -### API versus CLI access - -Habitat exposes certain data via the CLI, and other data via the HTTP Gateway API. This resource is not available via the API; you must provide CLI credentials to use the resource. See the [train-habitat](https://github.com/inspec/train-habitat) documentation for more details. - -If you use this resource without the CLI, this resource will always return zero matches. - -## Availability - -### Installation - -This resource is in the `inspec-habitat` resource pack. You can use this resource by setting an InSpec profile dependency on the resource pack. See [inspec-habitat instructions](https://github.com/inspec/inspec-habitat#installation). - -### Version - -This resource was first available in version 0.1.0 of the resource pack. - -## Resource Parameters - -[Resource parameters](/inspec/glossary/#resource-parameter) are arguments passed to the resource in the control code. - -This resource does not accept resource parameters, which is typical for plural resources. - -## Filter Criteria - -[Filter criteria](/inspec/glossary/#filter-criteria) are used to select which packages you wish to examine. If no filter criteria are used, all packages are selected. - -### name - -String. The (unqualified) name of the package under consideration. - -```ruby -# No packages named *ftp* permitted -describe habitat_packages.where(name: /ftp/) do - it { should_not exist } -end -``` - -### origin - -String. The name of the origin that created the package under consideration. - -```ruby -# Examine only packages released by Chef -describe habitat_packages.where(origin: 'bad-origin') do - it { should_not exist } -end -``` - -### release - -String. A 14-digit timestamp, in the format `YYYYMMDDHHMmmSS`. The timestamp reflects the time at which the package backing the package was released. These strings are sortable and comparable. - -```ruby -# Examine packages older than Jan 1 2018 -describe habitat_packages.where { release < '20180101000000' } do - it { should_not exist } -end - -# Examine packages older than 1 year -describe habitat_packages.where { Date.parse(release[0..7]) < Date.today - 365 } do - it { should_not exist } -end - -# Another way -describe habitat_packages.where { release < (Date.today - 365).strftime('%Y%m%d000000') } do - it { should_not exist } -end - -``` - -## Properties - -Use [properties](/inspec/glossary/#property) to create tests that compare an expected value to the actual value. - -### count - -Number. The count of packages that matched the filter criteria. - -```ruby -# Expect 12 total -describe habitat_packages do - its(count) { should cmp 12 } -end -``` - -### habitat_package_params - -`Array` of `Hash`es. Returns a list of a set of options that can be passed directly to `habitat_package` (singular) to load an individual package for in-depth analysis. - -```ruby -# Use the plural resource as a data lookup (not as a test)... -habitat_packages.where { origin != 'core' }.habitat_package_params.each do |params| - # ... then use the singular resource to do in-depth testing - describe habitat_package(params) do - its('release') { should_not be < '201904090000' } - end -end -``` - -### names - -Array of strings. The unqualified name of the package, such as 'httpd'. This list is de-duplicated, though a name is almost always unique anyway. - -```ruby -describe habitat_packages do - its('names') { should include 'httpd' } - its('names') { should include 'memcached' } - its('names') { should_not include 'telnetd' } -end -``` - -### origins - -Array of strings. The names of the origins that created the matched packages. -This list is de-duplicated. - -```ruby -# Only allow core and mycorp-packaged packages -describe habitat_packages do - its('origins') { should include 'core' } - its('origins') { should include 'mycorp' } - # Advanced usage - count an array-valued property - its('origins', 'count') { should cmp 2 } -end -``` - -### releases - -Array of strings. Each string is a 14-digit timestamp, in the format `YYYYMMDDHHMmmSS`. The timestamp reflects the time at which the package backing the package was released. These strings are sortable and comparable. This list is de-duplicated. - -```ruby -# We had a bad Monday -describe habitat_packages do - its('releases') { should_not include '20180325000000' } -end -``` - -## Matchers - -Use [matchers](/inspec/glossary/#matcher) to create tests that test a true or false question. - -InSpec includes a number of [universal matchers](/inspec/matchers/). - -This resource does not define any resource-specific matchers. diff --git a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_service.md b/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_service.md deleted file mode 100644 index 6f1222a7e6..0000000000 --- a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_service.md +++ /dev/null @@ -1,240 +0,0 @@ -+++ -title = "habitat_service resource" -draft = false -platform = "habitat" - -[menu] - [menu.inspec] - title = "habitat_service" - identifier = "inspec/resources/habitat/habitat_service.md habitat_service resource" - parent = "inspec/resources/habitat" -+++ - -[\[edit on GitHub\]](https://github.com/inspec/inspec-habitat/blob/master/docs/resources/habitat_service.md) - -Use the `habitat_service` InSpec audit resource to test properties of a single Habitat service. - -## Availability - -### Status: EXPERIMENTAL - -This resource, like all of the inspec-habitat resource pack, is in the early stages of research and development. Functionality may be defective, incomplete, or be withdrawn in the future. If you are interested in helping this project mature, please join the conversation or contribute code at the [inspec-habitat project](https://github.com/inspec/inspec-habitat). - -### Connecting to Habitat - -To configure `inspec` to be able to communicate with Chef Habitat, be sure [to follow the instructions](https://github.com/inspec/inspec-habitat#configuring-inspec-to-reach-habitat) regarding configuring the connection options. This will prevent 'unsupported platform' errors. - -## Examples - -### Check for core/httpd service - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - it { should exist } - its('version') { should eq '2.4.35'} - its('topology') { should eq 'standalone' } - its('update_strategy') { should eq 'none' } -end -``` - -## Limitations - -### API versus CLI access - -Habitat exposes certain data via the CLI, and other data via the HTTP Gateway API. To enjoy the full functionality of this resource, use a set of credentials that includes the API. Limited data is available by CLI. See the [train-habitat](https://github.com/inspec/train-habitat) documentation for more details. - -If you use the CLI interface without the API, unavailable properties will behave as if the resource was not found (see below). - -### Behavior when not found - -If the service is not found, then this resource behaves as follows: - -- `it { should exist }` will be a failing test. Check this test if you are unsure if the resource will exist; it is guaranteed to be reliable in the future. -- `name` and `origin` will continue to return their values as set in the resource parameters. This allows output messaging to refer to the missing service clearly. -- All other single-value properties will return nil. -- All array and hash-valued properties will return empty objects. -- All matchers will return false. - -## Availability - -### Installation - -This resource is in the `inspec-habitat` resource pack. You can use the resource by setting an InSpec profile dependency on the resource pack. See [inspec-habitat instructions](https://github.com/inspec/inspec-habitat#installation) - -### Version - -This resource was first available in version 0.1.0 of the resource pack. - -## Resource Parameters - -Use [resource parameters](/inspec/glossary/#resource-parameter) to identify the particular service you wish to test. - -### origin - -Required string. The name of the `origin` (distribution facility) of the package that provides the service. - -```ruby -# Most common origin is 'core', publicly distributed packages created by Chef -describe habitat_service(origin: 'core', name: 'httpd') do - it { should exist } -end - -# Your company might run a private origin -describe habitat_service(origin: 'mycorp', name: 'secret-sauce') do - it { should exist } -end -``` - -### name - -Required string. The name (unique within the namespace of the origin) of the package that provides the service. - -```ruby - -describe habitat_service(origin: 'core', name: 'httpd') do - it { should exist } -end - -``` - -## Properties - -Use [properties](/inspec/glossary/#property) to create tests that compare an expected value to the actual value. - -### dependency_names - -Array of strings. A list of the packages that this service depends on, in the form of `dep_origin/dep_name`. This property does not contain version information; see `dependency_ids` for that. - -Requires API connection; not available via CLI. - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - its('dependency_names') { should include 'core/pcre' } - its('dependency_names') { should_not include 'core/nginx' } -end -``` - -### dependency_ids - -Array of strings. A list of the packages that this service depends on, in the form of `dep_origin/dep_name/1.2.3/20190325123456`. This value may be difficult to compare, because the version identifier (`1.2.3`, the third component) may be formatted in any way the maintainer of the project chooses; they need not be of the form `1.2.3`. - -Requires API connection; not available via CLI. - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - # Suppose this version was unwanted, for example - its('dependency_names') { should_not include 'core/pcre/8.42/20190115012526' } -end -``` - -### name - -The name of the service, as passed in via the resource parameter. Always available, even if the resource was not found. See also [origin](#origin) and [version](#version). - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - its('name') { should cmp 'httpd' } -end -``` - -### origin - -The origin name of the service, as passed in via the resource parameter. Always available, even if the resource was not found. See also [name](#name) and [version](#version). - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - its('origin') { should cmp 'core' } -end -``` - -### pkg_id - -String. The full package identifier of the package that supports the service, in the form `origin/name/version/release`. See also [name](#name) and [version](#version). - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - its('pkg_id') { should cmp 'core/httpd/2.4.35/20190307151146' } -end -``` - -### release - -String. The release number of the package that supports the service, as assigned by the packager. These values are always strings, but are 14-digit timestamps. See also [version](#version). - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - its('release') { should be >= '20190307151146' } -end -``` - -### version - -The version of the package that supports the service, as assigned by the maintainer of the package project. While many versions are of the 3-digit form, there is no set rule, and exceptions are common. See also [release](#release). - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - its('version') { should be >= '2.2' } -end -``` - -## Matchers - -Use [matchers](/inspec/glossary/#matcher) to create tests that test a true or false question. - -InSpec includes a number of [universal matchers](/inspec/matchers/). See below for matchers specific to this resource. - -### have_standalone_topology - -This matcher returns `true` if the service is configured in a [`standalone`](https://www.habitat.sh/docs/using-habitat/#standalone) topology. - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - it { should have_standalone_topology } -end -``` - -### have_leader_follower_topology - -This matcher returns `true` if the service is configured in a [`leader-follower`](https://www.habitat.sh/docs/using-habitat/#leader-follower-topology) topology. - -```ruby -describe habitat_service(origin: 'core', name: 'httpd') do - it { should have_leader_follower_topology } -end -``` - -### be_updated_by_none - -This matcher returns `true` if the update strategy for the service is [`none`](https://www.habitat.sh/docs/using-habitat/#none-strategy). - -Requires API connection; not available via CLI. - -```ruby -describe habitat_service(origin: 'core', name: 'postgresql') do - it { should be_updated_by_none } -end -``` - -### be_updated_by_rolling - -This matcher returns `true` if the update strategy for the service is [`rolling`](https://www.habitat.sh/docs/using-habitat/#rolling-strategy). - -Requires API connection; not available via CLI. - -```ruby -describe habitat_service(origin: 'core', name: 'postgresql') do - it { should be_updated_by_rolling } -end -``` - -### be_updated_at_once - -This matcher returns `true` if the update strategy for the service is [`at once`](https://www.habitat.sh/docs/using-habitat/#at-once-strategy). - -Requires API connection; not available via CLI. - -```ruby -describe habitat_service(origin: 'core', name: 'nginx') do - it { should be_updated_at_once } -end -``` diff --git a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_services.md b/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_services.md deleted file mode 100644 index 2de6c8f8bd..0000000000 --- a/_vendor/github.com/inspec/inspec-habitat/docs-chef-io/content/inspec/resources/habitat_services.md +++ /dev/null @@ -1,296 +0,0 @@ -+++ -title = "habitat_services resource" -draft = false -platform = "habitat" - -[menu] - [menu.inspec] - title = "habitat_services" - identifier = "inspec/resources/habitat/habitat_services.md habitat_services resource" - parent = "inspec/resources/habitat" -+++ - -[\[edit on GitHub\]](https://github.com/inspec/inspec-habitat/blob/master/docs/resources/habitat_services.md) - -Use the `habitat_service` (singular) InSpec audit resource to perform in-depth auditing of a single service. - -Use the `habitat_services` (plural) InSpec audit resource to list Habitat services, and perform bulk operations. - -## Availability - -### Status: EXPERIMENTAL - -This resource, like all of the inspec-habitat resource pack, is in the early stages of research and development. Functionality may be defective, incomplete, or be withdrawn in the future. If you are interested in helping this project mature, please join the conversation or contribute code at the [inspec-habitat project](https://github.com/inspec/inspec-habitat). - -### Connecting to Habitat - -To configure `inspec` to be able to communicate with Chef Habitat, be sure [to follow the instructions](https://github.com/inspec/inspec-habitat#configuring-inspec-to-reach-habitat) regarding configuring the connection options. This will prevent 'unsupported platform' errors. - -## Examples - -### Ensure there are 2 services, with the expected names - -```ruby -describe habitat_services do - its('count') { should cmp 2 } - its('names') { should include 'httpd' } - its('names') { should include 'memcached' } -end -``` - -### Ensure all running services were updated since January 1, 2018 - -```ruby -describe habitat_services.where { release <= '20180101000000' } do - it { should_not exist } -end -``` - -### Ensure gcc is not a dependency of any service - -```ruby -# One way - list all services, insist none have a dependency on gcc -describe habitat_services do - its('dependency_names') { should_not include 'core/gcc' } -end - -# Another way - list all services with a dependency on gcc, insist there are none -describe habitat_services.where { dependency_names.include?('core/gcc') } do - it { should_not exist } -end -``` - -### Search for services, then examine them in detail using `habitat_service` - -```ruby -# Use the plural resource as a data lookup (not as a test)... -habitat_services.where { origin != 'core' }.habitat_service_params.each do |params| - # ... then use the singular resource to do in-depth testing - describe habitat_service(params) do - its('release') { should_not be_standalone } - end -end -``` - -## Limitations - -### API versus CLI access - -Habitat exposes certain data via the CLI, and other data via the HTTP Gateway API. To enjoy the full functionality of this resource, use a set of credentials that includes the API. Limited data is available by CLI. See the [train-habitat](https://github.com/inspec/train-habitat) documentation for more details. - -If you use the CLI interface without the API, unavailable properties will return empty arrays or `nil`, and unavailable filter criteria will never match. See each property and filter criteria for details. - -## Availability - -### Installation - -This resource is in the `inspec-habitat` resource pack. You can use the resource by setting an InSpec profile dependency on the resource pack. See [inspec-habitat instructions](https://github.com/inspec/inspec-habitat#installation). - -### Version - -This resource was first available in version 0.1.0 of the resource pack. - -## Resource Parameters - -[Resource parameters](/inspec/glossary/#resource-parameter) are arguments passed to the resource in the control code. - -This resource does not accept resource parameters, which is typical for plural resources. - -## Filter Criteria - -[Filter criteria](/inspec/glossary/#filter-criteria) are used to select which services you wish to examine. If no filter criteria are used, all services are selected. - -### dependency_names - -An array of strings in the form `origin/name`. Each string is the qualified name of a dependency of a service that is being filtered. - -Requires API connection; not available (never matches) via CLI. - -```ruby -describe habitat_services.where { dependency_names.include?('core/gcc') } do - it { should_not exist } -end -``` - -### name - -String. The (unqualified) name of the service under consideration. - -```ruby -# No services named *ftp* permitted -describe habitat_services.where(name: /ftp/) do - it { should_not exist } -end -``` - -### origin - -String. The name of the origin that created the package that backs the service under consideration. - -```ruby -# Examine only services released by Chef -describe habitat_services.where(origin: 'chef') do - its('topologies') { should_not include 'standalone' } -end -``` - -### release - -String. A 14-digit timestamp, in the format `YYYYMMDDHHMmmSS`. The timestamp reflects the time at which the package backing the service was released. These strings are sortable and comparable. - -```ruby -# Examine packages older than Jan 1 2018 -describe habitat_services.where { release < '20180101000000' } do - its('update_strategies' ) { should_not include 'none' } -end - -# Examine packages older than 1 year -describe habitat_services.where { Date.parse(release[0..7]) < Date.today - 365 } do - its('update_strategies' ) { should_not include 'none' } -end - -# Another way -describe habitat_services.where { release < (Date.today - 365).strftime('%Y%m%d000000') } do - its('update_strategies' ) { should_not include 'none' } -end - -``` - -### topology - -String reflecting the topology of the service. Values include `standalone` and `leader` (for leader-follower). See [the Habitat docs](https://www.habitat.sh/docs/using-habitat/#topologies) for implications of these values. - -```ruby -# HA or the highway -describe habitat_services.where(topology: 'standalone') do - it { should_not exist } -end -``` - -### update_strategy - -String reflecting how the software package backing the service should be updated. Values include `none`, `rolling`, and `at-once`. See [the Habitat docs](https://www.habitat.sh/docs/using-habitat/#using-updates) for implications of these values. - -Requires API connection; not available (never matches) via CLI. - -```ruby -# No YOLO -describe habitat_services.where(update_strategy: 'at-once') do - it { should_not exist } -end -``` - -## Properties - -Use [properties](/inspec/glossary/#property) to create tests that compare an expected to value to the actual value. - -### count - -Number. The count of services that matched the filter criteria. - -```ruby -# Expect 12 total -describe habitat_services do - its(count) { should cmp 12 } -end - -describe habitat_services.where(update_strategy: 'at-once') do - it { should_not exist } - its(count) { should cmp 0 } # Same as `should_not exist` -end -``` - -### dependency_names - -Array of strings in the form `origin/name`. Each string is the qualified name of a dependency of a service that was selected by the filter criteria. This list is de-duplicated. - -Requires API connection; not available (always an empty array) via CLI. - -```ruby -describe habitat_services do - its('dependency_names') { should_not include 'core/gcc' } -end -``` - -### habitat_service_params - -Hash. Returns a set of options that can be passed directly to `habitat_service` (singular) to load an individual service for in-depth analysis. - -```ruby -# Use the plural resource as a data lookup (not as a test)... -habitat_services.where { origin != 'core' }.habitat_service_params.each do |params| - # ... then use the singular resource to do in-depth testing - describe habitat_service(params) do - its('release') { should_not be_standalone } - end -end -``` - -### names - -Array of strings. The unqualified name of the service, such as 'httpd'. This list is de-duplicated, though a name is almost always unique anyway. - -```ruby -describe habitat_services do - its('names') { should include 'httpd' } - its('names') { should include 'memcached' } - its('names') { should_not include 'telnetd' } -end -``` - -### origins - -Array of strings. The names of the origins that created the packages that backs the services that were matched. -This list is de-duplicated. - -```ruby -# Only allow core and mycorp-packaged services -describe habitat_services do - its('origins') { should include 'core' } - its('origins') { should include 'mycorp' } - # Advanced usage - count an array-valued property - its('origins', 'count') { should cmp 2 } -end -``` - -### releases - -Array of strings. Each string is a 14-digit timestamp, in the format `YYYYMMDDHHMmmSS`. The timestamp reflects the time at which the package backing the service was released. These strings are sortable and comparable. This list is de-duplicated. - -```ruby -# We had a bad Monday -describe habitat_services do - its('releases') { should_not include '20180325000000' } -end -``` - -### topologies - -Array of strings reflecting the topology of the matched services. Values include `standalone` and `leader` (for leader-follower). See [the Habitat docs](https://www.habitat.sh/docs/using-habitat/#topologies) for implications of these values. This list is de-duplicated. - -```ruby -describe habitat_services do - its('topologies') { should_not include 'standalone' } -end -``` - -### update_strategies - -Array of strings reflecting how the software package backing the services that matched the filter should be updated. Values include `none`, `rolling`, and `at-once`. See [the Habitat docs](https://www.habitat.sh/docs/using-habitat/#using-updates) for implications of these values. This list is de-duplicated. - -Requires API connection; not available (never matches) via CLI. - -```ruby -# No YOLO -describe habitat_services do - its('update_strategies') { should_not include 'at-once' } -end -``` - -## Matchers - -Use [matchers](/inspec/glossary/#matcher) to create tests that test a true or false question. - -InSpec includes a number of [universal matchers](/inspec/matchers/). - -This resource does not define any resource-specific matchers. diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/config.toml b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/config.toml deleted file mode 100644 index 1342f96260..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[params.inspec-k8s] -gh_path = "https://github.com/inspec/inspec-k8s/tree/main/docs-chef-io/content/" diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_api_resources.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_api_resources.md deleted file mode 100644 index 91a8f73e7e..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_api_resources.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "k8s_api_resources resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_api_resources" -identifier = "inspec/resources/k8s/K8s API Resources" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_api_resources` Chef InSpec audit resource to test the configurations of all resources under the specified API. - -## Installation - -## Syntax - -```ruby -describe k8s_api_resources(api: 'apps/v1') do - it { should exist } - its('name') { should include 'daemonsets' } - its('singularName') { should include '' } - its('namespaced') { should include true } - its('group') { should include 'autoscaling' } - its('version') { should include 'v1' } - its('kind') { should include 'DaemonSet' } - its('shortNames') { should include 'ds' } - its('categories') { should include 'all' } -end -``` - -## Parameter - -`api` -: API available for Kubernetes (default is **v1**). - -## Properties - -`name` -: Name of the resource available under the specified API. - -`singularName` -: Singular name of the resource available under the specified API. - -`namespaced` -: returns a boolean value if the resources under the api is namespaced. - -`group` -: group of the resources under the specified API. - -`version` -: version of the specified API. - -`shortNames` -: Short names for resources under the specified API. - -`categories` -: Categories for resources under the specified API. - -`kind` -: Type of resources under the specified API. - -## Examples - -### Resources under default API must exist - -```ruby -describe k8s_api_resources do - it { should exist } - its('kind') { should include 'ConfigMap' } -end -``` - -### Resources under specified API must exist and test its properties - -```ruby -describe k8s_api_resources(api: 'apps/v1') do - it { should exist } - its('name') { should include 'daemonsets' } - its('singularName') { should include '' } - its('namespaced') { should include true } - its('group') { should include 'autoscaling' } - its('version') { should include 'v1' } - its('kind') { should include 'DaemonSet' } - its('shortNames') { should include 'ds' } - its('categories') { should include 'all' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_config_map.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_config_map.md deleted file mode 100644 index 2f175bd21f..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_config_map.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "k8s_config_map resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_config_map" -identifier = "inspec/resources/k8s/K8s Config Map" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_config_map` Chef InSpec audit resource to test the configuration of a specific Configuration Maps in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_config_maps(namespace: "NAMESPACE", name: "NAME") do - #... -end -``` - -## Parameters - -`namespace` -: Namespace of the resource. - -## Properties - -`uid` -: UID of the resource. - -`name` -: Name of the resource. - -`namespace` -: Namespace of the resource. - -`resource_version` -: Resource version of the resource. - -`kind` -: Resource type. - -`metadata` -: Metadata for the resource. - -## Examples - -### Configuration map for default namespace must exist - -```ruby - describe k8s_config_map(name: 'NAME') do - it { should exist } -end -``` - -### Configuration map for specified namespace must exist - -```ruby -describe k8s_config_map(namespace: 'NAMESPACE', name: 'NAME') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_config_maps.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_config_maps.md deleted file mode 100644 index f8a0b3ce23..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_config_maps.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "k8s_config_maps resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_config_maps" -identifier = "inspec/resources/k8s/K8s Config Maps" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_config_maps` Chef InSpec audit resource to test all the Configuration Maps in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_config_maps do - #... -end -``` - -## Parameters - -`namespace` -: Namespace of the resource. - -## Properties - -`uid` -: UID of the resource. - -`name` -: Name of the resource. - -`namespace` -: Namespace of the resource. - -`resource_version` -: Resource version of the resource. - -`kind` -: Resource type. - -`metadata` -: Metadata for the resource. - -## Examples - -### Configuration maps for default namespace must exist - -```ruby - describe k8s_config_maps do - it { should exist } -end -``` - -### Configuration maps must exists for specified namespace - -```ruby -describe k8s_config_maps(namespace: 'kube-system') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_container.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_container.md deleted file mode 100644 index 0feeaec5db..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_container.md +++ /dev/null @@ -1,98 +0,0 @@ -+++ -title = "k8s_container resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_container" -identifier = "inspec/resources/k8s/K8s Container" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_container` Chef InSpec audit resource to test the configuration of a specific Container in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_container(namespace: "NAMESPACE", pod_name: 'POD_NAME', name: "NAME") do - #... -end -``` - -## Parameter - -`namespace` -: Namespace of the resource. - -`pod_name` -: Pod Name of the resource - -`container_name` -: Container Name of the resource - -## Properties - -`name` -: Name of the Container. - -`image` -: Container image name. - -`command` -: Entrypoint array. - -`arg` -: Arguments to the entrypoint. - -`resource` -: Compute Resources required by this container. - -`volumeMount` -: Pod volumes to mount into the container's filesystem - -`livenessProbe` -: Periodic probe of container liveness - -`readinessProbe` -: Periodic probe of container service readiness - -`imagePullPolicy` -: Image pull policy, One of Always, Never, IfNotPresent - -`securityContext` -: Security options the pod should run with - -## Examples - -### Container for default namespace must exist - -```ruby - describe k8s_container(pod_name: 'POD_NAME', name: 'NAME') do - it { should exist } -end -``` - -### Container for a specified namespace must exist - -```ruby -describe k8s_container(namespace: 'NAMESPACE', name: 'NAME', pod_name: 'POD_NAME') do - it { should exist } -end -``` - -### Check for presence of specific commands in Entrypoint array - -```ruby - describe k8s_container(pod_name: 'POD_NAME', name: 'NAME') do - it { should_have_command?('COMMAND') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_containers.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_containers.md deleted file mode 100644 index daf4a2bff3..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_containers.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "k8s_containers resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_containers" -identifier = "inspec/resources/k8s/K8s Containers" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_containers` Chef InSpec audit resource to test the configurations of all Containers in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_containers do - #... -end -``` - -## Parameter - -`namespace` -: Namespace of the resource. - -## Properties - -`names` -: Name of the Container. - -`images` -: Container image name. - -`commands` -: Entrypoint array. - -`args` -: Arguments to the entrypoint. - -`resources` -: Compute Resources required by this container. - -`volumeMounts` -: Pod volumes to mount into the container's filesystem - -`livenessProbes` -: Periodic probe of container liveness - -`readinessProbes` -: Periodic probe of container service readiness - -`imagePullPolicies` -: Image pull policy, One of Always, Never, IfNotPresent - -`securityContexts` -: Security options the pod should run with - -## Examples - -### Containers for default namespace must exist - -```ruby - describe k8s_containers do - it { should exist } -end -``` - -### Containers for specified namespace must exist - -```ruby -describe k8s_containers(namespace: 'kube-system') do - it { should exist } -end -``` - -### Containers with readOnlyRootFilesystem exists - -```ruby -describe k8s_containers(namespace: 'kube-system').where{ securityContext && securityContext[:readOnlyRootFilesystem] == true } do - it { should exist } -end - -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_cronjob.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_cronjob.md deleted file mode 100644 index 246bec988e..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_cronjob.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "k8s_cronjob resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_cronjob" -identifier = "inspec/resources/k8s/K8s Cronjob" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_cronjob` Chef InSpec audit resource to test the configuration of a specific CronJob in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_cronjob(name: 'hello') do - it { should exist } -end -``` - -## Parameter - -`name` -: Name of the CronJob. - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uid` -: UID of the CronJob. - -`name` -: Name of the CronJob. - -`namespace` -: Namespace of the CronJob. - -`resource_version` -: Resource version of the Cronjob. This is an alias of `resourceVersion`. - -`labels` -: Labels associated with the CronJob. - -`annotations` -: Annotations associated with the CronJob. - -`kind` -: Resource type of the CronJob. - -`creation_timestamp` -: Creation time of the CronJob. This is an alias of `creationTimestamp`. - -`metadata` -: Metadata for the CronJob. - -## Examples - -### Cronjob for default namespace must exist and test its properties - -```ruby -describe k8s_cronjob(name: 'HELLO') do - it { should exist } - its('uid') { should eq '378c1a39-cddc-4df6-bf5a-593779eb26fc' } - its('resource_version') { should eq '70517' } - its('labels') { should be_empty } - its('annotations') { should_not be_empty } - its('name') { should eq 'HELLO' } - its('namespace') { should eq 'default' } - its('kind') { should eq 'CronJob' } - its('creationTimestamp') { should eq '2022-07-27T12:54:44Z' } - its('metadata') { should_not be_nil } -end -``` - -### Cronjob for a specified namespace must exist - -```ruby -describe k8s_cronjob(name: 'HELLO-WORLD', namespace: 'Namespace') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_cronjobs.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_cronjobs.md deleted file mode 100644 index 5f362589f6..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_cronjobs.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "k8s_cronjobs resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_cronjobs" -identifier = "inspec/resources/k8s/K8s Cronjobs" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_cronjobs` Chef InSpec audit resource to test the configurations of all CronJobs in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_cronjobs do - it { should exist } -end -``` - -## Parameter - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uids` -: UID of the CronJobs. - -`names` -: Name of the CronJobs. - -`namespaces` -: Namespace of the CronJobs. - -`resource_versions` -: Resource version of the CronJobs. - -`labels` -: Labels associated with the CronJobs. - -`annotations` -: Annotations associated with the CronJobs. - -`kinds` -: Resource type of the CronJobs. - -## Examples - -### Cronjobs for default namespace must exist and test its properties - -```ruby -describe k8s_cronjobs do - it { should exist } - its('names') { should include 'HELLO' } - its('uids') { should include '378c1a39-cddc-4df6-bf5a-593779eb26fc' } - its('namespaces') { should include 'default' } - its('resource_versions') { should include '70517' } - its('kinds') { should include 'CronJob' } - its('labels') { should be_empty } - its('annotations') { should_not be_empty } -end -``` - -### Cronjobs for specified namespace must exist - -```ruby -describe k8s_cronjobs(namespace: 'Namespace') do - it { should exist } - its('names') { should include 'HELLO-WORLD' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_daemon_set.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_daemon_set.md deleted file mode 100644 index 6bd190ccd9..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_daemon_set.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "k8s_daemon_set resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_daemon_set" -identifier = "inspec/resources/k8s/K8s DaemonSet" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_daemon_set` Chef InSpec audit resource to test the configuration of a specific DaemonSet in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_daemon_set(namespace: 'kube-system', name: 'fluentd-elasticsearch') do - it { should exist } -end -``` - -## Parameter - -`name` -: Name of the DaemonSet. - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uid` -: UID of the DaemonSet. - -`name` -: Name of the DaemonSet. - -`namespace` -: Namespace of the DaemonSet. - -`resource_version` -: Resource version of the DaemonSet. This is an alias of `resourceVersion`. - -`labels` -: Labels associated with the DaemonSet. - -`annotations` -: Annotations associated with the DaemonSet. - -`kind` -: Resource type of the DaemonSet. - -`creation_timestamp` -: Creation time of the DaemonSet. This is an alias of `creationTimestamp`. - -`metadata` -: Metadata for the DaemonSet. - -## Examples - -### DaemonSet for default namespace must exist and test its properties - -```ruby -describe k8s_daemon_set(name: 'fluentd-elasticsearch') do - it { should exist } - its('uid') { should eq '406b569d-d4f9-4537-b047-cf35b00e88b4' } - its('resource_version') { should eq '101377' } - its('labels') { should eq 'k8s-app':'fluentd-logging' } - its('annotations') { should_not be_empty } - its('name') { should eq 'fluentd-elasticsearch' } - its('namespace') { should eq 'default' } - its('kind') { should eq 'DaemonSet' } - its('creation_timestamp') { should eq '2022-07-31T16:41:21Z' } -end -``` - -### DaemonSet for a specified namespace must exist - -```ruby -describe k8s_daemon_set(namespace: 'kube-system', name: 'fluentd-elasticsearch') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_daemon_sets.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_daemon_sets.md deleted file mode 100644 index 5387277b5d..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_daemon_sets.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "k8s_daemon_sets resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_daemon_sets" -identifier = "inspec/resources/k8s/K8s DaemonSets" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_daemon_sets` Chef InSpec audit resource to test the configurations of all DaemonSets in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_daemon_sets(namespace: 'kube-system') do - it { should exist } -end -``` - -## Parameter - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uids` -: UID of the DaemonSets. - -`names` -: Name of the DaemonSets. - -`namespaces` -: Namespace of the DaemonSets. - -`resource_versions` -: Resource version of the DaemonSets. - -`labels` -: Labels associated with the DaemonSets. - -`annotations` -: Annotations associated with the DaemonSets. - -`kinds` -: Resource type of the DaemonSets. - -## Examples - -### DaemonSets for default namespace must exist - -```ruby -describe k8s_daemon_sets do - it { should exist } - its('names') { should include 'fluentd-elasticsearch' } -end -``` - -### DaemonSets for specified namespace must exist and test its properties - -```ruby -describe k8s_daemon_sets(namespace: 'kube-system') do - it { should exist } - its('names') { should include 'fluentd-elasticsearch' } - its('resource_versions') { should include '101377' } - its('labels') { should include 'k8s-app':'fluentd-logging' } - its('annotations') { should_not be_empty } - its('uids') { should include '406b569d-d4f9-4537-b047-cf35b00e88b4' } - its('namespaces') { should include 'kube-system' } - its('kinds') { should include 'DaemonSet' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_deployment.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_deployment.md deleted file mode 100644 index 49ac4ef355..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_deployment.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "k8s_deployment resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_deployment" -identifier = "inspec/resources/k8s/K8s Deployment" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_deployment` Chef InSpec audit resource to test the configuration of a specific Deployment in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_deployment(name: 'coredns', namespace: 'kube-system') do - it { should exist } -end -``` - -## Parameter - -`name` -: Name of the Deployment. - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uid` -: UID of the Deployment. - -`name` -: Deployment name. - -`namespace` -: Namespace of the Deployment. - -`resource_version` -: Resource version of the Deployment. This is an alias of `resourceVersion`. - -`labels` -: Labels associated with the Deployment. - -`annotations` -: Annotations associated with the Deployment. - -`kind` -: Resource type of the Deployment. - -`creation_timestamp` -: Creation time of the Deployment. This is an alias of `creationTimestamp`. - -`metadata` -: Metadata for the Deployment. - -## Examples - -### Deployment for default namespace must exist and test its properties - -```ruby -describe k8s_deployment(name: 'NEW-DEPLOYMENT') do - it { should exist } - its('uid') { should eq 'e948355b-adc2-4db8-af16-34f5aa38d6ec' } - its('resource_version') { should eq '8107' } - its('labels') { should eq :app=>'NEW-DEPLOYMENT' } - its('annotations') { should_not be_empty } - its('name') { should eq 'NEW-DEPLOYMENT' } - its('namespace') { should eq 'default' } - its('kind') { should eq 'DEPLOYMENT' } - its('creation_timestamp') { should eq '2022-07-21T18:54:43Z' } - its('metadata') { should_not be_nil } -end -``` - -### Deployment for a specified namespace must exist - -```ruby -describe k8s_deployment(namespace: 'kube-system', name: 'coredns') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_deployments.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_deployments.md deleted file mode 100644 index 807749c69f..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_deployments.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "k8s_deployments resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_deployments" -identifier = "inspec/resources/k8s/K8s Deployments" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_deployments` Chef InSpec audit resource to test the configurations of all Deployments in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_deployments(namespace: 'kube-system') do - it { should exist } -end -``` - -## Parameter - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uids` -: UID of the Deployments. - -`names` -: Name of the Deployments. - -`namespaces` -: Namespace of the Deployments. - -`resource_versions` -: Resource version of the Deployments. - -`labels` -: Labels associated with the Deployments. - -`annotations` -: Annotations associated with the Deployments. - -`kinds` -: Resource type of the Deployments. - -## Examples - -### Deployments for the default namespace must exist - -```ruby -describe k8s_deployments do - it { should exist } - its('names') { should include 'nginx-deployment' } -end -``` - -### Deployments for specified namespace must exist and test its properties - -```ruby -describe k8s_deployments(namespace: 'kube-system') do - it { should exist } - its('uids') { should include 'eeb07afc-2f45-4d52-9fda-aa362f7c536c' } - its('resource_versions') { should include '7944' } - its('labels') { should include :'k8s-app' => 'kube-dns' } - its('annotations') { should_not be_empty } - its('names') { should include 'coredns' } - its('namespaces') { should include 'kube-system' } - its('kinds') { should include 'DEPLOYMENT' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_exec_file.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_exec_file.md deleted file mode 100644 index 3005a89ebd..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_exec_file.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "k8s_exec_file resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_exec_file" -identifier = "inspec/resources/k8s/K8s Exec File" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_exec_file` Chef InSpec audit resource to test the properties of all files within in a pod/container. - -## Installation - -## Syntax - -```ruby -describe k8s_exec_file(path: '/etc/e2scrub.conf', pod: 'shell-demo', namespace: 'default') do - it { should exist } -end -``` - -## Parameter - -`namespace` -: Namespace of the resource (default: **default**). - -`pod` -: Name of the pod - -`path` -: Fully Qualified path of the file - -`container` -: Name of the container - -## Properties - -`content` -: content of the files. - -`size` -: size of the file. - -`basename` -: basename of the file. - -`owner` -: owner of the file. - -`group` -: File group. - -`type` -: file type. - -`symlink` -: symlink directory - -`mode` -: file mode - -`uid` -: UID of the file - -## Examples - -### Check if path exists and it is a file - -```ruby -describe k8s_exec_file(path: '/etc/e2scrub.conf', pod: 'shell-demo', namespace: 'default') do - it { should exist } - it { should be_file } -end -``` - -### check if we have full rights on the file - -```ruby -describe k8s_exec_file(path: '/etc/e2scrub.conf', pod: 'shell-demo', namespace: 'default') do - it { should exist } - it { should be_file } - it { should be_readable } - it { should be_writable } - it { should be_executable.by_user('root') } - it { should be_owned_by 'root' } - its('mode') { should cmp '0644' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_job.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_job.md deleted file mode 100644 index 43168a24c5..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_job.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "k8s_job resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_job" -identifier = "inspec/resources/k8s/K8s Job" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_job` Chef InSpec audit resource to test the configuration of a specific Job in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_job(name: 'HELLO') do - it { should exist } -end -``` - -## Parameter - -`name` -: Name of the Job. - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uid` -: UID of the Job. - -`name` -: Name of the Job. - -`namespace` -: Namespace of the Job. - -`resource_version` -: Resource version of the Job. This is an alias of `resourceVersion`. - -`labels` -: Labels associated with the Job. - -`annotations` -: Annotations associated with the Job. - -`kind` -: Resource type of the Job. - -`creation_timestamp` -: Creation time of the Job. This is an alias of `creationTimestamp`. - -`metadata` -: Metadata for the Job. - -## Examples - -### Job for default namespace must exist and test its properties - -```ruby -describe k8s_job(name: 'pi') do - it { should exist } - its('uid') { should eq 'a31e4d72-816d-4678-8cda-34973bc7808b' } - its('resource_version') { should eq '818' } - its('labels') { should_not be_empty } - its('annotations') { should_not be_empty } - its('name') { should eq 'pi' } - its('namespace') { should eq 'default' } - its('kind') { should eq 'JOB' } - its('creation_timestamp') { should eq '2022-08-02T12:05:40Z' } -end -``` - -### Job for a specified namespace must exist - -```ruby -describe k8s_job(name: 'HELLO-WORLD', namespace: 'Namespace') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_jobs.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_jobs.md deleted file mode 100644 index b6922d1248..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_jobs.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "k8s_jobs resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_jobs" -identifier = "inspec/resources/k8s/K8s Jobs" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_jobs` Chef InSpec audit resource to test the configurations of all Jobs in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_jobs do - it { should exist } -end -``` - -## Parameter - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uids` -: UID of the Jobs. - -`names` -: Name of the Jobs. - -`namespaces` -: Namespace of the Jobs. - -`resource_versions` -: Resource version of the Jobs. - -`labels` -: Labels associated with the Jobs. - -`annotations` -: Annotations associated with the Jobs. - -`kinds` -: Resource type of the Jobs. - -## Examples - -### Jobs for default namespace must exist and test its properties - -```ruby -describe k8s_jobs do - it { should exist } - its('names') { should include 'HELLO' } - its('uids') { should include '378c1a39-cddc-4df6-bf5a-593779eb26fc' } - its('namespaces') { should include 'default' } - its('resource_versions') { should include '70517' } - its('kinds') { should include 'JOB' } - its('labels') { should_not be_empty } - its('annotations') { should_not be_empty } -end -``` - -### Jobs for specified namespace must exist - -```ruby -describe k8s_jobs(namespace: 'Namespace') do - it { should exist } - its('names') { should include 'HELLO-WORLD' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_namespace.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_namespace.md deleted file mode 100644 index 532bc59e30..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_namespace.md +++ /dev/null @@ -1,73 +0,0 @@ -+++ -title = "k8s_namespace resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_namespace" -identifier = "inspec/resources/k8s/K8s Namespace" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_namespace` Chef InSpec audit resource to test the configuration of a specific namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_namespace(name: 'default') do - it { should exist } -end -``` - -## Parameter - -`name` -: Name of the namespace. - -## Properties - -`uid` -: UID of the namespace. - -`name` -: Name of the namespace. - -`resource_version` -: Resource version of the namespace. This is an alias of `resourceVersion`. - -`labels` -: Labels associated with the namespace. - -`kind` -: Resource type of the namespace. - -`creation_timestamp` -: Creation time of the namespace. This is an alias of `creationTimestamp`. - -`metadata` -: Metadata for the namespace. - -## Examples - -### Specified namespace must exist and test its properties - -```ruby -describe k8s_namespace(name: 'kube-node-lease') do - it { should exist } - its('uid') { should eq '5ed76d62-838b-45cb-b41f-789b567a2fa2' } - its('name') { should eq 'kube-node-lease' } - its('kind') { should eq 'Namespace' } - its('resource_version') { should eq '6' } - its('creationTimestamp') { should eq '2022-07-21T10:47:49Z' } - its('labels') { should eq 'kubernetes.io/metadata.name': 'kube-node-lease' } - its('metadata') { should_not be_nil } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_namespaces.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_namespaces.md deleted file mode 100644 index 749bb0553b..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_namespaces.md +++ /dev/null @@ -1,61 +0,0 @@ -+++ -title = "k8s_namespaces resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_namespaces" -identifier = "inspec/resources/k8s/K8s Namespaces" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_namespaces` Chef InSpec audit resource to test the configurations of all namespaces. - -## Installation - -## Syntax - -```ruby -describe k8s_namespaces do - it { should exist } - its('names') { should include 'DEFAULT' } -end -``` - -## Properties - -`uids` -: UID of the namespaces. - -`names` -: Name of the namespaces. - -`resource_versions` -: Resource version of the namespaces. - -`labels` -: Labels associated with the namespaces. - -`kinds` -: Resource type of the namespaces. - -## Examples - -### Namespaces must exist and test their properties - -```ruby -describe k8s_namespaces do - it { should exist } - its('uids') { should include '5ed76d62-838b-45cb-b41f-789b567a2fa2' } - its('names') { should include 'default' } - its('resource_versions') { should include '6' } - its('kinds') { should include 'Namespace' } - its('labels') { should include 'kubernetes.io/metadata.name': 'default' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_network_policies.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_network_policies.md deleted file mode 100644 index 75c1e72220..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_network_policies.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "k8s_network_policies resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_network_policies" -identifier = "inspec/resources/k8s/K8s NetworkPolicies" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_network_policies` Chef InSpec audit resource to test the configurations of all network policies in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_network_policies do - it { should exist } - its('names') { should include 'Network-Policy' } -end -``` - -## Parameter - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uids` -: UID of the network policies. - -`names` -: Name of the network policies. - -`namespaces` -: Namespace of the network policies. - -`resource_versions` -: Resource version of the network policies. - -`labels` -: Labels associated with the network policies. - -`annotations` -: Annotations associated with the network policies. - -`kinds` -: Resource type of the network policies. - -## Examples - -### Network policies for default namespace must exist - -```ruby -describe k8s_network_policies do - it { should exist } - its('names') { should include 'Network-Policy' } -end -``` - -### Network policies for specified namespace must exist and test its properties - -```ruby -describe k8s_network_policies(namespace: 'NAMESPACE') do - it { should exist } - its('names') { should include 'Network-Policy' } - its('uids') { should include '0beb1fc6-8af7-4607-b3c0-2bff65d4abd6' } - its('resource_versions') { should include '129558' } - its('labels') { should_not be_empty } - its('annotations') { should_not be_empty } - its('namespaces') { should include 'Namespace' } - its('kinds') { should include 'Network-Policy' } - its('metadata') { should_not be_nil } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_network_policy.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_network_policy.md deleted file mode 100644 index dcce6eb385..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_network_policy.md +++ /dev/null @@ -1,93 +0,0 @@ -+++ -title = "k8s_network_policy resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_network_policy" -identifier = "inspec/resources/k8s/K8s Network Policy" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_network_policy` Chef InSpec audit resource to test the configuration of a specific network policy in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_network_policy(name: 'coredns', namespace: 'kube-system') do - it { should exist } -end -``` - -## Parameter - -`name` -: Name of the network policy. - -`namespace` -: Namespace of the resource (default: **default**). - -## Properties - -`uid` -: UID of the network policy. - -`name` -: Name of the network policy. - -`namespace` -: Namespace of the network policy. - -`resource_version` -: Resource version of the network policy. This is an alias of `resourceVersion`. - -`labels` -: Labels associated with the network policy. - -`annotations` -: Annotations associated with the network policy. - -`kind` -: Resource type of the network policy. - -`creation_timestamp` -: Creation time of the network policy. This is an alias of `creationTimestamp`. - -`metadata` -: Metadata for the network policy. - -## Examples - -### Network policy for default namespace must exist and test its properties - -```ruby -describe k8s_network_policy(name: "TEST-NETWORK-POLICY") do - it { should exist } - its('uid') { should eq '0beb1fc6-8af7-4607-b3c0-2bff65d4abd6' } - its('resource_version') { should eq '129558' } - its('labels') { should be_empty } - its('annotations') { should_not be_empty } - its('name') { should eq 'Network-Policy' } - its('namespace') { should eq 'default' } - its('kind') { should eq 'Network-Policy' } - its('creation_timestamp') { should eq '2022-08-02T09:47:56Z' } - its('metadata') { should_not be_nil } -end -``` - -### Network Policy for a specified namespace must exist - -```ruby -describe k8s_network_policy(namespace: 'Namespace', name: 'Network-Policy') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_node.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_node.md deleted file mode 100644 index b2bc11fd45..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_node.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "k8s_node resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] - [menu.inspec] - title = "k8s_node" - identifier = "inspec/resources/k8s/K8s Node" - parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_node` Chef InSpec audit resource to test the configuration of the K8s node. - -## Installation - -## Syntax - -```ruby -describe k8s_node(name: "NAME") do - #... -end -``` - -## Parameters - -`name` -: Node name. - -## Properties - -`uid` -: UID of the node. - -`kind` -: Resource type of the node. - -`resource_version` -: Resource version of the node. - -`labels` -: Labels attached to the node. - -`annotations` -: Annotations of the node. - -## Examples - -### Test to verify that the node with the specified name exists - -```ruby -describe k8s_node(name: "NODE_NAME") do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### have_label - -The `have_label` matcher verifies if the specified key and value are present in the node labels. - -```ruby -it { should have_label('foo', 'bar') } -``` - -### have_annotation - -The `have_annotation` matcher verifies if the specified key and value are present in the node annotations. - -```ruby -it { should have_annotation('foo', 'bar') } -``` diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_nodes.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_nodes.md deleted file mode 100644 index a713e882fd..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_nodes.md +++ /dev/null @@ -1,54 +0,0 @@ -+++ -title = "k8s_nodes resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_nodes" -identifier = "inspec/resources/k8s/K8s Nodes" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_nodes` Chef InSpec audit resource to test the configuration of all nodes. - -## Installation - -## Syntax - -```ruby -describe k8s_nodes do - #... -end -``` - -## Properties - -`uids` -: UID of the nodes. - -`names` -: Name of the nodes. - -`resource_versions` -: Resource version of the nodes. - -`kinds` -: Resource type of the nodes. - -## Examples - -### Test to verify nodes include a node with a specified name and UID - -```ruby - describe k8s_nodes do - it { should exist } - its('names') { should include 'NODE_NAME' } - its('uids') { should include 'NODE_UID' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_object.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_object.md deleted file mode 100644 index d2116e7f60..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_object.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "k8sobject resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] - [menu.inspec] - title = "k8sobject" - identifier = "inspec/resources/k8s/K8s Object" - parent = "inspec/resources/k8s" -+++ - - -Use the `k8sobject` Chef InSpec audit resource is a generic InSpec resource to test any Kubernetes object. - -## Installation - -## Syntax - -```ruby -describe k8sobject(type: K8s_RESOURCE_TYPE, namespace: NAMESPACE, name: RESOURCE_NAME) do - #... -end -``` - -## Parameters - -`type` -: type of the K8s resource that is for a query. - -`namespace` -: namespace of the resource. - -`name` -: Name of the resource. - -## Properties - -`uid` -: UID of the resource. - -`name` -: Name of the resource. - -`namespace` -: Namespace of the resource. - -`resource_version` -: Resource version of the resource. - -`kind` -: Resource type. - -`metadata` -: Metadata for the resource. - -`labels` -: Labels of the resource. - -`annotations` -: Annotations of the resource. - -## Examples - -### Test to ensure kube-system, kube-public, and default namespaces exist - -```ruby -describe k8sobject(api: 'v1', type: 'namespaces', name: 'kube-system') do - it { should exist } -end -``` - -### Test to ensure kube-system pods exist - -```ruby -k8sobject(api: 'v1', type: 'pods', namespace: 'kube-system', labelSelector: 'k8s-app=kube-proxy') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -### have_label - -The `have_label` matcher verifies if the specified key and value are present in the resource lables. - -```ruby -it { should have_label('foo', 'bar') } -``` - -### have_annotation - -The `have_annotation` matcher verifies if the specified key and value are present in the resource annotations. - -```ruby -it { should have_annotation('foo', 'bar') } -``` \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_objects.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_objects.md deleted file mode 100644 index 963b016b89..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_objects.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "k8sobjects resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8sobjects" -identifier = "inspec/resources/k8s/K8s Objects" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8sobjects` Chef InSpec audit resource to test the configuration of all K8s resources. - -## Installation - -## Syntax - -```ruby -describe k8sobjects(type: K8s_RESOURCE_TYPE, namespace: NAMESPACE, name: RESOURCE_NAME) do - #... -end -``` - -## Parameters - -`type` -: type of the K8s resource that is for a query. - -`namespace` -: namespace of the resource. - -## Properties - -`uids` -: UID of the resource. - -`names` -: Name of the resource. - -`namespaces` -: Namespace of the resource. - -`resource_versions` -: Resource version of the resource. - -`kinds` -: Resource type. - -`metadatas` -: Metadata for the resource. - -## Examples - -### Test to ensure kube-system, kube-public, and default namespaces exist - -```ruby - describe k8sobjects(api: 'v1', type: 'namespaces', name: 'kube-system') do - it { should exist } -end -``` - -### Test to ensure kube-system pods exist - -```ruby -k8sobjects(api: 'v1', type: 'pods', namespace: 'kube-system', labelSelector: 'k8s-app=kube-proxy') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_pod.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_pod.md deleted file mode 100644 index 0307e37117..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_pod.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "k8s_pod resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_pod" -identifier = "inspec/resources/k8s/K8s Pod" -parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_pod` Chef InSpec audit resource to test the configuration of a specific Pod in the specified namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_pod(namespace: "NAMESPACE", name: "NAME") do - #... -end -``` - -## Parameter - -`namespace` -: Namespace of the resource. - -## Properties - -`uid` -: UID of the Pod. - -`name` -: Name of the Pod. - -`namespace` -: Namespace of the Pod. - -`resource_version` -: Resource version of the Pod. - -`kind` -: Resource type of the Pod. - -`metadata` -: Metadata for the Pod. - -## Examples - -### Pod for default namespace must exist - -```ruby - describe k8s_pod(name: 'NAME') do - it { should exist } -end -``` - -### Pod for a specified namespace must exist - -```ruby -describe k8s_pod(namespace: 'NAMESPACE', name: 'NAME') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_pods.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_pods.md deleted file mode 100644 index 5f00286240..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_pods.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "k8s_pods resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] -[menu.inspec] -title = "k8s_pods" -identifier = "inspec/resources/k8s/K8s Pods" -parent = "inspec/resources/k8s" -+++ - -Use the `k8s_pods` Chef InSpec audit resource to test the configurations of all Pods in a namespace. - -## Installation - -## Syntax - -```ruby -describe k8s_pods do - #... -end -``` - -## Parameter - -`namespace` -: Namespace of the resource. - -## Properties - -`uid` -: UID of the Pod. - -`name` -: Name of the Pod. - -`namespace` -: Namespace of the Pod. - -`resource_version` -: Resource version of the Pod. - -`kind` -: Resource type of the Pod. - -`metadata` -: Metadata for the Pod. - -## Examples - -### Pods for default namespace must exist - -```ruby - describe k8s_pods do - it { should exist } -end -``` - -### Pods for specified namespace must exist - -```ruby -describe k8s_pods(namespace: 'kube-system') do - it { should exist } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_rbac_cluster_role.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_rbac_cluster_role.md deleted file mode 100644 index d33a065d99..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_rbac_cluster_role.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "k8s_rbac_cluster_role resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] - [menu.inspec] - title = "k8s_rbac_cluster_role" - identifier = "inspec/resources/k8s/K8s Rbac Cluster Role" - parent = "inspec/resources/k8s" -+++ - - -Use the `k8s_rbac_cluster_role` Chef InSpec audit resource to test the Role-based access control (RBAC) cluster role settings. - -## Installation - -## Syntax - -```ruby -describe k8s_rbac_cluster_role(name: "NAME") do - #... -end -``` - -## Parameters - -`name` -: Cluster role name. - -## Properties - -`uid` -: UID of the cluster role. - -`kind` -: Resource type of the cluster role. - -`resource_version` -: Resource version of the cluster role. - -`labels` -: Labels attached to the cluster role. - -`annotations` -: Annotations of the cluster role. - -`rules` -: List of rules set for the cluster role. - -`aggregation_rule` -: Aggregation rule set for the cluster role. - -`cluster_role_selectors` -: List of aggregation rule cluster role selectors set for the cluster role. - -`metadata` -: Metadata of the cluster role. - -`creation_timestamp` -: Creation timestamp of the cluster role. - -## Examples - -### Test to verify that the RBAC cluster role with the specified name exists - -```ruby -describe k8s_rbac_cluster_role(name: "CLUSTER_ROLE_NAME") do - it { should exist } -end -``` - -### Test to verify rules set for the specified cluster role - -```ruby -describe k8s_rbac_cluster_role(name: "pod-reader") do - it { should exist } - its('rules') { should include apiGroups: [""], resources: ["pods"], verbs: ["get", "list", "watch"] } -end -``` - -### Test to verify aggregation rule is not empty and cluster role selectors have the specified value - -```ruby -describe k8s_rbac_cluster_role(name: "monitoring") do - its("aggregation_rule") { should_not be_empty } - its("cluster_role_selectors") { should include matchLabels: { "rbac.example.com/aggregate-to-monitoring": "true" } } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_rbac_cluster_roles.md b/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_rbac_cluster_roles.md deleted file mode 100644 index 698a136221..0000000000 --- a/_vendor/github.com/inspec/inspec-k8s/docs-chef-io/content/inspec/resources/k8s_rbac_cluster_roles.md +++ /dev/null @@ -1,87 +0,0 @@ -+++ -title = "k8s_rbac_cluster_roles resource" -draft = false -gh_repo = "inspec" -platform = "k8s" - -[menu] - [menu.inspec] - title = "k8s_rbac_cluster_roles" - identifier = "inspec/resources/k8s/K8s Rbac Cluster Roles" - parent = "inspec/resources/k8s" -+++ - -Use the `k8s_rbac_cluster_roles` Chef InSpec audit resource to test all the Role-based access control (RBAC) cluster roles. - -## Installation - -## Syntax - -```ruby -describe k8s_rbac_cluster_roles do - #... -end -``` - -## Properties - -`uids` -: UID of the cluster roles. - -`kinds` -: Resource type of the cluster roles. - -`resource_versions` -: Resource version of the cluster roles. - -`labels` -: Labels attached to the cluster roles. - -`annotations` -: Annotations of the cluster roles. - -`rules` -: List of rules set for the cluster roles. - -`aggregation_rules` -: Aggregation rule set for the cluster roles. - -`cluster_role_selectors` -: List of aggregation rule cluster role selectors set for the cluster roles. - -`metadata` -: Metadata of the cluster roles. - -`creation_timestamps` -: Creation timestamp of the cluster roles. - -## Examples - -### Test to verify that the RBAC cluster roles - -```ruby -describe k8s_rbac_cluster_roles do - it { should exist } -end -``` - -### Test to verify rules set for the specified cluster role - -```ruby -describe k8s_rbac_cluster_roles do - its('rules') { should include apiGroups: [''], resources: ['pods'], verbs: ['get', 'list', 'watch'] } -end -``` - -### Test to verify aggregation rules and aggregation rule cluster role selectors - -```ruby -describe k8s_rbac_cluster_roles do - its("aggregation_rules") { should_not be_empty } - its("cluster_role_selectors") { should include matchLabels: { "rbac.example.com/aggregate-to-monitoring": 'true' } } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/config.toml b/_vendor/github.com/inspec/inspec/docs-chef-io/config.toml deleted file mode 100644 index 54d6eb3ba0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/config.toml +++ /dev/null @@ -1,98 +0,0 @@ -[params.inspec] -gh_path = "https://github.com/inspec/inspec/tree/main/docs-chef-io/content/" - -#### -# Chef InSpec Menu -#### - -[[menu.inspec]] -title = "Chef InSpec" -identifier = "inspec" - - [[menu.inspec]] - title = "Install" - identifier = "inspec/install" - parent = "inspec" - weight = 20 - - [[menu.inspec]] - title = "Profiles" - identifier = "inspec/profiles" - parent = "inspec" - weight = 40 - - [[menu.inspec]] - title = "Cloud Platforms" - identifier = "inspec/cloud" - parent = "inspec" - weight = 50 - - [[menu.inspec]] - title = "Chef Tools" - identifier = "inspec/chef" - parent = "inspec" - weight = 480 - - [[menu.inspec]] - title = "Related Projects" - identifier = "inspec/friends" - parent = "inspec" - weight = 490 - - [[menu.inspec]] - title = "Chef InSpec Reference" - identifier = "inspec/reference" - parent = "inspec" - weight = 500 - - [[menu.inspec]] - title = "Chef InSpec Resources" - identifier = "inspec/resources" - parent = "inspec" - weight = 999 - - [[menu.inspec]] - title = "OS Resources" - identifier = "inspec/resources/os" - parent = "inspec/resources" - weight = 20 - - [[menu.inspec]] - title = "Alibaba Resources" - identifier = "inspec/resources/alicloud" - parent = "inspec/resources" - weight = 25 - - [[menu.inspec]] - title = "AWS Resources" - identifier = "inspec/resources/aws" - parent = "inspec/resources" - weight = 30 - - [[menu.inspec]] - title = "Azure Resources" - identifier = "inspec/resources/azure" - parent = "inspec/resources" - weight = 40 - - [[menu.inspec]] - title = "GCP Resources" - identifier = "inspec/resources/gcp" - parent = "inspec/resources" - weight = 50 - - [[menu.inspec]] - title = "Habitat Resources" - identifier = "inspec/resources/habitat" - parent = "inspec/resources" - weight = 60 - - [[menu.inspec]] - title = "Kubernetes Resources" - identifier = "inspec/resources/k8s" - parent = "inspec/resources" - weight = 70 - -#### -# End Chef InSpec Menu -#### diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md deleted file mode 100644 index 8798dde5f9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "An Overview of Chef InSpec" -draft = false -gh_repo = "inspec" - -[cascade] - product = ["inspec"] - -[menu] - [menu.inspec] - title = "Chef InSpec Overview" - identifier = "inspec/_index.md Chef InSpec Overview" - parent = "inspec" - weight = 10 -+++ - -Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. -It compares the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. -It detects violations and displays findings in the form of a report, but puts you in control of remediation. - -Chef InSpec is a run-time framework and rule language used to specify compliance, security, and policy requirements. -It includes a collection of resources that help you write auditing controls quickly and easily. - -## How does Chef InSpec work? - -Chef InSpec uses profiles to audit infrastructure. An [InSpec profile](/inspec/profiles/) organizes multiple controls into a reusable artifact. -You can describe your profiles with metadata, version them, pin them to specific versions of InSpec, define specific platforms that a profile can test, and define profile dependencies. - -A control defines a regulatory recommendation or requirement for the state of a system. Each profile can have many controls and each control audits different aspects of a system. - -Chef InSpec resources allow you to test specific parts of your infrastructure. -Chef InSpec has {{% inspec/inspec_count_resources %}} [resources](/inspec/resources/) ready to use--from Apache2 to ZFS pool. -This includes resources for testing [AWS, Azure, AliCloud, and GCP cloud infrastructure](/inspec/cloud/), and you can create your own [custom resources](profiles/custom_resources) if we don't have a resource that meets your needs. - -[InSpec reporters](/inspec/reporters/) format and deliver the results of an InSpec audit run. -You can output results to the standard output; to text formats like JSON, HTML, or plain text; or send the results directly to [Chef Automate](/automate/). - -## Use cases - -Run your tests wherever your infrastructure is---locally or in the cloud. -Chef InSpec is designed for platforms and treats operating systems as special cases. -Chef InSpec helps you, whether you use Windows Server on your own hardware or -run Linux in Docker containers in the cloud. As for the cloud, you can use Chef -InSpec to target applications and services running on Alibaba, AWS, Azure, and GCP. - -## Additional Resources - -### Open-source profiles - -The InSpec community created several open-source profiles that are free to use. -Use the `inspec supermarket profiles` command to list the available profiles, or view them in [Chef Supermarket](https://supermarket.chef.io/tools?q=&type=compliance_profile). This includes the [DevSec Hardening Framework](https://dev-sec.io/), a set of server hardening profiles. - -### Premium profiles - -Chef offers [premium CIS- and STIG-based profiles](https://www.chef.io/products/chef-premium-content) for compliance scanning across a range of enterprise assets. - -### Learning - -- [Chef Training](https://www.chef.io/training) -- [Chef InSpec webinars](https://www.chef.io/webinars?products=chef-inspec&page=1) -- [Chef Resource Library](https://www.chef.io/resources?products=chef-inspec&page=1) - -### Community - -- [Chef InSpec on Discourse](https://discourse.chef.io/c/inspec/10) -- [Chef InSpec in the Chef Blog](https://www.chef.io/blog/category/chef-inspec) -- [Chef InSpec Community Resources](https://community.chef.io/tools/chef-inspec) - -### Support - -- [Chef Support](https://www.chef.io/support) -- [Chef Help Center](https://community.progress.com/s/products/chef) - -### GitHub repositories - -- [inspec GitHub organization](https://github.com/inspec) -- [inspec repository](https://github.com/inspec/inspec/) -- [inspec-alicloud repository](https://github.com/inspec/inspec-alicloud/) -- [inspec-aws repository](https://github.com/inspec/inspec-aws/) -- [inspec-azure](https://github.com/inspec/inspec-azure/) -- [inspec-gcp repository](https://github.com/inspec/inspec-gcp/) -- [inspec-k8s repository](https://github.com/inspec/inspec-k8s/) -- [inspec train repository](https://github.com/inspec/train) diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/audit_log.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/audit_log.md deleted file mode 100644 index 7bd2b62d81..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/audit_log.md +++ /dev/null @@ -1,51 +0,0 @@ -+++ -title = "Chef InSpec Audit Log" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Audit Log" - identifier = "inspec/Audit Log" - parent = "inspec" - weight = 60 -+++ - -This page documents Chef InSpec's audit log. This is a preview feature starting in **Chef InSpec 6**. - -The Chef InSpec audit log uses the Train library to capture activity between the scanning workstation and the scanned target environment. - -The InSpec audit log captures the following event types: - -- command events -- file use events - -## Audit log limitations - -The audit log has the following limitations: - -- no support for API activity capture -- limited support for file operations: while file access is captured, specific operations may not be -- inconsistent and opt-in support across Train transports -- limited support for Test Kitchen - -## Enable audit logging - -The audit log is a preview feature in Chef InSpec 6. - -Enable the audit logging by setting an environment variable, `CHEF_PREVIEW_AUDIT_LOGGING` to any non-empty value. The next time you run `inspec exec` or `inspec shell`, InSpec will create a log file at `~/.inspec/logs/inspec-audit-TIMESTAMP-PID.log`. - -## Configure the audit log - -The following options are available inside `inspec exec` and `inspec shell` to configure Chef InSpec's audit log. - -`--audit-log-location=AUDIT_LOG_LOCATION` -: The directory that the audit log saves diagnostic log files to. - - Default: `~/.inspec/logs`. - - InSpec creates log files in the set directory using the following format: `inspec-audit-TIMESTAMP-PID.log`. - -## More information - -For details of the audit log format and implementation, refer to the [Train documentation](https://github.com/inspec/train/blob/main/docs/audit_log.md). diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md deleted file mode 100644 index 4e36d1b28c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md +++ /dev/null @@ -1,1068 +0,0 @@ -+++ -title = "InSpec CLI" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "InSpec Executable" - identifier = "inspec/reference/cli.md InSpec Executable" - parent = "inspec/reference" - weight = 10 -+++ - - - -Use the InSpec Command Line Interface (CLI) to run tests and audits against targets using local, SSH, WinRM, or Docker connections. - -## archive - -Archive a profile to a tar file (default) or zip file. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec archive PATH -``` - -### Options - -This subcommand has the following additional options: - -`--airgap` -`--no-airgap` -: Fallback to using local archives if fetching fails. - -`--check` -`--no-check` -: Before running archive, run `inspec check`. Default: do not check. - -`--export` -`--no-export` -: Include an inspec.json file in the archive, the results of running `inspec export`. - -`--legacy-export` -`--no-legacy-export` -: Include an inspec.json file in the archive by utilizing information from the legacy export procedure, the results of running `inspec export --legacy-export`. - -`--ignore-errors` -`--no-ignore-errors` -: Ignore profile warnings. - -`-o` -`--output=OUTPUT` -: Save the archive to a path. - -`--overwrite` -`--no-overwrite` -: Overwrite existing archive. - -`--profiles-path=PROFILES_PATH` -: Folder which contains referenced profiles. - -`--tar` -`--no-tar` -: Generates a tar.gz archive. - -`--vendor-cache=VENDOR_CACHE` -: Use the given path for caching dependencies, (default: `~/.inspec/cache`). - -`--zip` -`--no-zip` -: Generates a zip archive. - - - -## automate - -Communicates with Chef Automate. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec automate SUBCOMMAND -``` - -## check - -Verify the metadata in the `inspec.yml` file, verify that control blocks have the correct fields (title, description, impact), and define that all controls have visible tests and the controls are not using deprecated InSpec DSL code. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec check PATH -``` - -### Options - -This subcommand has the following additional options: - -`--format=FORMAT` -: The output format to use. Valid values: `json` and `doc`. Default value: `doc`. - -`--profiles-path=PROFILES_PATH` -: Folder which contains referenced profiles. - -`--vendor-cache=VENDOR_CACHE` -: Use the given path for caching dependencies, (default: `~/.inspec/cache`). - -`--with-cookstyle` -`--no-with-cookstyle` -: Enable or disable cookstyle checks. - -`--legacy-check` -`--no-legacy-check` -: Run check in legacy mode, which examines the profile in a different way. Default: use newer parser-based method. - -## detect - -Detects the target OS. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec detect -``` - -### Options - -This subcommand has the following additional options: - -`-b` -`--backend=BACKEND` -: Choose a backend: local, ssh, winrm, docker. - -`--bastion-host=BASTION_HOST` -: Specifies the bastion host if applicable. - -`--bastion-port=BASTION_PORT` -: Specifies the bastion port if applicable. - -`--bastion-user=BASTION_USER` -: Specifies the bastion user if applicable. - -`--ca-trust-file=PATH_TO_CA_TRUST_FILE` -: Specify CA certificate required for SSL authentication (WinRM). - -`--client-cert=PATH_TO_CLIENT_CERTIFICATE` -: Specify client certificate required for SSL authentication (WinRM). - -`--client-key=PATH_TO_CLIENT_KEY` -: Specify client key required with client certificate for SSL authentication (WinRM). - -`--client-key-pass=CLIENT_CERT_PASSWORD` -: Specify client certificate password, if required for SSL authentication (WinRM). - -`--config=CONFIG` -: Read configuration from the JSON file (`-` reads from stdin). - -`--docker-url` -: Provides a path to the Docker API endpoint (Docker). - -`--enable-password=ENABLE_PASSWORD` -: Password for enable mode on Cisco IOS devices. - -`--format=FORMAT` - -`--host=HOST` -: Specify a remote host which is tested. - -`--insecure` -`--no-insecure` -: Disable SSL verification on select targets. - -`-i` -`--key-files=one two three` -: Login key or certificate file for a remote scan. - -`--kerberos-realm=KERBEROS_REALM` -: The Kerberos realm used for authentication (WinRM). This option can only be run from Linux workstations. - -`--kerberos-service=KERBEROS_SERVICE` -: The Kerberos service principal name (such as HTTP or HOST) (WinRM). This option can only be run from Linux workstations. - -`--password=PASSWORD` -: Login password for a remote scan, if required. - -`--path=PATH` -: Login path to use when connecting to the target (WinRM). - -`-p` -`--port=N` -: Specify the login port for a remote scan. - -`--podman-url` -: Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user). - -`--proxy-command=PROXY_COMMAND` -: Specifies the command to use to connect to the server. - -`--self-signed` -`--no-self-signed` -: Allow remote scans with self-signed certificates (WinRM). - -`--shell` -`--no-shell` -: Run scans in a subshell. Only activates on Unix. - -`--shell-command=SHELL_COMMAND` -: Specify a particular shell to use. - -`--shell-options=SHELL_OPTIONS` -: Additional shell options. - -`--socks-password=SOCKS_PASSWORD` -: The password for authenticating with a SOCKS5 proxy (WinRM). This option can only be run from Linux workstations. - -`--socks-proxy=SOCKS_PROXY` -: The SOCKS5H proxy URL to tunnel the WinRM connection (for example, `:1080`) (WinRM). This option can only be run from Linux workstations. - -`--socks-user=SOCKS_USER` -: The username for authenticating with a SOCKS5 proxy (WinRM). This option can only be run from Linux workstations. - -`--ssl` -`--no-ssl` -: Use SSL for transport layer encryption (WinRM). - -`--ssl-peer-fingerprint` -: Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM). - -`--sudo` -`--no-sudo` -: Run scans with sudo. Only activates on Unix and non-root user. - -`--sudo-command=SUDO_COMMAND` -: Alternate command for sudo. - -`--sudo-options=SUDO_OPTIONS` -: Additional sudo options for a remote scan. - -`--sudo-password=SUDO_PASSWORD` -: Specify a sudo password, if it is required. - -`-t` -`--target=TARGET` -: Simple targeting option using URIs, e.g. ssh://user:pass@host:port. - -`--target-id=TARGET_ID` -: Provide a ID which will be included on reports. - -`--user=USER` -: The login user for a remote scan. - -`--winrm-basic-auth-only` -`--no-winrm-basic-auth-only` -: Whether to use basic authentication, defaults to false (WinRM). - -`--winrm-disable-sspi` -`--no-winrm-disable-sspi` -: Whether to use disable sspi authentication, defaults to false (WinRM). - -`--winrm-transport=WINRM_TRANSPORT` -: Specify which transport to use, defaults to negotiate (WinRM). - -`--winrm-shell-type=WINRM_SHELL_TYPE` -: Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM). - -## env - -Outputs shell-appropriate completion configuration. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec env -``` - -## exec - -Run all test files at the specified locations. - -The subcommand loads the given profiles, fetches their dependencies if needed, then connects to the target and executes any controls in the profiles. One or more reporters are used to generate the output. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec exec LOCATIONS -``` - -### Options - -This subcommand has the following additional options: - -`--allow-unsigned-profiles` -: Allow InSpec to execute unsigned profiles if mandatory profile signing is enabled. Defaults to false. - - **Chef InSpec 6** and greater has an optional setting that requires signed profiles. - If you try to execute an unsigned profile with this feature enabled, InSpec won't execute the profile and returns exit code 6. - Use `--allow-unsigned-profiles` to execute unsigned profiles if mandatory profile signing is enabled. - - For more information, see [Signed InSpec Profiles](/inspec/signing/). - -`--attrs=one two three` -: Legacy name for `--input-file` - deprecated. - -`--audit-log-location=AUDIT_LOG_LOCATION` -: The directory that the audit log saves diagnostic log files to. - You must enable audit logging to use this feature. See the [Audit Log documentation](/inspec/audit_log/) for details. - - Default: `~/.inspec/logs`. - - InSpec creates log files in the set directory using the following format: `inspec-audit-TIMESTAMP-PID.log`. - -`--auto-install-gems` -: Auto installs gem dependencies of the profile or resource pack. - -`-b` -`--backend=BACKEND` -: Choose a backend: local, ssh, winrm, docker. - -`--backend-cache` -`--no-backend-cache` -: Allow caching for backend command output. (default: `true`). - -`--bastion-host=BASTION_HOST` -: Specifies the bastion host if applicable. - -`--bastion-port=BASTION_PORT` -: Specifies the bastion port if applicable. - -`--bastion-user=BASTION_USER` -: Specifies the bastion user if applicable. - -`--ca-trust-file=PATH_TO_CA_TRUST_FILE` -: Specify CA certificate required for SSL authentication (WinRM). - -`--client-cert=PATH_TO_CLIENT_CERTIFICATE` -: Specify client certificate required for SSL authentication (WinRM). - -`--client-key=PATH_TO_CLIENT_KEY` -: Specify client key required with client certificate for SSL authentication (WinRM). - -`--client-key-pass=CLIENT_CERT_PASSWORD` -: Specify client certificate password, if required for SSL authentication (WinRM). - -`--command-timeout=SECONDS` -: Maximum seconds to allow a command to run. - -`--config=CONFIG` -: Read configuration from the JSON file (`-` reads from stdin). - -`--controls=one two three` -: A list of control names to run or a list of /regexes/ to match against control names. Ignore all other tests. - -`--create-lockfile` -`--no-create-lockfile` -: Write out a lockfile based on this execution (unless one already exists). - -`--distinct-exit` -`--no-distinct-exit` -: Exit with code 101 if any tests fail and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures. - -`--docker-url` -: Provides path to Docker API endpoint (Docker). Defaults to `unix:///var/run/docker.sock` on Unix systems and `tcp://localhost:2375` on Windows. - -`--enable-password=ENABLE_PASSWORD` -: Password for enable mode on Cisco IOS devices. - -`--filter-empty-profiles` -`--no-filter-empty-profiles` -: Filter empty profiles (profiles without controls) from the report. - -`--filter-waived-controls` -: Do not execute waived controls in InSpec at all. Must use with `--waiver-file`. Ignores the `run` setting of the waiver file. - -`--host=HOST` -: Specify a remote host which is tested. - -`--input=name1=value1 name2=value2` -: Specify one or more inputs directly on the command line, as `--input NAME=VALUE`. Accepts single-quoted YAML and JSON structures. - -`--input-file=one two three` -: Load one or more input files, a YAML file with values for the profile to use. - -`--insecure` -`--no-insecure` -: Disable SSL verification on select targets. - -`-i` -`--key-files=one two three` -: Login key or certificate file for a remote scan. - -`--kerberos-realm=KERBEROS_REALM` -: The Kerberos realm used for authentication (WinRM). This option can only be run from Linux workstations. - -`--kerberos-service=KERBEROS_SERVICE` -: The Kerberos service principal name (such as HTTP or HOST) (WinRM). This option can only be run from Linux workstations. - -`--password=PASSWORD` -: Login password for a remote scan, if required. - -`--path=PATH` -: Login path to use when connecting to the target (WinRM). - -`-p` -`--port=N` -: Specify the login port for a remote scan. - -`--podman-url` -: Provides the path to the Podman API endpoint. Defaults to `unix:///run/user/$UID/podman/podman.sock` for rootless container, `unix:///run/podman/podman.sock` for rootful container (for this you need to execute inspec as root user). - -`--profiles-path=PROFILES_PATH` -: Folder which contains referenced profiles. - -`--proxy-command=PROXY_COMMAND` -: Specifies the command to use to connect to the server. - -`--reporter=one two:/output/file/path` -: Enable one or more output reporters: cli, documentation, html2, progress, progress-bar, json, json-min, json-rspec, junit2, yaml. - -`--reporter-backtrace-inclusion` -`--no-reporter-backtrace-inclusion` -: Include a code backtrace in report data (default: `true`). - -`--reporter-include-source` -: Include full source code of controls in the CLI report. - -`--reporter-message-truncation=REPORTER_MESSAGE_TRUNCATION` -: Number of characters to truncate failure messages in report data (default: no truncation). - -`--self-signed` -`--no-self-signed` -: Allow remote scans with self-signed certificates (WinRM). - -`--shell` -`--no-shell` -: Run scans in a subshell. Only activates on Unix. - -`--shell-command=SHELL_COMMAND` -: Specify a particular shell to use. - -`--shell-options=SHELL_OPTIONS` -: Additional shell options. - -`--show-progress` -`--no-show-progress` -: Show progress while executing tests. - -`--silence-deprecations=all|GROUP GROUP...` -: Suppress deprecation warnings. See install_dir/etc/deprecations.json for a list of GROUPs or use 'all'. - -`--socks-password=SOCKS_PASSWORD` -: The password for authenticating with a SOCKS5 proxy (WinRM). This option can only be run from Linux workstations. - -`--socks-proxy=SOCKS_PROXY` -: The SOCKS5H proxy URL to tunnel the WinRM connection (for example, `:1080`) (WinRM). This option can only be run from Linux workstations. - -`--socks-user=SOCKS_USER` -: The username for authenticating with a SOCKS5 proxy (WinRM). This option can only be run from Linux workstations. - -`--ssh-config-file=one two three` -: A list of paths to the SSH configuration file, for example: `~/.ssh/config` or `/etc/ssh/ssh_config`. - -`--ssl` -`--no-ssl` -: Use SSL for transport layer encryption (WinRM). - -`--ssl-peer-fingerprint` -: Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM). - -`--sudo` -`--no-sudo` -: Run scans with sudo. Only activates on Unix and non-root user. - -`--sudo-command=SUDO_COMMAND` -: Alternate command for sudo. - -`--sudo-options=SUDO_OPTIONS` -: Additional sudo options for a remote scan. - -`--sudo-password=SUDO_PASSWORD` -: Specify a sudo password, if it is required. - -`-t` -`--target=TARGET` -: Simple targeting option using URIs, e.g. ssh://user:pass@host:port. - -`--target-id=TARGET_ID` -: Provide an ID that is included on reports - deprecated. - -`--tags=one two three` -: A list of tags or regular expressions that match tags. `exec` will run controls referenced by the listed or matching tags. - -`--user=USER` -: The login user for a remote scan. - -`--vendor-cache=VENDOR_CACHE` -: Use the given path for caching dependencies. (default: `~/.inspec/cache`). - -`--waiver-file=one two three` -: Load one or more waiver files. - -`--winrm-basic-auth-only` -`--no-winrm-basic-auth-only` -: Whether to use basic authentication, defaults to false (WinRM). - -`--winrm-disable-sspi` -`--no-winrm-disable-sspi` -: Whether to use disable sspi authentication, defaults to false (WinRM). - -`--winrm-transport=WINRM_TRANSPORT` -: Specify which transport to use, defaults to negotiate (WinRM). - -`--enhanced-outcomes` -: Includes enhanced outcome of controls in report data. - -### Exit codes - -`0` -: normal exit, all tests passed - -`1` -: usage or general error - -`2` -: error in plugin system - -`3` -: fatal deprecation encountered - -`5` -: invalid profile signature - -`6` -: mandatory profile signing mode enabled and no signature found - -`100` -: normal exit, at least one test failed - -`101` -: normal exit, at least one test skipped but none failed - -`172` -: Chef license not accepted - -### Examples - -Below are some examples of using `exec` with different test locations. - -Chef Automate: - -```ruby -inspec automate login -inspec exec compliance://username/linux-baselinem -``` - -`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way: - -```ruby -inspec compliance login -``` - -Chef Supermarket: - -```ruby -inspec exec supermarket://username/linux-baseline -inspec exec supermarket://username/linux-baseline --supermarket_url="https://privatesupermarket.example.com" -``` - -Local profile (executes all tests in `controls/`): - -```ruby -inspec exec /path/to/profile -``` - -Local single test (doesn't allow inputs or custom resources): - -```ruby -inspec exec /path/to/a_test.rb -``` - -Git via SSH: - -```ruby -inspec exec git@github.com:dev-sec/linux-baseline.git -``` - -Git via HTTPS (.git suffix is required): - -```ruby -inspec exec https://github.com/dev-sec/linux-baseline.git -``` - -Private Git via HTTPS (.git suffix is required): - -```ruby -inspec exec https://api_token@github.com/dev-sec/linux-baseline.git -``` - -Private Git via HTTPS and cached credentials (.git suffix is required): - -```bash -git config credential.helper cache -git ls-remote https://github.com/dev-sec/linux-baseline.git -inspec exec https://github.com/dev-sec/linux-baseline.git -``` - -Web-hosted file (also supports .zip): - -```bash -inspec exec https://webserver/linux-baseline.tar.gz -``` - -Web-hosted file with basic authentication (supports .zip): - -```bash -inspec exec https://username:password@webserver/linux-baseline.tar.gz -``` - -Web-hosted signed profile: - -```bash -inspec exec https://username:password@webserver/linux-baseline.iaf -``` - -## habitat - -Create a Chef Habitat package. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec habitat SUBCOMMAND -``` - -## help - -Describe available commands or one specific command. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec help [COMMAND] -``` - -## init - -Scaffold a new project. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec init TEMPLATE -``` - -## export - -Read the profile in path and generate a summary in the given format. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec export PATH -``` - -### Options - -This subcommand has the following additional options: - -`--what=WHAT` -: What to export: profile (default), readme, metadata. - -`--controls=one two three` -: For --what=profile, a list of controls to include. Other controls are ignored.. - -`--format=FORMAT` -: The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'. - -`--legacy-export` -`--no-legacy-export` -: Run with legacy export. - -`-o` -`--output=OUTPUT` -: Save the created output to a path. - -`--profiles-path=PROFILES_PATH` -: Folder which contains referenced profiles. - -`--tags=one two three` -: For --what=profile, a list of tags to filter controls and include only those. Other controls are ignored. - -`--vendor-cache=VENDOR_CACHE` -: Use the given path for caching dependencies, (default: `~/.inspec/cache`). - -## json - -Read all tests in the path and generate a json summary. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec json PATH -``` - -### Options - -This subcommand has the following additional options: - -`--allow-unsigned-profiles` -: Allow InSpec to read unsigned profiles if [mandatory profile signing](/inspec/signing/) is enabled. Defaults to false. - - **Chef InSpec 6** and greater has an optional setting that requires signed profiles. - If you try to read an unsigned profile with this feature enabled, InSpec won't read the profile and returns exit code 6. - Use `--allow-unsigned-profiles` to read unsigned profiles if mandatory profile signing is enabled. - - For more information, see [Signed InSpec Profiles](/inspec/signing/). - -`--controls=one two three` -: A list of controls to include. Ignore all other tests. - -`--legacy-export` -`--no-legacy-export` -: Run with legacy export. - -`-o` -`--output=OUTPUT` -: Save the created profile to a path. - -`--profiles-path=PROFILES_PATH` -: Folder which contains referenced profiles. - -`--tags=one two three` -: A list of tags that reference specific controls. Other controls are ignored. - -`--vendor-cache=VENDOR_CACHE` -: Use the given path for caching dependencies. (default: `~/.inspec/cache`). - -## license - -Subcommands for interacting with the Chef licensing system. - -`inspec license` supports two subcommands, `add` and `list`. - -### license add - -Add a Chef license. - -Not applicable for users running a Chef Private Licensing Service. - -#### Syntax - -```bash -inspec license add -``` - -### license list - -Run license diagnostics and output the details of your current Chef license configuration. - -#### Syntax - -```bash -inspec license list -``` - -## nothing - -Does nothing. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec nothing -``` - -## plugin - -Install and manage [Chef InSpec plugins](/inspec/plugins/). - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec plugin SUBCOMMAND -``` - -## schema - -Print the json schema. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec schema NAME -``` - -### Options - -This subcommand has the following additional option: - -`--enhanced-outcomes` -: Includes enhanced outcome of controls in report data. - -## shell - -Open an interactive debugging shell. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec shell -``` - -### Options - -This subcommand has the following additional options: - -`--audit-log-location=AUDIT_LOG_LOCATION` -: The directory that the audit log saves diagnostic log files to. - You must enable audit logging to use this feature. See the [Audit Log documentation](/inspec/audit_log/) for details. - - Default: `~/.inspec/logs`. - - InSpec creates log files in the set directory using the following format: `inspec-audit-TIMESTAMP-PID.log`. - -`-b` -`--backend=BACKEND` -: Choose a backend: local, ssh, winrm, docker. - -`--bastion-host=BASTION_HOST` -: Specifies the bastion host if applicable. - -`--bastion-port=BASTION_PORT` -: Specifies the bastion port if applicable. - -`--bastion-user=BASTION_USER` -: Specifies the bastion user if applicable. - -`-c` -`--command=COMMAND` -: A single command string to run instead of launching the shell. - -`--command-timeout=SECONDS` -: Maximum seconds to allow a command to run. - -`--ca-trust-file=PATH_TO_CA_TRUST_FILE` -: Specify CA certificate required for SSL authentication (WinRM). - -`--client-cert=PATH_TO_CLIENT_CERTIFICATE` -: Specify client certificate required for SSL authentication (WinRM). - -`--client-key=PATH_TO_CLIENT_KEY` -: Specify client key required with client certificate for SSL authentication (WinRM). - -`--client-key-pass=CLIENT_CERT_PASSWORD` -: Specify client certificate password, if required for SSL authentication (WinRM). - -`--config=CONFIG` -: Read configuration from the JSON file (`-` reads from stdin). - -`--depends=one two three` -: A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell. - -`--distinct-exit` -`--no-distinct-exit` -: Exit with code 100 if any tests fail and 101 if any are skipped, but none failed (default). If disabled, exit 0 on skips and 1 for failures. - -`--docker-url` -: Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows. - -`--enable-password=ENABLE_PASSWORD` -: Password for enable mode on Cisco IOS devices. - -`--enhanced-outcomes` -: Includes enhanced outcome of controls in report data. - -`--host=HOST` -: Specify a remote host which is tested. - -`--insecure` -`--no-insecure` -: Disable SSL verification on select targets. - -`--inspect` -`--no-inspect` -: Use verbose/debugging output for resources. - -`-i` -`--key-files=one two three` -: Login key or certificate file for a remote scan. - -`--kerberos-realm=KERBEROS_REALM` -: Kerberos realm used for authentication (WinRM). This option can only be run from Linux workstations. - -`--kerberos-service=KERBEROS_SERVICE` -: Kerberos service principal name (for example, HTTP, HOST) (WinRM). This option can only be run from Linux workstations. - -`--password=PASSWORD` -: Login password for a remote scan, if required. - -`--path=PATH` -: Login path to use when connecting to the target (WinRM). - -`-p` -`--port=N` -: Specify the login port for a remote scan. - -`--podman-url` -: Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user). - -`--proxy-command=PROXY_COMMAND` -: Specifies the command to use to connect to the server. - -`--reporter=one two:/output/file/path` -: Enable one or more output reporters: cli, documentation, html2, progress, json, json-min, json-rspec, junit2. - -`--self-signed` -`--no-self-signed` -: Allow remote scans with self-signed certificates (WinRM). - -`--shell` -`--no-shell` -: Run scans in a subshell. Only activates on Unix. - -`--shell-command=SHELL_COMMAND` -: Specify a particular shell to use. - -`--shell-options=SHELL_OPTIONS` -: Additional shell options. - -`--socks-password=SOCKS_PASSWORD` -: The password for authenticating with a SOCKS5 proxy (WinRM). This option can only be run from Linux workstations. - -`--socks-proxy=SOCKS_PROXY` -: The SOCKS5H proxy URL to tunnel the WinRM connection (for example, `:1080`) (WinRM). This option can only be run from Linux workstations. - -`--socks-user=SOCKS_USER` -: The username for authenticating with a SOCKS5 proxy (WinRM). This option can only be run from Linux workstations. - -`--ssh-config-file=one two three` -: A list of paths to the SSH configuration file, for example: `~/.ssh/config` or `/etc/ssh/ssh_config`. - -`--ssl` -`--no-ssl` -: Use SSL for transport layer encryption (WinRM). - -`--ssl-peer-fingerprint=SSL_PEER_FINGERPRINT` -: Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM). - -`--sudo` -`--no-sudo` -: Run scans with sudo. Only activates on Unix and non-root user. - -`--sudo-command=SUDO_COMMAND` -: Alternate command for sudo. - -`--sudo-options=SUDO_OPTIONS` -: Additional sudo options for a remote scan. - -`--sudo-password=SUDO_PASSWORD` -: Specify a sudo password, if it is required. - -`-t` -`--target=TARGET` -: Simple targeting option using URIs, e.g. ssh://user:pass@host:port. - -`--target-id=TARGET_ID` -: Provide a ID which will be included on reports. - -`--user=USER` -: The login user for a remote scan. - -`--winrm-basic-auth-only` -`--no-winrm-basic-auth-only` -: Whether to use basic authentication, defaults to false (WinRM). - -`--winrm-disable-sspi` -`--no-winrm-disable-sspi` -: Whether to use disable sspi authentication, defaults to false (WinRM). - -`--winrm-transport=WINRM_TRANSPORT` -: Specify which transport to use, defaults to negotiate (WinRM). - -## supermarket - -Supermarket commands. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec supermarket SUBCOMMAND ... -``` - -### Options - -This subcommand has additional options: - -`--supermarket_url` -: Specify the URL of a private Chef Supermarket. - -## vendor - -Download all dependencies and generate a lockfile in a `vendor` directory. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec vendor PATH -``` - -### Options - -This subcommand has additional options: - -`--overwrite` -`--no-overwrite` -: Overwrite existing vendored dependencies and lockfiles. - -## version - -Prints the version of this tool. - -### Syntax - -This subcommand has the following syntax: - -```bash -inspec version -``` - -### Options - -This subcommand has the following additional options: - -`--format=FORMAT` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/_index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/_index.md deleted file mode 100644 index e2f198b6ee..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/_index.md +++ /dev/null @@ -1,19 +0,0 @@ -+++ -title = "Using Chef InSpec on Cloud Platforms" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Overview" - identifier = "inspec/cloud/" - parent = "inspec/cloud" - weight = 10 -+++ - -Chef InSpec provides resources for auditing the following cloud platforms: - -- [Alibaba Cloud](alicloud) -- [AWS](aws) -- [Azure](azure) -- [GCP](gcp) diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/alicloud.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/alicloud.md deleted file mode 100644 index f59e3496e8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/alicloud.md +++ /dev/null @@ -1,30 +0,0 @@ -+++ -title = "Chef InSpec and Alibaba Cloud" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "AliCloud" - identifier = "inspec/cloud/alibaba" - parent = "inspec/cloud" -+++ - -Chef InSpec has resources for auditing Alibaba. - -You will need to install AliCloud SDK version 0.8.0 and require AliCloud credentials to use the Chef InSpec AliCloud resources. - -## Set AliCloud credentials - -You can configure AliCloud credentials in an [.envrc file](https://github.com/inspec/inspec-alicloud/blob/main/.envrc_example) or export them in your shell. - -```bash -# Example configuration -export ALICLOUD_ACCESS_KEY="anaccesskey" -export ALICLOUD_SECRET_KEY="asecretkey" -export ALICLOUD_REGION="eu-west-1" -``` - -## Alibaba resources - -{{< inspec/inspec_resources platform="alicloud" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/aws.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/aws.md deleted file mode 100644 index 74f32ba086..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/aws.md +++ /dev/null @@ -1,87 +0,0 @@ -+++ -title = "Chef InSpec and AWS" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "AWS" - identifier = "inspec/cloud/aws" - parent = "inspec/cloud" -+++ - -Chef InSpec has resources for auditing AWS. - -## Initialize an InSpec profile for auditing AWS - -With Chef InSpec 4 or greater, you can create a profile for testing AWS resources with `inspec init profile`: - -```bash -$ inspec init profile --platform aws -Create new profile at /Users/me/ - * Creating directory libraries - * Creating file README.md - * Creating directory controls - * Creating file controls/example.rb - * Creating file inspec.yml - * Creating file inputs.yml - * Creating file libraries/.gitkeep -``` - -Assuming the `inputs.yml` file contains your AWS project ID, you can execute this sample profile using the following command: - -```bash -inspec exec --input-file=/inputs.yml -t gcp:// -``` - -## Set AWS credentials - -Chef InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities. - -1. Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access." - -1. On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual Chef InSpec resources to identify which permissions are required. - -1. After generating the key, record the access key ID and secret key. - -### Provide credentials with environment variables - -You may provide the credentials to Chef InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details. - -Once you have your environment variables set, you can verify your credentials by running: - -```bash -$ inspec detect -t aws:// - -== Platform Details -Name: aws -Families: cloud, api -Release: aws-sdk-v2.10.125 -``` - -### Provide credentials using Chef InSpec target option - -Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format: - -```bash -[auditing] -aws_access_key_id = AKIA.... -aws_secret_access_key = 1234....abcd -``` - -You may now run Chef InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`. - -To verify your credentials, run: - -```bash -$ inspec detect -t aws:// - -== Platform Details -Name: aws -Families: cloud, api -Release: aws-sdk-v2.10.125 -``` - -## AWS resources - -{{< inspec/inspec_resources platform="aws" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/azure.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/azure.md deleted file mode 100644 index b3bc085110..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/azure.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "Chef InSpec and Azure" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Azure" - identifier = "inspec/cloud/azure" - parent = "inspec/cloud" -+++ - -Chef InSpec has resources for auditing Azure. - -## Initialize an InSpec profile for auditing Azure - -With Chef InSpec 4 or greater, you can create a profile for testing Azure resources with `inspec init profile`: - -```bash -$ inspec init profile --platform azure -Create new profile at /Users/me/ - * Creating directory libraries - * Creating file README.md - * Creating directory controls - * Creating file controls/example.rb - * Creating file inspec.yml - * Creating file inputs.yml - * Creating file libraries/.gitkeep -``` - -Assuming the `inputs.yml` file contains your Azure project ID, you can execute this sample profile using the following command: - -```bash -inspec exec --input-file=/inputs.yml -t azure:// -``` - -## Set Azure credentials - -To use Chef InSpec Azure resources, create a Service Principal Name (SPN) to audit an Azure subscription. - -This can be done on the command line or from the Azure Portal: - -- [Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal-cli) -- [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal) -- [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) - -The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using Chef InSpec target URIs. - -### Set the Azure credentials file - -By default, Chef InSpec is configured to look at `~/.azure/credentials`, and it should contain: - -```powershell -[] -client_id = "" -client_secret = "" -tenant_id = "" -``` - -{{< note >}} - -In the Azure web portal, these values are labeled differently: - -- The client_id is referred to as the 'Application ID' -- The client_secret is referred to as the 'Key (Password Type)' -- The tenant_id is referred to as the 'Directory ID' - -{{< /note >}} - -With the credentials in place, you can now execute Chef InSpec. - -```bash -inspec exec -t azure:// -``` - -### Provide credentials using environment variables - -You may also set the Azure credentials via environment variables: - -- `AZURE_SUBSCRIPTION_ID` -- `AZURE_CLIENT_ID` -- `AZURE_CLIENT_SECRET` -- `AZURE_TENANT_ID` - -For example: - -```bash -AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \ -AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \ -AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \ -AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure:// -``` - -### Provide credentials using Chef InSpec target option - -If you have created a `~/.azure/credentials` file as above, you may also use the Chef InSpec command line `--target` / `-t` option to select a subscription ID. For example: - -```bash -inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3 -``` - -## Azure resources - -{{< inspec/inspec_resources platform="azure" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/gcp.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/gcp.md deleted file mode 100644 index d414be1ff6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cloud/gcp.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "Chef InSpec and GCP" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "GCP" - identifier = "inspec/cloud/gcp" - parent = "inspec/cloud" -+++ - -Chef InSpec has resources for auditing GCP. - -## Initialize an InSpec profile for auditing GCP - -With Chef InSpec 4 or greater, you can create a profile for testing GCP resources with `inspec init profile`: - -```bash -$ inspec init profile --platform gcp my-profile -Create new profile at /Users/me/my-profile - * Creating directory libraries - * Creating file README.md - * Creating directory controls - * Creating file controls/example.rb - * Creating file inspec.yml - * Creating file inputs.yml - * Creating file libraries/.gitkeep -``` - -Assuming the `inputs.yml` file contains your GCP project ID, this sample profile can then be executed using the following command: - -```bash -inspec exec my-profile --input-file=my-profile/inputs.yml -t gcp:// -``` - -## Set GCP credentials - -To use Chef InSpec GCP resources, you will need to install and configure the Google Cloud SDK. -Instructions for this pre-requisite can be found in the [Google CLoud SDK documentation](https://cloud.google.com/sdk/docs/). - -### Set the GCP credentials file - -While InSpec can use user accounts for authentication, [Google Cloud documentation](https://cloud.google.com/docs/authentication/) recommends using service accounts. - -1. Create a [service account](https://cloud.google.com/docs/authentication/getting-started) with the scopes appropriate for your needs. - -1. Download the credential JSON file, for example `project-credentials.json`, to your workspace and activate your service account with `gcloud auth activate-service-account`. - - ```bash - gcloud auth activate-service-account --key-file project-credentials.json - ``` - -### Provide credentials using environment variables - -You may also set the GCP credentials json file via the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. - -```bash -export GOOGLE_APPLICATION_CREDENTIALS='/Users/me/.config/gcloud/myproject-1-feb7993e8660.json' -``` - -Once you have your environment variables set, you can verify your credentials by running: - -```bash -$ inspec detect -t gcp:// - -== Platform Details - -Name: gcp -Families: cloud, api -Release: google-cloud-v -``` - -## GCP resources - -{{< inspec/inspec_resources platform="gcp" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/config.md deleted file mode 100644 index 7de68834a5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/config.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "InSpec Configuration File" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Configure" - identifier = "inspec/config.md Configuration" - parent = "inspec" - weight = 30 -+++ - -This documents how to create a configuration file for Chef InSpec. A config file is **optional**. - -There are two config file versions, 1.1 and 1.2. - -## Config File Location - -By default, Chef InSpec looks for a config file in `~/.inspec/config.json`. - -You may also specify the location using `--config`. For example, to run the shell using a config file in `/etc/inspec`, use `inspec shell --config /etc/inspec/config.json`. - -## Versions - -There are two possible versions for this config file, `1.1` or `1.2`. Only version `1.2` accepts the `plugins` setting. - -## Example - -```json -{ - "version": "1.2", - "cli_options":{ - "color": "true" - }, - "credentials": { - "ssh": { - "my-target": { - "host":"somewhere.example.com", - "user":"bob" - } - } - }, - "reporter": { - "automate" : { - "stdout" : false, - "url" : "https://AUTOMATE_URL/data-collector/v0/", - "token" : "AUTOMATE_API_TOKEN", - "insecure" : true, - "node_name" : "inspec_test_node", - "environment" : "prod" - } - }, - "plugins": { - "inspec-training-wheels":{ - "diameter":"4 inches" - }, - "inspec-input-secrets":{ - "security-tokens":[ - "123456789", - "abcdef252875" - ] - } - } -} -``` - -### Properties - -`version` -: **required** - - The file format version. - - Allowed values: `1.1` or `1.2` - -`cli_options` -: Any long-form command line option, without the leading dashes. - -`credentials` -: Train-transport-specific options. Store the options keyed first by transport name, then by a name you'll use later on. The combination of transport name and your chosen name can be used in the `--target` option to `inspec exec`, as `--target transport-name://connection-name`. - - For example, if the config file contains: - - ```json - { - "credentials": { - "winrm": { - "myconn": { - "user": "Administrator", - "host": "prod01.east.example.com", - "disable_sspi": true, - "connection_retries": 10 - } - } - } - } - ``` - - Then use `-t winrm://myconn` to connect to the host, with the given extra options. - - Each Train transport offers a variety of options. By using the credential set facility, you are able to set options that are not accessible via the Train URI. - - You may have as many credential sets in the config file as you require. - - If you use a target URI and the portion after the `://` cannot be matched to credential set name, Chef InSpec will send the URI to Train to be parsed as a Train URI. Thus, you can still do `ssh://someuser@example.com`. - - You can use a credential set, and then override individual options using command line options. - - Credential sets are intended to work hand-in-hand with the underlying credentials storage facility of the transport. For example, if you have a `~/.ssh/config` file specifying that the sally-key.pem file should be used with the host `example.com`, and you have a credential set that specifies that host, then when Train tries to connect to that host, the SSH library will automatically use the SSH config file to use the indicated key. - -`reporter` -: Formats and delivers the results of a Chef InSpec audit run. For information on configuring reporters, see the [InSpec reporters documentation](/inspec/reporters/). - -`plugins` - -: Provide configuration settings to plugins that you use with Chef InSpec. - Refer to the documentation of the plugin you are using for details regarding what settings are available. - - Each plugin will have a key-value are that it may use as it sees fit - Chef InSpec does not specify the structure. - - Set the config file to **version 1.2** to use this setting. - - For more information on plugins, see the [Chef InSpec plugins documentation](/inspec/plugins/). diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md deleted file mode 100644 index 623c16a12c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md +++ /dev/null @@ -1,4 +0,0 @@ -+++ -layout = "redirect" -redirect_url = "/inspec/profiles/controls" -+++ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md deleted file mode 100644 index 42b349d7ee..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md +++ /dev/null @@ -1,4 +0,0 @@ -+++ -layout = "redirect" -redirect_url = "/inspec/profiles/custom_resources/" -+++ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/glossary.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/glossary.md deleted file mode 100644 index fd7d25935f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/glossary.md +++ /dev/null @@ -1,418 +0,0 @@ -+++ -title = "Chef InSpec Glossary" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Chef InSpec Glossary" - identifier = "inspec/reference/Chef InSpec Glossary" - parent = "inspec/reference" - weight = 50 -+++ - -This document should help you become familiar with some of the terminology used by the Chef InSpec project. - -There are two ways to use it: - -- A [text glossary](#text-glossary). Learn the meaning of a word you have encountered. -- A [visual glossary](#visual-glossary). Look at examples and see how the parts are labelled. You can then use the text glossary to read details of each concept. - -## Visual Glossary - -### Motivating Example - -Suppose we are interested in auditing cars. Let's suppose we have two Chef InSpec resources for auditing: `cars`, which searches for and filters groups of cars, and `car`, which performs detailed auditing of a single car. - -### Basic Syntax - -Let's look at some simple examples. - -### Singular Resource Example - -```ruby -describe car(owner: 'Tony Clifton') do - it { should exist } - its('license_plate') { should cmp 'MOONMAN' } - it { should be_classy } - it { should_not have_check_engine_light_on } -end -``` - -#### describe car(owner: 'Tony Clifton') do - -_car_ is a [resource](#resource). Since we are talking about only one car, it is a [singular resource](#singular-resource). - -#### describe car(_owner: 'Tony Clifton'_) - -_owner_ is a [resource parameter](#resource-parameter) and _'Tony Clifton'_ is a resource parameter value. - -#### _it { should exist }_ - -Each line within the resource block beginning with `it` or `its` is a [test](#test). Use [it](#it) to access [resource-specific matchers](#resource-specific-matcher), and use [its](#its) to access [properties](#property) of the [resource](#resource), which are in turn used with [universal matchers](#universal-matcher). - -#### its('_license\_plate_') { should cmp 'MOONMAN' } - -_license\_plate_ is a [property](#property) belonging to the [resource](#resource). Properties expose testable information about the resource. Some properties are numbers, some (like this one) are text, some are lists, and some are more complex objects. Properties are always used with [universal matchers](#universal-matcher). - -#### its('license\_plate') { should _cmp_ 'MOONMAN' } - -_cmp_ is a [universal matcher](#universal-matcher). `cmp` is a very flexible, loosely typed equality operator; here it checks to see if the license plate text is the same as the text 'MOONMAN'. Notice that the test operates on the license plate text (the property value) and not on the resource. You can find the full list of supported universal matchers on the [Universal Matcher page](/inspec/matchers/). - -#### its('license\_plate') { should cmp _'MOONMAN'_ } - -_'MOONMAN'_ is an [expected result](#expected-result). Some matchers take an expected result; others do not. - -#### it { should _be\_classy_ } - -_be\_classy_ is a [resource-specific matcher](#resource-specific-matcher). It returns a yes-or-no value, based on whether Tony's car is classy or not. (It is. Tony is a classy guy.) - -#### it { _should\_not_ have\_check\_engine\_light\_on } - -_should\_not_ indicates this is a negated test. So, this test passes if the matcher says "no". - -### Plural Resource Example - -```ruby -describe cars.where(color: /^b/) do - it { should exist } - its('manufacturers') { should include 'Cadillac' } - its('count') { should be >= 10 } -end -``` - -#### describe _cars_.where(color: /^b/) do - -_cars_ is a [resource](#resource). Since we are potentially talking about many cars, it is a [plural resource](#plural-resource). - -#### describe cars._where(color: /^b/)_ do - -_where(color: /^b/)_ is a [filter statement](#filter-statement). Without a filter statement, `cars` simply selects all the cars in the world. - -#### describe cars.where(_color: /^b/_) do - -_color_ is a [filter criterion](#filter-criteria) along with its filter value, _/^b/_. Here, the criterion expresses that we want to select all cars whose colors begin with the letter 'b' - blue, brown, burgundy, etc. - -#### _it { should exist }_ - -Each line within the resource block beginning with `it` or `its` is a [test](#test). Use [it](#it) to access [resource-specific matchers](#resource-specific-matcher), and use [its](#its) to access [properties](#property) of the [resource](#resource), which are in turn used with [universal matchers](#universal-matcher). - -With plural resources, `exist` has a special meaning: did the filter match anything? - -#### its('_manufacturers_') { should include 'Cadillac' } - -_manufacturers_ is a [property](#property) of the [resource](#resource). Properties expose testable information about the resource. On plural resources, properties are almost always names in the plural, and almost always return a list of values. Here, the test returns a list of the car manufacturer names. Some list properties are de-duplicated; for example, you might have 10 cars, but if they are all Subarus and Cadillacs, it returns only two entries in the `manufacturers` property. Be sure to check the documentation for your resource. - -#### its('manufacturers') { should _include_ 'Cadillac' } - -_include_ is a [universal matcher](#universal-matcher). `include` works with lists, and checks to see if an expected result is present. Here, it checks to see if the list of manufacturers contains an entry with the text 'Cadillac'. Notice it operates on the manufacturers list (the property value) and not on the resource. You can find the full list of supported universal matchers on the [Universal Matcher page](/inspec/matchers/). - -#### its('manufacturers') { should include '_Cadillac_' } - -_'Cadillac'_ is an [expected result](#expected-result). Some matchers take an expected result; others do not. - -#### its('count') { should _be >=_ 10 } - -_be >=_ is an [operator matcher](#operator-matcher). It allows you to perform numeric comparisons. All plural resources have a `count` property. - -## Text Glossary - -### Attribute - -Deprecated name for [input](#input). - -### Control - -### Control Block - -The _`control`_ keyword is used to declare a _`control block`_. Here, the word 'control' means a 'regulatory control, recommendation, or requirement' - not a software engineering construct. A `control block` has a name (which usually refers to the assigned ID of the regulatory recommendation it implements), metadata such as descriptions, references, and tags, and finally groups together related [describe blocks](#describe-block) to implement the checks. - -### Core Resource - -A [resource](#resource) that is included with InSpec; you are not required to install additional [plugins](#plugin) or depend on a [resource pack](#resource-pack) to use the resource. - -### Custom Resource - -A [resource](#resource) that is _not_ included with InSpec. It may be a resource of your own creation, or one you obtain by depending on a [resource pack](#resource-pack). - -### Describe - -### Describe Block - -The _`describe`_ keyword is used with a _`describe block`_ to refer to a Chef InSpec resource. You use the `describe` keyword along with the name of a [resource](#resource) to enclose related [tests](#test) that apply to the resource. Multiple describe blocks are usually grouped together in a [control](#control), but you can also use them outside of a control. - -```ruby -control 'Rule 1.1 - Color restrictions' do - # Count only blue cars - describe cars.where(color: 'blue') do - its('count') { should eq 20 } - end -end -``` - -### DSL - -_DSL_ is an acronym for _Domain Specific Language_. It refers to the language extensions Chef InSpec provides to make authoring resources and controls easier. While Chef InSpec control files are use Ruby, the _Control DSL_ makes it easy to write controls without knowledge of Ruby by providing DSL keywords such as [describe](#describe), [control](#control), [it](#it) and [its](#its). See the [Chef InSpec Language page](/inspec/dsl_inspec/) for details about keywords available to control authors. - -For [custom resource](#custom-resource) authors, an additional DSL is available - see the [Resource Language page](/inspec/dsl_resource/). - -### Expected Result - -When using a [matcher](#matcher), the _`expected result`_ is the value the matcher will compare against the [property](#property) being accessed. - -In this example, the [`cmp`](/inspec/matchers/#cmp) matcher is being used to compare the `color` property to the expected result 'black'. - -```ruby -describe car(owner: 'Bruce Wayne') do - its('color') { should cmp 'black' } -end -``` - -### Filter Statement - -When using a [plural resource](#plural-resource), a _`filter statement`_ is used to select individual test subjects using [filter criteria](#filter-criteria). A filter statement almost always is indicated by the keyword `where`, and may be repeated using method chaining. - -A filter statement may use method call syntax (which allows basic criteria operations, such as equality, regex matching, and Ruby `===` comparison) or block syntax (which allows arbitrary code). - -In this example, `where(...)` is the filter statement. - -```ruby -# Count only blue cars -describe cars.where(color: 'blue') do - its('count') { should eq 20 } -end -``` - -### Filter Criterion - -### Filter Criteria - -When using a [plural resource](#plural-resource), a _`filter criterion`_ is used to select individual test subjects within a [filter statement](#filter-statement). You may use multiple _`filter criteria`_ in a single filter statement. - -When method-call syntax is used with the filter statement, you provide filter criteria as a Hash, with filter criteria names as keys, and conditions as the Hash values. You may provide test, true/false, or numbers, in which case the comparison is equality; or you may provide a regular expression, in which case a match is performed. - -Here, `(color: blue)` is a single filter criterion being used with a filter statement in method-call syntax. - -```ruby -# Count only blue cars -describe cars.where(color: 'blue') do - its('count') { should eq 20 } -end -``` - -When block-method syntax is used with the filter statement, you provide a block. The block may contain arbitrary code, and each filter criteria will be available as an accessor. The block will be evaluated once per row, and each block that evaluates to a truthy value will pass the filter. - -Here, `{ engine_cylinders >= 6 }` is a block-syntax filter statement referring to one filter criterion. - -```ruby -# Vroom! -describe cars.where { engine_cylinders >= 6 } do - its('city_mpg_ratings') { should_not include '4-star' } -end -``` - -### Input - -An _`input`_ is a value that Chef InSpec can source from a number of providers, including from the command line, profile metadata, or within the control file DSL itself. You can use this feature either to change a [profile's](#profile) behavior by passing different attribute files or to store secrets that should not be directly present in a profile. - -Inputs were formerly known as `attributes`. Chef InSpec inputs are unrelated to Chef Infra attributes. - -The CLI syntax for inputs is documented under the [`inspec exec`](/inspec/cli/#exec) command. - -Inputs are documented in detail in the [input documentation](/inspec/inputs/). - -### It - -Within a [describe block](#describe), _`it`_ declares an individual [test](#test) directly against the [resource](#resource) (as opposed to testing against one of the resource's [properties](#property), as [its](#its) does). Though it is possible to use [universal matchers](#universal-matcher) with `it`, it is much more typical to use [resource-specific matchers](#resource-specific-matchers). - -`it` may be used with `should`, or negated using `should_not`. - -Here, `it { should ... }` declares a test, calling the `classy?` matcher on Tony Clifton's car. - -```ruby -describe car(owner: 'Tony Clifton') do - it { should be_classy } -end -``` - -### Its - -Within a [describe block](#describe), _`its`_ declares an individual [test](#test) against a property of the [resource](#resource) (as opposed to testing directly against the resource itself, as [it](#it) does). You must use [universal matchers](#universal-matcher) with `its`; you cannot use [resource-specific matchers](#resource-specific-matchers). - -`its` may be used with `should`, or negated using `should_not`. - -The property to access is passed as a single string argument to `its`. As an advanced usage, if the property has methods you are interested in, you can call them using '`.`' within the string; even more advanced calling patterns are possible - see [the rspec-its documentation](https://github.com/rspec/rspec-its#usage). - -Here, `its('fuzzy_dice') { should ... }` declares a test, testing against the `fuzzy_dice` property of Tony Clifton's car. Let's assume - Tony being Tony - that `fuzzy_dice` will return an Array. - -```ruby -describe car(owner: 'Tony Clifton') do - its('fuzzy_dice') { should_not be_empty } - its('fuzzy_dice.count') { should be >= 2 } - its('fuzzy_dice.first.fuzziness') { should cmp 'outlandishly so' } -end -``` - -### Matcher - -A _`matcher`_ performs the actual assertions against [resources](#resource) or the [properties](#property) of resources. Matchers always return a true/false value. Matchers fall into two camps: - -* [resource-specific matchers](#resource-specific-matchers), which operate directly on the resource, are used with [it](#it), and tend to be highly customized to the auditing needs of the resource -* [universal matchers](#universal-matchers), which operate on the properties of the resource, are used with [its](#its), and tend to be very generic, operating on text, numbers, and lists - -Some matchers accept parameters, called [expected results](#expected-results). - -For information on how RSpec matchers are related o Chef InSpec matchers, see [Chef InSpec and RSpec](/inspec/inspec_and_friends/#rspec). - -Here, `be_classy` is a resource-specific matcher operating directly on the `car`, while `cmp` is a universal matcher operating on the `manufacturer` property. - -```ruby -describe car(owner: 'Tony Clifton') do - it { should be_classy } - its('manufacturer') { should cmp 'Cadillac' } -end -``` - -### Operator Matcher - -An operator matcher allows you to use operators to compare numerical [expected results](#expected-result) against a [property](#property). All plural resources have a `count` property. - -For example: - -```ruby -describe cars do - its('count') { should be >= 10 } -end -``` - -Operators include: - -- `==` -- `>=` -- `<=` -- `>` -- `<` - -### plural resource - -A _`plural resource`_ is a [resource](#resource) that specializes in performing searches and represents multiple occurrences of the resource on the [target](#target) platform. Plural resources are used to audit counts, inspect group properties, and have the unique ability to enforce negative tests ("nothing like this should exist") often required by compliance standards. Plural resources are not intended to perform in-depth auditing of an individual; use [singular resources](#singular-resource) for that. - -Plural resources nearly always have a name that ends in 's': `processes`, `aws_security_groups`, `cars`. Plural resources generally do not have [resource-specific matchers](#resource-specific-matcher). If they have properties, they are almost always list properties, meaning that they return a list of values, which may or may not be de-duplicated. - -Plural resources support [filter statements](#filter-statement). See the [resource documentation](/inspec/resources/) for details regarding which [filter criteria](#filter-criteria) are supported on each resource. - -Here, `cars` is a plural resource. - -```ruby -describe cars.where(color: 'blue') do - its('count') { should eq 20 } - its('license_plates') { should include 'AUTOAZUL' } - - # License plates are unique, should have 20 - its('license_plates.count') { should cmp 20 } - - # Manufacturers are de-duplicated - its('manufacturers') { should include 'Subaru' } - its('manufacturers.count') { should be < 10 } -end -``` - -### Profile - -A _`profile`_ is a set of related [controls](#control) in a distributable form. You might have a locally-developed profile that your organization uses to define baseline security on all machines, or you might use a pre-defined profile that implements the requirements of a specific compliance standard. For full details about the capabilities of a profile, see the [profile documentation](/inspec/profiles/). - -Profiles may be distributed locally as a directory tree, as a tarball or zipfile at a URL, as a git repo, and several other ways. Profiles contain metadata, including versioning, and can setup dependency relationships with other profiles. - -Aside from controls, profiles can also contain [custom resources](#custom-resource). If the profile contains only custom resources and no controls, we call it a [resource pack](#resource-pack). - -### Property - -A fact about a [resource](#resource). Typically, you use the [its](#its) keyword to access the property and write a [test](#test) within a [describe block](#describe-block), and then use a [universal matcher](#universal-matcher) to make assertions about the value of the property. - -Each resource has different properties. See the [resource documentation](/inspec/resources/) for details. - -Here, `manufacturer` is a property of the `car` resource. - -```ruby -describe car(owner: 'Tony Clifton') do - its('manufacturer') { should cmp 'Cadillac' } -end -``` - -### Reporter - -An output format for the `inspec exec` command line. Several reporters are available, including JSON and JUnit; see the [inspec exec documentation](/inspec/cli/#exec). - -### Resource - -A _`resource`_ represents a category of things on the [target](#target) you wish to examine. For example, to check for the existence and permissions of a file, you would use the [`file`](/inspec/resources/file/) resource. Chef InSpec offers dozens of different resources, from the highly specialized (such as `aws_security_group`, which examines firewall rules in AWS) to the very general (such as `command`, which runs a command and lets you examine its output). - -Resources are generally categorized as either [singular](#singular-resource) or [plural](#plural-resource), though there are some irregular resources that cannot be cleanly considered one or the other. - -Resources are used within a [describe block](#describe-block) to perform [tests](#test). - -Here, `car` is a resource. - -```ruby -describe car(owner: 'Tony Clifton') do - it { should be_classy } -end -``` - -### Resource Pack - -A _resource pack_ is a type of [profile](#profile) that is used to distribute [custom resources](#custom-resource). This specialized type of profile contains no [controls](#control), but it does contain a `libraries` directory within which Ruby files define custom resources. - -### Resource Parameter - -_`resource parameters`_ are information passed to the resource when they are declared. Typically, resource parameters provide identifying information or connectivity information. Resource parameters are not the same as a [filter statement](#filter-statement). - -Resource parameters vary from resource to resource; refer to the [resource documentation](/inspec/resources/) for details. - -Here, `owner: 'Tony Clifton'` is a resource parameter. - -```ruby -describe car(owner: 'Tony Clifton') do - it { should be_classy } -end -``` - -### Resource-Specific Matcher - -A [matcher](#matcher) that operates directly on the [resource](#resource), as opposed to operating on a property as a [universal matcher](#universal-matcher) does. - -Resource-specific matchers often provide highly customized behavior. Check the [resource documentation](#/inspec/resources/) to discover which resource-specific matchers are available for your resource. - -For example, the hypothetical `car` resource defines a `classy?` method, which is exposed as the `be_classy` matcher in Chef InSpec tests. - -```ruby -describe car(owner: 'Tony Clifton') do - it { should be_classy } -end -``` - -### Singular Resource - -A [resource](#resource) intended to uniquely identify a single object on the [target](#target). Singular resources specialize in providing richer auditing capabilities via resource-specific matchers. Compare to [plural resources](#plural-resource). - -### Target - -The _`target`_ is the OS or API on which Chef InSpec is performing audits. In Chef InSpec 1.x, this was always an operating system target (a bare metal machine, VM, or container). In Chef InSpec 2.x and later, this can be an OS target, or an API target, including cloud providers such as AWS. Chef InSpec is agentless, meaning that the Chef InSpec code and profiles remain on your workstation, and the target is remotely interrogated without installing anything. - -### Test - -A _`test`_ is an individual assertion about the state of the [resource](#resource) or one of its [properties](#property). All tests begin with the keyword [it](#it) or [its](#its). Tests are grouped within a [describe block](#describe-block). - -### Universal Matcher - -A _universal matcher_ is a [matcher](#matcher) that can be used on the [properties](#property) of any type of [resource](#resource). For example, you can use the `cmp` matcher to check the value of properties without having to worry about Ruby type-casting. Universal matchers are almost always used with the [its](#its) keyword. - -Universal matchers are documented on the [Universal Matchers](/inspec/matchers/) page. - -Here, we access the 'color' property, then use the `cmp` universal matcher to compare the property to the 'black' [expected result](#expected-result). - -```ruby -describe car(owner: 'Bruce Wayne') do - its('color') { should cmp 'black' } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/habitat.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/habitat.md deleted file mode 100644 index 609f4bcff1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/habitat.md +++ /dev/null @@ -1,229 +0,0 @@ -+++ -title = "Chef InSpec Integration with Chef Habitat" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Chef Habitat Integration" - identifier = "inspec/chef/Habitat Integration" - parent = "inspec/chef" - weight = 20 -+++ - -Chef InSpec provides an easy method to create an executable Chef Habitat package for a Chef InSpec profile. When run via the Chef Habitat Supervisor, the package will run Chef InSpec with your profile and write out its findings to the supervisor log. This provides the ability to ship your compliance controls alongside your Chef Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.* - -## What is Chef Habitat - -Chef Habitat by Chef Software is our new application automation tool that aims -to make it easy, safe, and fast to build, deploy, and manage applications. From -build dependencies, runtime dependencies, dynamic configuration, and service -discovery (just to name a few), Chef Habitat packages the automation with the -application instead of relying on an underlying platform. - -To learn more about Chef Habitat see the [Habitat documentation](/habitat/). - -## Using the Chef Habitat Integration - -After creating a Chef Habitat package for a Chef InSpec profile (see CLI commands -below) and uploading the package to a Chef Habitat Depot or manually distributing -to a host, start the Chef Habitat Supervisor with your package: - -```bash -hab start effortless/audit-baseline -``` - -The Chef Habitat Supervisor will install Chef InSpec and execute your profile in -a loop. The loop is controlled by two variables: the `interval` and the `splay`. -The `interval` is a set time you want InSpec to run and its default is `1800` -seconds. The `splay` is a randomly generated sleep time that prevents a thundering -herd problem, or resource starvation scenario, when sending your report to an -external server like Chef Automate. The default for the `splay` is also `1800` -seconds. Alternatively, the `splay_first_run` can be set to wait a random period -of time between 0 and the number set for the `splay_first_run` before running -InSpec when your Habitat package is started or updated. The default of the -`splay_first_run` is `0` seconds. - -```bash -HAB_INSPEC_PROFILE_FRONTEND1="interval = 60" hab start effortless/audit-baseline -``` - -The Chef Habitat Supervisor will display output like this: - -```bash -hab start effortless/audit-baseline -∵ Missing package for core/hab-sup/0.17.0 -» Installing core/hab-sup/0.17.0 -↓ Downloading core/hab-sup/0.17.0/20170214235450 - 1.68 MB / 1.68 MB - [=========================================================================] 100.00 % 7.43 MB/s - -... more Chef Habitat output here ... - -hab-sup(MN): Starting effortless/audit-baseline/0.1.0/20170328173005 -hab-sup(CS): effortless/audit-baseline/0.1.0/20170328173005 is not installed -↓ Downloading adamleff-20160617201047 public origin key - 79 B / 79 B | [===============================================================================] 100.00 % 2.64 MB/s -☑ Cached adamleff-20160617201047 public origin key -↓ Downloading chef/inspec/1.17.0/20170321214949 - 16.93 MB / 16.93 MB / [======================================================================] 100.00 % 10.49 MB/s - -... more Chef Habitat output here ... - -★ Install of effortless/audit-baseline/0.1.0/20170328173005 complete with 9 new packages installed. -hab-sup(MR): Butterfly Member ID d9bd761e18c144469d755b1b97406eb2 -hab-sup(MR): Starting butterfly on 0.0.0.0:9638 -hab-sup(MR): Starting http-gateway on 0.0.0.0:9631 -inspec-profile-frontend1.default(SR): Initializing -inspec-profile-frontend1.default(SV): Starting process as user=hab, group=hab -inspec-profile-frontend1.default(O): Executing InSpec effortless/audit-baseline -inspec-profile-frontend1.default(O): InSpec run completed successfully. -inspec-profile-frontend1.default(O): sleeping for 2134 seconds -``` - -The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the Chef InSpec profile, and then shows the supervisor running Chef InSpec successfully. - -Chef InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last Chef InSpec run. For example, for the `effortless/audit-baseline` package, the Chef InSpec results will be at: - -``` -/hab/svc/inspec-profile-frontend1/var/inspec_results/inspec-profile-frontend1.json -``` - -## Chef InSpec Chef Habitat CLI Commands - -### inspec habitat profile create - -Create a Chef Habitat package for a Chef InSpec profile. Chef InSpec will -validate the profile, fetch and vendor any dependencies (if necessary), and build -the Chef Habitat package with a dependency on the latest InSpec. The resulting -package will be saved to the current working directory. - -The package can then be manually uploaded to a Chef Habitat Depot or manually -distributed to a host and installed via `hab pkg install`. - -The package file will be named: - -``` -HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart -``` - -For example: - -``` -adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart -``` - -#### Syntax - -```bash -inspec habitat profile create PROFILE_DIRECTORY -``` - -#### Example - -```bash -inspec habitat profile create ~/profiles/frontend1 -``` - -#### Example Output - -```bash -$ habitat profile create ~/profiles/frontend1 -[2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1 -[2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed... -[2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory... -[2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh... -[2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run... -[2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration... -[2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact... - hab-studio: Destroying Studio at /hab/studios/src (default) - hab-studio: Creating Studio at /hab/studios/src (default) - hab-studio: Importing adamleff secret origin key -» Importing origin key from standard input -★ Imported secret origin key adamleff-20160617201047. -» Installing core/hab-backline -↓ Downloading core/hab-backline/0.19.0/20170311034116 - 2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s - -... more Chef Habitat output here... - -[2017-03-28T13:30:18-04:00] INFO: Copying artifact to /Users/aleff... -``` - -### inspec habitat profile setup - -Create a Chef Habitat directory that includes a plan file in a profile directory. - -This is the same process that is used by `inspec habitat profile create` - but -this adds the generated Chef Habitat directory and file to your system so that -you can commit them to source control. If you commit these files to GitHub, you -can connect that plan to the [Chef Habitat Builder Service](https://www.habitat.sh/docs/using-builder/). - -#### Syntax - -```bash -inspec habitat profile setup PROFILE_DIRECTORY -``` - -#### Example - -```bash -inspec habitat profile setup ~/profiles/frontend1 -``` - -#### Example Output - -```bash -[2018-10-31T23:45:59+00:00] INFO: Setting up profile at /home/nell/profiles/frontend1/ for Habitat... -[2018-10-31T23:45:59+00:00] INFO: Checking to see if the profile is valid... -[2018-10-31T23:45:59+00:00] INFO: Profile is valid. -[2018-10-31T23:45:59+00:00] INFO: Profile's dependencies are already vendored, skipping vendor process. -[2018-10-31T23:45:59+00:00] INFO: Generating Habitat plan at /home/nell/profiles/frontend1/habitat/plan.sh... -``` - -### inspec habitat profile upload - -Create and then upload a Chef Habitat package for a Chef InSpec profile. Like -the `inspec habitat profile create` command, Chef InSpec will validate the profile, -fetch and vendor any dependencies (if necessary), and build the Chef Habitat -package with a dependency on the latest InSpec. However, instead of saving the -package locally to the workstation, Chef InSpec will upload it to the depot -defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, -the package will be uploaded to the public Chef Habitat depot at -[https://app.habitat.sh](https://app.habitat.sh). - -#### Syntax - -```bash -inspec habitat profile upload PROFILE_DIRECTORY -``` - -#### Example - -```bash -inspec habitat profile upload ~/profiles/frontend1 -``` - -#### Example Output - -```bash -[2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1 -[2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed... -[2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory... -[2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh... -[2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run... -[2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration... -[2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact... - hab-studio: Destroying Studio at /hab/studios/src (default) - hab-studio: Creating Studio at /hab/studios/src (default) - hab-studio: Importing adamleff secret origin key -» Importing origin key from standard input -★ Imported secret origin key adamleff-20160617201047. -» Installing core/hab-backline -↓ Downloading core/hab-backline/0.19.0/20170311034116 - 2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s - -... more Chef Habitat output here... - -[2017-03-28T13:30:18-04:00] INFO: Uploading the Habitat artifact to our Depot... -[2017-03-28T13:30:23-04:00] INFO: Upload complete! -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/inputs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/inputs.md deleted file mode 100644 index e41aebada4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/inputs.md +++ /dev/null @@ -1,5 +0,0 @@ -+++ -layout="redirect" -draft = false -redirect_url="/inspec/profiles/inputs/" -+++ \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/inspec_and_friends.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/inspec_and_friends.md deleted file mode 100644 index 00e5039565..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/inspec_and_friends.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "Chef InSpec and Friends" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "RSpec and Serverspec" - identifier = "inspec/friends/inspec_and_friends.md Chef InSpec and friends" - parent = "inspec/friends" - weight = 10 -+++ - -This page looks at projects that are similar to Chef InSpec to explain how they -relate to each other. - -## RSpec - -RSpec is an awesome framework that is widely used by software engineers to test -Ruby code. It enables test-driven development (TDD) and helps developers to write -better code every day. - -Chef InSpec is built on top of RSpec and uses it as the underlying foundation -to execute tests. It uses the key strengths of RSpec, easily execute -tests and a DSL to write tests, but extends the functionality for use as -compliance audits. Chef InSpec ships with custom audit resources that make it -easy to write audit checks and with the ability to run those checks on -remote servers. These audit resources provided know the differences -between operating systems and help you abstract from the local operating -system, similar to other resources you might use in your Chef recipes. - -A complete Chef InSpec rule looks like: - -```ruby -control "sshd-11" do - impact 1.0 - title "Server: Set protocol version to SSHv2" - desc "Set the SSH protocol version to 2. Don't use legacy - insecure SSHv1 connections anymore." - tag security: "level-1" - tag "openssh-server" - ref "Server Security Guide v.1.0", url: "http://..." - - describe sshd_config do - its('Protocol') { should eq('2') } - end -end -``` - -That said, Chef InSpec is not RSpec. Some key differences: - -- In InSpec, `describe` blocks should not be nested; instead use `control` blocks - to describe a higher-level grouping of tests. -- The RSpec `shared_example` construct is not supported. Instead, create a simple - custom resource that executes repetitious tasks. -- Chef InSpec is aimed at compliance practitioners and infrastructure testers, so - our focus is providing a few, well-supported, easy-to-use [universal matchers](/inspec/matchers/), - such as `cmp`. In contrast, RSpec is a tool designed for software engineers. - It thus supports a very large range of matchers, to enable testing of software - engineering constructs such as exceptions, Object Oriented Programming relationships, - and so on. -- While Chef InSpec uses parts of the RSpec project and codebase, it is a - separate project from InSpec. Rspec's release schedule and feature set are beyond - the control of the Chef InSpec team. While it is possible to use many of the - RSpec core features within Chef InSpec profiles, Chef InSpec can only guarantee - that the features described in the [InSpec documentation](/inspec/) will - function correctly. Some RSpec core functionality may be removed in future - versions of Chef InSpec as needed to ensure stability in the Chef InSpec project. - -## Serverspec - -Serverspec is the first extension of RSpec that enabled -users to run RSpec tests on servers to verify deployed artifacts. It was -created in March 2013 by Gosuke Miyashita and has been widely adopted. -It is also one of the core test frameworks within test-kitchen and has -been widely used within the Chef ecosystem. Chef InSpec takes lessons learned -implementing and using Serverspec and builds on them to make auditing -and compliance easier. - -Lessons learned from Serverspec include: - -- IT, compliance, and security professional require metadata beyond what Serverspec - offers, such as criticality, to fully describe controls. -- Setting up and running the same tests across multiple machines must be easy. -- It must be easy to locate, debug, and extend operating system-dependent code. -- It must be easy to extend the language and create custom resources. -- It must run multiple tests simultaneously. -- Support for Windows is a first-class requirement. -- A command line interface (CLI) is required for faster iteration of test code. - -You can also watch this [podcast](http://foodfightshow.org/2016/02/inspec.html) -to find out more on the relationship between Chef InSpec and Serverspec. - -### How is Chef InSpec different from Serverspec - -One of the key differences is that Chef InSpec targets more user groups. It -is optimized for DevOps, Security, and Compliance professionals. -Additional metadata, such as impact, title, and description, make it -easier to fully describe the controls which makes it easier to share the -controls with other departments. This enables Security departments to -prioritize rules. DevOps teams use this information to focus on the most -critical issues to remediate. - -```ruby -control "sshd-11" do - impact 1.0 - title "Server: Set protocol version to SSHv2" - desc "Set the SSH protocol version to 2. Don't use legacy - insecure SSHv1 connections anymore." - tag security: "level-1" - tag "openssh-server" - ref "Server Security Guide v.1.0" url: "http://..." - - describe sshd_config do - its('Protocol') { should cmp 2 } - end -end -``` - -**Why not fork Serverspec?** - -Chef InSpec started as an extension of Serverspec. As the extension grew, it -became clear that a new library was required. Creating and maintaining a -fork was not practical so a new project was born. - -**Will Chef InSpec only work on machines managed by Chef?** - -No, Chef InSpec can be used on any machine. It does not matter if that machine -was configured by Chef Infra or configured lovingly by the hands of your local -System Administrator. - -**Is Chef InSpec a replacement of Serverspec?** - -Chef InSpec is intended to be a drop-in replacement of Serverspec. Popular -Serverspec resources have been ported to InSpec. It changed some -behavior as documented in our migration guide. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/install.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/install.md deleted file mode 100644 index e191330991..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/install.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "Install Chef InSpec" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Install" - identifier = "inspec/install/install" - parent = "inspec/install" - weight = 20 -+++ - -Use [Chef Downloads](https://www.chef.io/downloads), an installer, script, or package manager to install Chef InSpec. - -To see which platforms and platform versions Chef InSpec is supported on, see the [InSpec's platforms documentation](/inspec/platforms/). - -## macOS - -### CLI - -You can install Chef InSpec using a curl script. - -```bash -curl -L https://chefdownload-commercial.chef.io/install.sh?license_id= | sudo bash -s -- -P inspec -``` - -Replace `` with your license ID. - -For more information about the install script, see the [Chef Install Script documentation](/chef_install_script/). - -## Windows - -### Installer - -Download a Windows Chef InSpec package from [Chef Downloads](https://www.chef.io/downloads), -then double-click on the `.msi` file to launch the installer and follow the prompts. - -### Powershell - -You can install Chef InSpec using the following Powershell script. - -```powershell -. { iwr -useb https://chefdownload-commercial.chef.io/install.ps1?license_id= } | iex; install -project inspec -``` - -Replace `` with your license ID. - -For more information about the install script, see the [Chef Install Script documentation](/chef_install_script/). - -Once you have installed Chef InSpec, run `inspec version` to verify that the installation -was successful. - -## Linux - -### CLI - -The following curl script will install Chef InSpec for Ubuntu and Red Hat Enterprise Linux: - -```bash -curl https://chefdownload-commercial.chef.io/install.sh?license_id= | sudo bash -s -- -P inspec -``` - -Replace `` with your license ID. - -For more information about the install script, see the [Chef Install Script documentation](/chef_install_script/). - -If you prefer, you can use a package manager to install Chef InSpec. -Once you downloaded the latest [Chef InSpec package](https://www.chef.io/downloads) -relevant to your Linux-based platform, use the command for the respective package -manager listed below. Replace the example file path with the file path leading to -your downloaded package. - -For Ubuntu, use the following command to install Chef InSpec: - -```bash -sudo dpkg -i /path/to/inspec.deb -``` - -For Red Hat Enterprise Linux, use the following command to install Chef InSpec: - -```bash -sudo rpm -U /path-to/inspec.rpm -``` - -For SUSE Linux Enterprise Server, use the following command to install Chef InSpec: - -```bash -sudo zypper install /path-to/inspec.rpm -``` - -## Next steps - -After installing Chef InSpec, you must accept the Chef EULA and---starting with **Chef InSpec 6**---add a license key. -See the [Chef InSpec license documentation](/inspec/license/) to complete these tasks. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/license.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/license.md deleted file mode 100644 index ba64ebadc5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/license.md +++ /dev/null @@ -1,221 +0,0 @@ -+++ -title = "License Chef InSpec" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "License" - identifier = "inspec/install/license" - parent = "inspec/install" - weight = 30 -+++ - -Before running Chef InSpec, you must accept the Chef EULA and---starting with **Chef InSpec 6**---add a license key. - -Chef InSpec accepts a license key using one of two methods: - -- by setting a license key with an [environment variable or using the InSpec CLI](#license-key) -- by retrieving a license key from a [Chef Local License Service URL](#chef-local-license-service) - -For more information on Chef licenses, see [Chef's licensing documentation](/licensing/). - -You can [request a trial license](https://www.chef.io/licensing/inspec/license-generation-free-trial) if you'd like to try out InSpec. - -## Accept the Chef EULA - -You must accept the [Chef End User License Agreement (EULA)](https://www.chef.io/end-user-license-agreement) before running Chef InSpec using one of two methods. - -- [command line option](#command-line-option) -- [environment variable](#environment-variable) - -If no command line argument or environment variable is set, Chef InSpec requests acceptance through an interactive prompt. If the prompt can't be displayed, then the product will fail with exit code 172. - -If the product attempts to persist the accepted license and fails, Chef InSpec sends a message to STDOUT and continues to run. In a future invocation, you will need to accept the license again. - -### Command line option - -Use the `--chef-license ` argument to accept the Chef EULA. - -```sh -inspec exec --chef-license -``` - -Replace `` with one of the following options. - -`accept` -: Accept the license and attempts to persist a marker file locally. Persisting these marker files means future invocations don't require accepting the license again. - -`accept-silent` -: Similar to `accept`, but no messaging is sent to STDOUT. - -`accept-no-persist` -: Similar to `accept-silent`, but no marker file is persisted. Future invocation will require accepting the license again. - -### Environment variable - -Use the `CHEF_LICENSE=""` environment variable to accept the Chef EULA. - -```sh -export CHEF_LICENSE="" -inspec exec -``` - -Replace `` with one of the following options. - -`accept` -: Accept the license and attempts to persist a marker file locally. Persisting these marker files means future invocations don't require accepting the license again. - -`accept-silent` -: Similar to `accept`, but no messaging is sent to STDOUT. - -`accept-no-persist` -: Similar to `accept-silent`, but no marker file is persisted. Future invocation will require accepting the license again. - -## License key - -You can add a license key to Chef InSpec using one of three methods: - -- [interactive license dialog](#interactive-license-dialog) -- [command line option](#command-line-option-1) -- [environment variable](#environment-variable-1) - -{{< note >}} - -Existing commercial customers of Progress Chef may use an asset serial number from the [Progress support portal](https://community.progress.com/s/products/chef) as a license key. - -{{< /note >}} - -### Interactive license dialog - -The easiest way to provide a license key to Chef InSpec is to run Chef InSpec. -Run any major top-level command (such as `inspec exec`, `inspec check`, or `inspec shell`) and InSpec will start an interactive licensing dialog -if no license key is already set and it doesn't detect an automated method of setting the license key. - -1. To start the interactive licensing dialog, run a top-level command such as `inspec shell`. - -1. At the first prompt, select **I already have a license ID**. - - ```bash - inspec shell - ------------------------------------------------------------ - License ID Validation - - To continue using Chef InSpec, a license ID is required. - (Free, Trial, or Commercial) - - If you generated a license previously, you might - have received it in an email. - - If you are a commercial user, you can also find it in the - supportlink.chef.io portal. - ------------------------------------------------------------ - - Please choose one of the options below (Press ↑/↓ arrow to move and Enter to select) - ‣ I already have a license ID - I don't have a license ID and would like to generate a new license ID - Skip - ``` - -1. Enter your license key at the second prompt. - - ```bash - Please choose one of the options below I already have a license ID - Please enter your license ID: - ✔ [Success] License validated successfully. - ------------------------------------------------------------ - License Details - Asset Name : InSpec - License ID : - Type : Trial - Status : Active - Validity : Unlimited - No. Of Units : 10 Targets - ------------------------------------------------------------ - Welcome to the interactive InSpec Shell - To find out how to use it, type: help - - You are currently running on: - - Name: mac_os_x - Families: darwin, bsd, unix, os - Release: 22.5.0 - Arch: arm64 - - inspec> exit - ``` - -Chef InSpec validates the license key, displays information about the license entitlements, and then runs `inspec shell` as requested. -Chef InSpec stores license keys for future use and will not prompt you for the license key for the duration of your license. - -### Command line option - -You can set the license key in the command line using the `--chef-license-key` option. -You may provide this argument to most Chef InSpec CLI main commands, however some plugins may not support the flag. - -```bash -inspec exec --chef-license-key -``` - -### Environment variable - -You can set the license key using the `CHEF_LICENSE_KEY` environment variable. -Chef InSpec will read the license key from the variable and attempt to validate the key. -If successful, InSpec saves the key and will not prompt you for it the next time you run InSpec. - -```bash -export CHEF_LICENSE_KEY= -inspec exec -``` - -## Chef Local License Service - -For large or isolated (air-gapped) fleets, Chef InSpec can retrieve a license key from a [Chef Local License Service](/licensing/local_license_service/). -With Chef Local License Service, InSpec users do not need to know a license key---only the service URL(s). - -Chef InSpec sends a request to the Local License Service for a list of license keys and then uses that response to license itself during execution. -InSpec will not prompt you for a license key. -Chef InSpec does not store license keys for long-term use when they are retrieved from a Chef Local License Service. - -Use one of the following methods to set a Local License Service URL. - -- [command line option](#command-line-option-2) -- [environment variable](#environment-variable-2) - -### Command line option - -Use the `--chef-license-server` command line option to set a Chef Local License Service URL. - -```bash -inspec exec --chef-license-server https://license-server.example.com -``` - -### Environment variable - -Use the `CHEF_LICENSE_SERVER` environment variable to set a Chef Local License Service URL. - -```bash -export CHEF_LICENSE_SERVER=https://license-server.example.com -inspec exec -``` - -#### Multiple license servers - -You can set multiple Chef Local License Services, which provides resiliency and redundancy for managing licenses. - -Enter up to five Chef Local License Service URLs as a comma-separated list. Chef InSpec will try each URL and use the first one that works. - -```bash -export CHEF_LICENSE_SERVER=https://license-server-01.example.com,https://license-server-02.example.com -inspec exec -``` - -This capability is basic and you must synchronize the license servers, otherwise you may get inconsistent results. - -## Licensing Telemetry service - -The Chef Licensing Telemetry service gathers product activation, product usage trends and statistics, environment information, bugs, and other data related to the use of Chef InSpec. - -This feature is enabled for free and trial tiers only and isn't enabled for commercial users. - -For more information on the data gathered by the Licensing Telemetry service, see the [Progress Privacy Policy](https://www.progress.com/legal/privacy-policy). diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md deleted file mode 100644 index f19b1a7672..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md +++ /dev/null @@ -1,163 +0,0 @@ -+++ -title = "Chef InSpec Universal Matchers Reference" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Matchers" - identifier = "inspec/reference/matchers.md Matchers" - parent = "inspec/reference" - weight = 40 -+++ - -Chef InSpec uses **matchers**, a testing framework based on [RSpec](https://rspec.info/), to help compare resource values to expectations. The following matchers are available: - -- [`be`](#be) - makes numeric comparisons. -- [`be_in`](#be_in) - looks for the property value in a list. -- [`cmp`](#cmp) - checks the equality (general-use). -- [`eq`](#eq) - checks the type-specific equality. -- [`include`](#include) - looks for an expected value in a list-valued property. -- [`match`](#match) - looks for patterns in text using regular expressions. - -You can use any matcher provided by [RSpec::Expectations](https://relishapp.com/rspec/rspec-expectations/docs); however, these matchers are not [supported by InSpec](/inspec/inspec_and_friends/#rspec). - -## be - -Use the `be` matcher with comparison operators, and use numbers and not strings for these comparisons. For example: - -```ruby -describe file('/proc/cpuinfo') do - its('size') { should be >= 10 } - its('size') { should be < 1000 } -end -``` - -## be_in - -`be_in` verifies if an item is included in a list. For example: - -```ruby -describe resource do - its('item') { should be_in LIST } -end -``` - -## cmp - -Unlike [`eq`](#eq), `cmp` makes less restrictive comparisons. It tries to fit the actual value to the type you are comparing. This matcher is meant to relieve the user from having to write type casts and resolutions. - -Examples: - -```ruby -describe sshd_config do - its('Protocol') { should cmp 2 } -end - -describe passwd.uid(0) do - its('users') { should cmp 'root' } -end -``` - -The `cmp` matcher compares values in the following ways: - -- `cmp` can compare strings to numbers: - - ```ruby - describe sshd_config do - # Only '2' works - its('Protocol') { should eq '2' } - - # Both of these work - its('Protocol') { should cmp '2' } - its('Protocol') { should cmp 2 } - end - ``` - -- `cmp` comparisons are not case sensitive: - - ```ruby - describe auditd_conf do - its('log_format') { should cmp 'raw' } - its('log_format') { should cmp 'RAW' } - end - ``` - -- `cmp` recognizes versions embedded in strings: - - ```ruby - describe package('curl') do - its('version') { should cmp > '7.35.0-1ubuntu2.10' } - end - ``` - -- `cmp` can compare a single-value array with a string to a value: - - ```ruby - describe passwd.uids(0) do - its('users') { should cmp 'root' } - its('users') { should cmp ['root'] } - end - ``` - -- `cmp` can compare a single-value array with a string to a regular expression: - - ```ruby - describe auditd_conf do - its('log_format') { should cmp /raw/i } - end - ``` - -- `cmp` allows octal comparisons: - - ```ruby - describe file('/proc/cpuinfo') do - its('mode') { should cmp '0345' } - end - - expected: 0345 - got: 0444 - ``` - -## eq - -`eq` tests for exact equality of two values. For example: - -```ruby -describe sshd_config do - its('RSAAuthentication') { should_not eq 'no' } - its('Protocol') { should eq '2' } -end -``` - -`eq` fails if types do not match. When comparing configuration entries that take numerical values, do not use quotes as it becomes a string. - -```ruby -its('Port') { should eq '22' } -# passes - -its('Port') { should eq 22 } -# fails: '2' != 2 (string vs integer) -``` - -Use [`cmp`](#cmp) for less restrictive comparisons. - -## include - -`include` verifies if a value is included in a list. For example: - -```ruby -describe passwd do - its('users') { should include 'my_user' } -end -``` - -## match - -`match` checks if a string matches a regular expression. For example: - -```ruby -describe sshd_config do - its('Ciphers') { should_not match /cbc/ } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/migration.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/migration.md deleted file mode 100644 index 1f3a4953f9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/migration.md +++ /dev/null @@ -1,300 +0,0 @@ -+++ -title = "Serverspec Migration Guide" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Migration from Serverspec" - identifier = "inspec/friends/migration.md Migration from Serverspec" - parent = "inspec/friends" - weight = 20 -+++ - -## How is Chef InSpec different from Serverspec - -We've written a complete blog post about that topic: [The Road to InSpec](https://www.chef.io/blog/the-road-to-inspec) - -## Is Chef InSpec suitable for infrastructure testing? - -Chef InSpec is a framework that allows you to run infrastructure testing as well as compliance testing. The compliance features are always optional and provide customers a way to use Chef InSpec for both use-cases. To ensure we build the best infrastructure testing, we migrate our cookbooks [chef-cookbooks](https://github.com/chef-cookbooks) to InSpec. - -## Which Serverspec resources are available in InSpec? - -The following resources are available in Chef InSpec: - -| Serverspec | Chef InSpec | -|:------------------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:| -| [`bond`](http://serverspec.org/resource_types.html#bond) | [`bond`](/inspec/resources/bond/) | -| [`bridge`](http://serverspec.org/resource_types.html#bridge) | [`bridge`](/inspec/resources/bridge/) | -| [`command`](http://serverspec.org/resource_types.html#command) | [`command`](/inspec/resources/command/) | -| [`cron`](http://serverspec.org/resource_types.html#cron) | [`crontab`](/inspec/resources/crontab/) | -| [`docker_container`](http://serverspec.org/resource_types.html#docker_container) | [`docker_container`](/inspec/resources/docker_container/) | -| [`docker_image`](http://serverspec.org/resource_types.html#docker_image) | [`docker_image`](/inspec/resources/docker_image/) | -| [`file`](http://serverspec.org/resource_types.html#file) | [`file`](/inspec/resources/file/) | -| [`group`](http://serverspec.org/resource_types.html#group) | [`group`](/inspec/resources/group/) | -| [`host`](http://serverspec.org/resource_types.html#host) | [`host`](/inspec/resources/host/) | -| [`interface`](http://serverspec.org/resource_types.html#interface) | [`interface`](/inspec/resources/interface/) | -| [`iis_website`](http://serverspec.org/resource_types.html#iis_website) | [`iis_site`](/inspec/resources/iis_site/) | -| [`iis_app_pool`](http://serverspec.org/resource_types.html#iis_app_pool) | [`iis_app`](/inspec/resources/iis_app/) | -| [`iptables`](http://serverspec.org/resource_types.html#iptables) | [`iptables`](/inspec/resources/iptables/) | -| [`kernel_module`](http://serverspec.org/resource_types.html#kernel_module) | [`kernel_module`](/inspec/resources/kernel_module/) | -| [`linux_kernel_parameter`](http://serverspec.org/resource_types.html#linux_kernel_parameter) | [`kernel_parameter`](/inspec/resources/kernel_parameter/) | -| [`mysql_config`](http://serverspec.org/resource_types.html#mysql_config) | [`mysql_conf`](/inspec/resources/mysql_conf/) | -| [`package`](http://serverspec.org/resource_types.html#package) | [`package`](/inspec/resources/package/) | -| [`port`](http://serverspec.org/resource_types.html#port) | [`port`](/inspec/resources/port/) | -| [`ppa`](http://serverspec.org/resource_types.html#ppa) | [`apt`](/inspec/resources/apt/) | -| [`process`](http://serverspec.org/resource_types.html#process) | [`processes`](/inspec/resources/processes/) | -| [`service`](http://serverspec.org/resource_types.html#service) | [`service`](/inspec/resources/service/) | -| [`user`](http://serverspec.org/resource_types.html#user) | [`user`](/inspec/resources/user/) | -| [`windows_feature`](http://serverspec.org/resource_types.html#windows_feature) | [`windows_feature`](/inspec/resources/windows_feature/) | -| [`windows_registry_key`](http://serverspec.org/resource_types.html#windows_registry_key) | [`registry_key`](/inspec/resources/registry_key/) | -| [`x509_certificate`](http://serverspec.org/resource_types.html#x509_certificate) | [`x509_certificate`](/inspec/resources/x509_certificate/) | -| [`yumrepo`](http://serverspec.org/resource_types.html#yumrepo) | [`yum`](/inspec/resources/yum/) | -| [`zfs`](http://serverspec.org/resource_types.html#zfs) | [`zfs_pool`](/inspec/resources/zfs_pool/) | - -Some Serverspec resources are not available yet. We will implement those resources based on user feedback. If you need a resource that is not available in InSpec, please open an [Github issue](https://github.com/chef/inspec/issues). The list of resources that are not available in InSpec: - -* [`cgroup`](http://serverspec.org/resource_types.html#cgroup) -* [`default_gateway`](http://serverspec.org/resource_types.html#default_gateway) -* [`ip6tables`](http://serverspec.org/resource_types.html#ip6tables) -* [`ipfilter`](http://serverspec.org/resource_types.html#ipfilter) -* [`ipnat`](http://serverspec.org/resource_types.html#ipnat) -* [`linux_audit_system`](http://serverspec.org/resource_types.html#linux_audit_system) -* [`lxc`](http://serverspec.org/resource_types.html#lxc) -* [`mail_alias`](http://serverspec.org/resource_types.html#mail_alias) -* [`php_config`](http://serverspec.org/resource_types.html#php_config) -* [`routing_table`](http://serverspec.org/resource_types.html#routing_table) -* [`selinux`](http://serverspec.org/resource_types.html#selinux) -* [`selinux_module`](http://serverspec.org/resource_types.html#selinux_module) -* [`x509_private_key`](http://serverspec.org/resource_types.html#x509_private_key) - -In addition Chef InSpec provides additional [resources](/inspec/resources/) that are not available in Serverspec: - -* [`apache_conf`](/inspec/resources/apache_conf/) -* [`apt`](/inspec/resources/apt/) -* [`audit_policy`](/inspec/resources/audit_policy/) -* [`auditd_conf`](/inspec/resources/auditd_conf/) -* [`bash`](/inspec/resources/bash/) -* [`csv`](/inspec/resources/csv/) -* [`shadow`](/inspec/resources/shadow/) -* [`gem`](/inspec/resources/gem/) -* [`grub_conf`](/inspec/resources/grub_conf/) -* [`inetd_conf`](/inspec/resources/inetd_conf/) -* [`ini`](/inspec/resources/ini/) -* [`json`](/inspec/resources/json/) -* [`npm`](/inspec/resources/npm/) -* [`ntp_conf`](/inspec/resources/ntp_conf/) -* [`oneget`](/inspec/resources/oneget/) -* [`pip`](/inspec/resources/pip/) -* [`powershell`](/inspec/resources/powershell/) -* [`security_policy`](/inspec/resources/security_policy/) -* [`ssh_config`](/inspec/resources/ssh_config/) -* [`sshd_config`](/inspec/resources/sshd_config/) -* [`sys_info`](/inspec/resources/sys_info/) - -## How do I migrate my Serverspec tests to InSpec - -For most cases, the migration to Chef InSpec is pretty straight forward. First, replace the current verifier in `kitchen.yml` configuration with: - -```yaml -verifier: - name: inspec -``` - -Second, rename the directory `test/integration/default/serverspec` to -`test/integration/default/inspec` - -Third, remove the Serverspec-specific code from the test files. - -``` -require 'serverspec' - -# Required by serverspec -set :backend, :exec -``` - -Chef InSpec is now configured with Test-Kitchen: - -```bash -kitchen verify package-install-centos-72 ------> Starting Kitchen (v1.14.2) ------> Verifying ... - Detected alternative framework tests for `inspec` - Loaded - -Target: ssh://vagrant@127.0.0.1:2200 - - - PHP has - ✔ php - ✔ the pear.php.net channel - ✔ the pecl.php.net channel - -Test Summary: 3 successful, 0 failures, 0 skipped - Finished verifying (0m0.40s). ------> Kitchen is finished. (0m3.31s) -``` - -Some real-world migrations are available: - -* [docker](https://github.com/chef-cookbooks/docker) -* [nginx](https://github.com/chef-cookbooks/chef_nginx/pull/5/files) -* [mysql](https://github.com/chef-cookbooks/mysql/pull/430/files) -* [php](https://github.com/chef-cookbooks/php/pull/189/files) - -Some general recommendations: - -* use test-kitchen 1.14+ -* in case of errors, increase the log level `kitchen verify package-install-centos-72 -l debug` - -## Do I still need the backend configuration? - -Chef InSpec does not attach backend information to test files. All tests are defined independently of any backend. Therefore a Serverspec test file: - -```ruby -require 'serverspec' - -# Required by serverspec -set :backend, :exec - -describe 'PHP' do - it 'has php' do - expect(command('php -v').exit_status).to eq(0) - end - - it 'has the pear.php.net channel' do - expect(command('pear list-channels').stdout).to include('pear.php.net') - end - - it 'has the pecl.php.net channel' do - expect(command('pear list-channels').stdout).to include('pecl.php.net') - end -end -``` - -will become the following Chef InSpec test file: - -```ruby -describe 'PHP' do - it 'has php' do - expect(command('php -v').exit_status).to eq(0) - end - - it 'has the pear.php.net channel' do - expect(command('pear list-channels').stdout).to include('pear.php.net') - end - - it 'has the pecl.php.net channel' do - expect(command('pear list-channels').stdout).to include('pecl.php.net') - end -end -``` - -As you can see, the Chef InSpec test files just focuses on tests and tries to avoid all clutter. - -## Nested describe blocks - -Serverspec and RSpec allow you to define nested describe blocks. We did a survey and found out that most users use nested describe blocks only to improve their output report. We believe the code structure should not change to improve the output of a report. Nevertheless we understand that nested describe blocks help you to structure test code. A sample code block looks like: - -```ruby -describe 'chef-server-directories' do - describe file('/etc/opscode') do - it { should be_directory } - it { should be_owned_by 'root' } - end - - describe file('/etc/opscode-analytics') do - it { should be_directory } - it { should be_owned_by 'opscode' } - it { should be_grouped_into 'opscode' } - end - - describe file('/var/log/opscode') do - it { should be_directory } - it { should be_owned_by 'opscode' } - it { should be_grouped_into 'opscode' } - end - - describe file('/var/opt/opscode') do - it { should be_directory } - it { should be_owned_by 'root' } - end -end -``` - -In Chef InSpec you would split up groups into files. - -``` -tests -├── server-directories.rb -├── other-tests.rb -└── further-tests.rb -``` - -Each file can have a top-level description of its content: - -```ruby -title "Chef Server Directories" - -describe file('/etc/opscode') do - it { should be_directory } - it { should be_owned_by 'root' } -end - -describe file('/etc/opscode-analytics') do - it { should be_directory } - it { should be_owned_by 'opscode' } - it { should be_grouped_into 'opscode' } -end - -describe file('/var/log/opscode') do - it { should be_directory } - it { should be_owned_by 'opscode' } - it { should be_grouped_into 'opscode' } -end - -describe file('/var/opt/opscode') do - it { should be_directory } - it { should be_owned_by 'root' } -end - -``` - -## Are you supporting the `expect` syntax? - -Of course. We still prefer the `should` syntax for UX reasons. We did surveys with various types of customers like devops engineers, auditors, managers. All participants who preferred the `expect` syntax have been Ruby experts. All non-Ruby developers found it easier to understand the `should` syntax. - -### `should` syntax with InSpec - -```ruby -describe command('php -v') do - its('exit_status') { should eq 0 } -end - -describe command('pear list-channels') do - its('stdout') { should include('pear.php.net')} -end - -describe command('pear list-channels') do - its('stdout') { should include('pecl.php.net')} -end -``` - -### `expect` syntax with InSpec - -```ruby -describe 'PHP' do - it 'has php' do - expect(command('php -v').exit_status).to eq(0) - end - - it 'has the pear.php.net channel' do - expect(command('pear list-channels').stdout).to include('pear.php.net') - end - - it 'has the pecl.php.net channel' do - expect(command('pear list-channels').stdout).to include('pecl.php.net') - end -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/parallel.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/parallel.md deleted file mode 100644 index 22cf9720ee..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/parallel.md +++ /dev/null @@ -1,237 +0,0 @@ -+++ -title = "Chef InSpec Parallel" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Parallel" - identifier = "inspec/parallel.md InSpec Parallel" - parent = "inspec" - weight = 80 -+++ - -Chef InSpec Parallel can automatically manage multiple profile executions in parallel on a system targeting several remote systems and environments. -It manages multiple processes, their status updates, their exit codes, and user updates. -All target operating systems and environments that can be addressed using `--target` are supported, and it is supported on Windows, MacOS, and Linux environments. - -InSpec Parallel is a new feature in **Chef InSpec 6**. - -{{< note >}} - -Currently, `inspec parallel` only supports the `exec` command. - -{{< /note >}} - -## How to use InSpec Parallel - -The following example shows you how to execute the **Dev-Sec SSH Baseline** profile against five servers in parallel using `inpec parallel exec`. - -1. Create an [option file](#option-file) that contains the CLI options that are passed to `inspec exec parallel`. - - The option file contains one invocation per line and specifies all options in each invocation. - - ```text - # five-servers.txt - # Option file for running against multiple SSH targets - -t ssh://server1 --reporter cli:server1.out - -t ssh://server2 --reporter cli:server2.out - -t ssh://server3 --reporter cli:server3.out - -t ssh://server4 --reporter cli:server4.out - -t ssh://server5 --reporter cli:server5.out - ``` - -1. Specify the option file that InSpec Parallel executes using the `-o` or `--option_file` flag in the InSpec CLI. - - ```bash - inspec parallel exec https://github.com/dev-sec/ssh-baseline -o five-servers.txt -i file_name.pem - ``` - -As InSpec Parallel runs, it shows the progress (percentage of controls completed) of each invocation, the process ID of each job, and writes log and error data to the `logs/` directory with each log file named after the process ID. - -```bash -Press CTL+C to stop - InSpec Parallel - Running 5 invocations in 4 slots ------------------------------------------------------------------------------------------------------------------------------------------ - Slot 1 Slot 2 Slot 3 Slot 4 ------------------------------------------------------------------------------------------------------------------------------------------ - 50132: 0.0% 50133: 12.5% 50134: 12.5% Done -``` - -## Option file - -An option file is a text file that contains options passed to `inspec parallel`. -Chef InSpec ignores comments (starting with a `#`) and blank lines in an option file. -Chef InSpec invokes `inspec parallel` on each non-commented and non-blank line. - -The only requirement is that every invocation in an option file must have a `--reporter` option. -The reporter option must write to a file or use the `automate` reporter to send an API post to a Chef Automate service. -For details of the available reporters and the full syntax of the reporter option, see the [Chef InSpec Reporter documentation]({{< relref "/inspec/reporters" >}}). - -The simplest option file might look like this: - -```text -# simple.txt -# Run five invocations, saving the output as ordinal names ---reporter cli:first.out ---reporter cli:second.out ---reporter cli:third.out ---reporter cli:fourth.out ---reporter cli:fifth.out -``` - -For this example, InSpec Parallel would run the same profile on the same target five times, it would send the output to each of the five reporters listed in the option file, and you would specify the target and profile when you invoke `inspec parallel exec` in the command line. - -You can pass any options on the invocation line, including `--controls` (to divide a profile into sections), `--input` (to parameterize a profile and possibly target different resources), and `--target` (to target different machines or environments). - -See the [Examples section](#examples) for more detail on how you can use an option file. - -### Embedded Ruby templating - -You can add Embedded RuBy (ERB) template escapes and Chef InSpec will evaluate it as an ERB template. -You can directly embed Ruby code into your option file, including loops and conditionals. -The rendered output of the option file is used as invocations. -This is especially useful with the `--dry-run` option. - -The most common ERB templating is to use the `pid` variable to reference the process ID of the child process. -See the [Examples](#name-json-output-files-with-process-id) section for more information. - -### Executable script - -If the name of the option file ends in `.sh` (MacOS, Linux) or `.ps1` (Windows), InSpec Parallel executes the script and uses the standard output as the option file. - -{{< note >}} - -This feature is experimental and we would love to hear [feedback](https://github.com/inspec/inspec/issues/new/choose) from you. - -{{< /note >}} - -## Options - -InSpec Parallel accepts options from the subcommand that it's managing. It also accepts the following options: - -`--bg` -: The `--bg` option silences all output from the command and runs it in the background. InSpec Parallel will still write log files with the `--bg` option. - -`--dry-run` -: The `--dry-run` option interprets the option file but does not execute it. Chef InSpec outputs the lines that would have been executed to the standard output. If you add `--verbose`, you can see all the CLI defaults that implicitly get added. - -: {{< note >}} - - When calling `--dry-run`, you may notice that an extra reporter gets added to your invocation, `--reporter child-status`. This reporter is a special streaming reporter used to report status from the running child processes to the parent process and is a necessary part of the plumbing of InSpec Parallel. - - {{< /note >}} - -`-j` -`--jobs` -: Use the `-j` or `--jobs` option to specify how many job slots InSpec Parallel uses. - InSpec Parallel defaults to the number of hyperthreaded cores on your machine (for example, a dual-core machine with hyperthreading defaults to four jobs). - The default is usually reasonable, but experimentation may be rewarding. - -`-o` -`--option_file` -: Use the `-o` or `--option_file` option in the command line to specify the option file that InSpec Parallel will run. - -## Examples - -### Use the same options for each invocation - -`inspec parallel exec` accepts all options that `inspec exec` does and passes them to each invocation as defaults. -This means that you do not have to specify repetitive options that are constant across all the invocations in an option file. - -For example, if all machines take the same SSH key, you can specify it once on the top-level command line. - -```text -# three-servers.txt -# Option file for running against multiple SSH targets --t ssh://server1 --reporter cli:server1.out --t ssh://server2 --reporter cli:server2.out --t ssh://server3 --reporter cli:server3.out -``` - -```bash -inspec parallel exec profile_name -o three-servers.txt -i file_name.pem -``` - -### Name JSON output files with process ID - -In this example, the `json` reporter saves output log files in the `logs` directory and names each one after the process ID using the `pid` ERB variable. -This technique would work with any [reporter]({{< relref "/inspec/reporters" >}}) that can write to a file. - -```text -# pid-named-output.txt -# Option file in which the output is named after the PID of the process ---reporter json:logs/<%= pid %>.json ---reporter json:logs/<%= pid %>.json ---reporter json:logs/<%= pid %>.json ---reporter json:logs/<%= pid %>.json -``` - -After this profile is executed, the `logs` directory would have the following files: - -- 1000.log -- 1000.json -- 1001.log -- 1001.json -- 1002.log -- 1002.json -- 1003.log -- 1003.json - -### Run the same profile on different targets - -You can run the same profile on multiple targets by specifying each target in the option file using the `-t` or `--target` option. - -```text -# five-servers.txt -# Option file for running against multiple SSH targets --t ssh://server1 --reporter cli:server1.out --t ssh://server2 --reporter cli:server2.out --t ssh://server3 --reporter cli:server3.out --t ssh://server4 --reporter cli:server4.out --t ssh://server5 --reporter cli:server5.out -``` - -Then specify the profile and the option file in the command line. - -```bash -inspec parallel exec https://github.com/dev-sec/ssh-baseline -o five-servers.txt -i file_name.pem -``` - -If you have many or variable targets to run against, consider using ERB templating to read the list of targets after reading them from a CSV file or connecting to an API. You can also use a script to list your targets. - -### Run different profiles on the same target - -To run different profiles on the same target, specify the profile at the front of the invocation in the option file. - -```text -# multi-profile.txt -https://github.com/dev-sec/ssh-baseline --reporter cli:ssh-baseline.out -https://github.com/dev-sec/linux-baseline --reporter cli:linux-baseline.out -``` - -Then invoke InSpec parallel by passing the target as a top-level option and a dummy name for the profile. - -```bash -inspec parallel exec dummy -o multi-profile.txt -t ssh://server -``` - -### Run different parts of a profile in parallel - -If your profile has well-named control IDs, you can use the `--controls` option to divide the profile into sections. -Suppose that your profile has sections named **C**, **S**, and **N** and the controls in each section have control IDs that start with the given letter, -then you can create an option file that divides the profile as follows: - -```text -# divide-aws-bp.txt ---reporter cli:C.out --controls /^C/ ---reporter cli:S.out --controls /^S/ ---reporter cli:N.out --controls /^N/ -``` - -When you run the following command, `inspec exec` runs three times, once for each of the **C**, **S**, and **N** sections of the profile. - -```bash -inspec parallel exec aws-best-practices -o divide-aws-bp.txt -t aws://profile_name@us-east-2 -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md deleted file mode 100644 index d1c659f1a5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md +++ /dev/null @@ -1,28 +0,0 @@ -+++ -title = "Supported Platforms" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Platforms" - identifier = "inspec/install/platforms" - parent = "inspec/install" - weight = 10 -+++ - -Chef InSpec is supported on the operating systems (platforms) listed below. - -## Commercially supported platforms - -The following table lists the commercially-supported platforms and versions for Chef InSpec. - -{{< readfile file="content/inspec/reusable/md/support_commercial_platforms.md" >}} - -## Derived platforms - -The following table lists supported derived platforms and versions for Chef InSpec. - -See our policy on [support for derived platforms](/platforms/#support-for-derived-platforms) for more information. - -{{< readfile file="content/inspec/reusable/md/support_derived_platforms.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/plugin_kitchen_inspec.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/plugin_kitchen_inspec.md deleted file mode 100644 index f2a9c216d6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/plugin_kitchen_inspec.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "About kitchen-inspec" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "kitchen-inspec" - identifier = "inspec/chef/kitchen-inspec" - parent = "inspec/chef" - weight = 10 -+++ - -Use Chef InSpec as a [Test Kitchen](https://kitchen.ci/) verifier with `kitchen-inspec`. - -For hands-on examples, learn how to use Test Kitchen to run Chef InSpec profiles on the Learn Chef course [Validate Infrastructure Code with Test Kitchen](https://www.chef.io/training/tutorials). - -Add the Chef InSpec verifier to the `.kitchen.yml` file: - -```yaml -verifier: - name: inspec -``` - -Use a compliance profile from the Chef Compliance server: - -```yaml -suites: - - name: compliance - run_list: - - recipe[ssh-hardening::default] - verifier: - inspec_tests: - - compliance://base/ssh -``` - -and then run the following command: - -```bash -inspec automate login https://compliance.test --user admin --insecure --token '' -``` - -where: - -- `--insecure` is required when using self-signed certificates. - -`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way: - -```bash -inspec compliance login https://compliance.test --user admin --insecure --token '' -``` - -Use a compliance profile from the Chef Supermarket: - -```yaml -suites: - - name: supermarket - run_list: - - recipe[ssh-hardening::default] - verifier: - inspec_tests: - - supermarket://dev-sec/ssh-baseline -``` - -Use Chef InSpec tests from the local file system: - -```yaml -suites: - - name: local - run_list: - - recipe[my_cookbook::default] - verifier: - inspec_tests: - - test/integration/default -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/plugins.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/plugins.md deleted file mode 100644 index 2931300351..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/plugins.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "About Chef InSpec and Train Plugins" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Plugins" - identifier = "inspec/Plugins" - parent = "inspec" - weight = 90 -+++ - -## What are Chef InSpec plugins? - -Chef InSpec plugins are optional software components that extend the capabilities of InSpec. -For example, [`inspec-iggy`](https://github.com/inspec/inspec-iggy) is a plugin project that aims to generate Chef InSpec controls from infrastructure-as-code files. -Plugins are distributed as RubyGems, and Chef InSpec manages their installation. -Chef InSpec plugins always begin with the prefix 'inspec-'. - -## What are Train plugins? - -Train plugins allow Chef InSpec to speak to new kinds of targets (typically new -remote targets or APIs, but you could treat the local system in a new way if you -wished to). For example, if you wanted to audit a Kubernetes cluster, you might -want a transport that can talk to the supervisor API. You would develop a Train -plugin for that, and install it using the Chef InSpec command line. Train plugins -always begin with the prefix 'train-'. - -## What can plugins do? - -Currently, each plugin can offer one or more of these capabilities: - -- define new output formats ("reporters") -- input sources -- define a new command-line-interface (CLI) command suite (`inspec` plugins) -- connectivity to new types of hosts or cloud providers (`train` plugins) -- DSL extensions at the file, control, describe block, or test level -- DSL extensions for custom resources - -## Find available plugins - -The Chef InSpec CLI can tell you which plugins are available: - -```bash -inspec plugin search inspec- -``` - -## Install and manage plugins - -The Chef InSpec command line now offers a new subcommand just for managing plugins. - -You can install a plugin by running: - -```bash -inspec plugin install inspec-some-plugin -inspec plugin install train-some-plugin -``` - -For more details on what the `plugin` command can do, run `inspec plugin help`. - -## Use a different Gem server - -You can specify an alternate source by passing the base of your Gem repository to -the `--source` parameter: - -```bash -inspec plugin search --source https://private.example.com inspec-private -inspec plugin install --source https:/private.example.com inspec-private-plugin -``` - -## Write a plugin - -For details on creating a Chef InSpec plugin, see the -[InSpec developer documentation](https://github.com/inspec/inspec/blob/main/dev-docs/plugins.md) - -For details on creating a Train plugin, see the -[Train developer documentation](https://github.com/inspec/train/blob/main/docs/plugins.md) diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/_index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/_index.md deleted file mode 100644 index 443e6f0ba2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/_index.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "About Chef InSpec Profiles" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "About Profiles" - identifier = "inspec/profiles/Overview" - parent = "inspec/profiles" - weight = 10 -+++ - -A Chef InSpec profile organizes multiple controls into a reusable artifact that can be described and versioned. -Each profile is a standalone structure with its own distribution and execution flow. - -Chef InSpec supports complex test and compliance profiles, which organize controls to support dependency management and code reuse. - -For hands-on examples, check out [Test Expectations with Chef InSpec](https://www.chef.io/training/tutorials) on Learn Chef to learn more about how profiles are structured. - -## Initialize a new profile - -Use the InSpec CLI to generate a new profile. - -```sh -inspec init profile -``` - -### Platforms - -You can an initialize profiles that are configured for Google Cloud, Azure, or AWS using the `--platform` option. - -```sh -inspec init profile --platform -``` - -Replace: - -- `` with the name of your profile -- `` with one of the following: - - `aws` - - `azure` - - `gcp` - -## Profile structure - -A profile has following structure: - -```yaml -profile -├── README.md -├── controls -│ ├── example.rb -│ └── control_etc.rb -├── libraries -│ └── extension.rb -|── files -│ └── extras.conf -└── inspec.yml -``` - -`inspec.yml` -: The [`inspec.yml` file](inspec_yml) describes the profile. - - Required - -`controls` -: The [`controls` directory](controls) contains all tests. - - Required - -`libraries` -: The `libraries` directory contains all Chef InSpec [resource extensions](custom_resources). - - Optional - -`files` -: The [`files` directory](files) contains additional files that a profile can access. - - Optional - -`README.md` -: The `README.md` explains the profile, its scope, and usage. - - Optional - -## Verify profiles - -Use the `inspec check` command to verify the implementation of a profile: - -```bash -inspec check examples/profile -``` - -## Execute a profile - -Use the `exec` subcommand to execute a profile. - -```sh -inspec exec -``` - -`inspec exec` accepts profiles from several sources, including a local directory, Git repositories, and web-hosted tar files. -See the [`inspec exec` documentation](/inspec/cli#exec) for more information. - -You can format the results of an audit using [InSpec reporters](/inspec/reporters/). - -## Example profiles - -See the `inspec` repository for some [example profiles](https://github.com/inspec/inspec/tree/main/examples). diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/controls.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/controls.md deleted file mode 100644 index 951603237a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/controls.md +++ /dev/null @@ -1,549 +0,0 @@ -+++ -title = "InSpec Profile Controls" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Controls" - identifier = "inspec/profiles/controls" - parent = "inspec/profiles" - weight = 30 -+++ - -Controls define the regulatory recommendations or requirements for the state of a system. - -Controls are written in Ruby using the InSpec DSL, which is a Ruby DSL for writing audit controls and includes audit resources that you can invoke. - -## Controls location - -Add the controls to the `controls` directory at the root of a profile. - -```text -examples/profile -├── controls -│ └── example.rb -└── inspec.yml -``` - -## Syntax - -The following resource tests |ssh| server configuration. For example, a simple control may described as: - -```ruby -describe sshd_config do - its('Port') { should cmp 22 } -end -``` - -In various use cases like implementing IT compliance across different departments, it becomes handy to extend the control with metadata. Each control may define an additional `impact`, `title` or `desc`. An example looks like: - -```ruby -control 'sshd-8' do - impact 0.6 - title 'Server: Configure the service port' - desc 'Always specify which port the SSH server should listen.' - desc 'rationale', 'This ensures that there are no unexpected settings' - tag 'ssh','sshd','openssh-server' - tag cce: 'CCE-27072-8' - ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf' - - describe sshd_config do - its('Port') { should cmp 22 } - end -end -``` - -### Control properties - -Name - -: The name of the control is a unique control ID that's initialized at the beginning of the control block. - - `sshd-8` is the control name in the example above. - -`impact` - -: The importance of the compliance results. - - Data type: String, Float - - Possible string values (based on CVSS 3.0): - - - `none` - - `low` - - `medium` - - `high` - - `critical` - - Numeric values must be between `0.0` and `1.0`. The value ranges are: - - - `0.0 to <0.01` these are controls with no impact, they only provide information - - `0.01 to <0.4` these are controls with low impact - - `0.4 to <0.7` these are controls with medium impact - - `0.7 to <0.9` these are controls with high impact - - `0.9 to 1.0` these are critical controls - -`title` - -: A human-readable title for the control block. - - Optional - -`desc` - -: A human-readable description of the what the control block does. - - `desc` may include two arguments. The first argument is used as a header when rendering in Chef Automate. For example: - - `desc 'rationale', 'This ensures that there are no unexpected settings'` - - Optional - -`tag` - -: Meta-information with key or key-value pairs. - - Optional - -`ref` -: A reference to an external document - -`describe` -: A describe block invokes an [InSpec resource](/inspec/resources/) or [custom resource](/inspec/profiles/custom_resources/) and encloses tests that apply to that resource. Group multiple related describe blocks under one control. - -## Advanced concepts - -### Check if at least one condition passes - -Use `describe.one` to define a set of `describe` blocks where only one block needs to pass. -For example, if you configure a setting in two different locations, then you may want to test if either configuration A or configuration B is set. - -```ruby -describe.one do - describe ConfigurationA do - its('setting_1') { should eq true } - end - - describe ConfigurationB do - its('setting_2') { should eq true } - end -end -``` - -`describe.one` has the following conditions: - -- A `describe.one` block passes if one of its nested `describe` blocks has all assertions passing. A `describe.one` block needs an entire `describe` block to pass and not just a single assertion. -- Chef InSpec will always evaluate all the tests contained within `describe.one`. It does not short-circuit upon evaluating a passing `describe` block. -- Nesting a `describe.one` block inside another `describe.one` block is not supported. - -### Sensitive resources - -Use the `:sensitive` flag in resource definition to suppress the output an audit. - -For example, you may write checks that involve resources with sensitive content, such as a file resource. - -```ruby -describe file('/tmp/mysecretfile'), :sensitive do - its('content') { should match /secret_info/ } -end -``` - -## Examples - -The following examples show simple compliance tests using a single `control` block. - -### Test password complexity - -The following test shows how to audit machines running Windows 2012 R2 that password complexity is enabled: - -```ruby -control 'windows-account-102' do - impact 'critical' - title 'Windows Password Complexity is Enabled' - desc 'Password must meet complexity requirement' - describe security_policy do - its('PasswordComplexity') { should cmp 1 } - end -end -``` - -### Test if PostgreSQL passwords are empty - -The following test shows how to audit machines running PostgreSQL to ensure that passwords are not empty. - -```ruby -control 'postgres-7' do - impact 1.0 - title "Don't allow empty passwords" - describe postgres_session('user', 'pass').query("SELECT * FROM pg_shadow WHERE passwd IS NULL;") do - its('output') { should cmp '' } - end -end -``` - -### Test if MySQL passwords are in ENV - -The following test shows how to audit machines running MySQL to ensure that passwords are not stored in `ENV`: - -```ruby -control 'mysql-3' do - impact 1.0 - title 'Do not store your MySQL password in your ENV' - desc ' - Storing credentials in your ENV may easily expose - them to an attacker. Prevent this at all costs. - ' - describe command('env') do - its('stdout') { should_not match /^MYSQL_PWD=/ } - end -end -``` - -### Test if `/etc/ssh` is a directory - -The following test shows how to audit machines to ensure that `/etc/ssh` is a directory: - -```ruby -control 'basic-1' do - impact 1.0 - title '/etc/ssh should be a directory' - desc ' - In order for OpenSSH to function correctly, its - configuration path must be a folder. - ' - describe file('/etc/ssh') do - it { should be_directory } - end -end -``` - -### Test if Apache running - -The following test shows how to audit machines to ensure that Apache is enabled and running: - -```ruby -control 'apache-1' do - impact 'medium' - title 'Apache2 should be configured and running' - describe service(apache.service) do - it { should be_enabled } - it { should be_running } - end -end -``` - -### Test if insecure packages are installed - -The following test shows how to audit machines for insecure packages: - -```ruby -control 'cis-os-services-5.1.3' do - impact 0.7 - title '5.1.3 Ensure rsh client is not installed' - describe package('rsh') do - it { should_not be_installed } - end - describe package('rsh-redone-client') do - it { should_not be_installed } - end -end -``` - -### Test Windows Registry Keys - -The following test shows how to audit machines to ensure Safe DLL Search Mode is enabled: - -```ruby -control 'windows-base-101' do - impact 1.0 - title 'Safe DLL Search Mode is Enabled' - desc ' - @link: https://msdn.microsoft.com/en-us/library/ms682586(v=vs.85).aspx - ' - describe registry_key('HKLM\\System\\CurrentControlSet\\Control\\Session Manager') do - it { should exist } - it { should_not have_property_value('SafeDllSearchMode', :type_dword, '0') } - end -end -``` - -### Use `only_if` to exclude a specific control - -This example shows how to allow skipping certain controls if conditions are not -met by using `only_if`. In this example, the control will not be performed if -the `redis-cli` command does not exist. A optional message can say why it was skipped. - -```ruby -control 'nutcracker-connect-redis-001' do - impact 'critical' - title 'Check if nutcracker can pass commands to redis' - desc 'execute redis-cli set key command, to check connectivity of the service' - - only_if('redis is not installed.') do - command('redis-cli').exist? - end - - describe command('redis-cli SET test_inspec "HELLO"') do - its('stdout') { should match /OK/ } - end -end -``` - -This example checks for if certain pip packages are installed, but only if '/root/.aws' exists: - -```ruby -control 'pip-packages-installed' do - title 'Check if essential pips are installed' - only_if('aws-cli config not created.') do - directory('/root/.aws').exist? - end - %w(aws-mfa PyYAML awscli).each do |aws_pip_deps| - describe pip(aws_pip_deps) do - it { should be_installed } - end - end -end -``` - -Mixing this with other conditionals, such as checking existence of the files, can -help to test different test paths using Chef InSpec. With this way, you can skip -certain controls, which would 100% fail due to the way servers are prepared, but -you know that the same control suites are reused later in different circumstances -by different teams. - -This example checks whether the Gnome Desktop is installed. If not installed, it resets the impact of the control to the new value which is passed as a hash with the impact key. - -Here, it resets it to 0: - -```ruby -control 'gnome-destkop-settings' do - impact 0.5 - desc 'some good settings' - desc 'check', 'check the settings file for good things' - desc 'fix', 'set the good things in the file /etc/gnome/settings' - tag nist: 'CM-6' - - only_if("The Gnome Desktop is not installed, this control is Not Applicable", impact: 0) { - package('gnome-desktop').installed? - } - - describe gnome_settings do - it should_be set_well - end -end -``` - -Some notes about `only_if`: - -- `only_if` applies to the entire `control`. If the results of the `only_if` - block evaluate to false, any Chef InSpec resources mentioned as part of a - `describe` block will not be run. Additionally, the contents of the describe - blocks will not be run. However, bare Ruby expressions and bare Chef InSpec - resources (not assocated with a describe block) preceding the only_if statement - will run -- `only_if` also accepts hash with impact key to reset the impact value of the control. Control's impact is helpful in determining it is enhanced outcome. - -To illustrate: - -```ruby -control "whatruns" do - command("do_something") # This will ALWAYS run - describe command("do_another_thing") do # This will not run - command("do_yet_another_thing") # This will not run - end - only_if { false } - command("do_something_else") # This will not run -end -``` - -- Only one `only_if` is permitted per `control` block. If multiple `only_if` blocks are present, only the last `only_if` block will be honored -- If used outside a control block, `only_if` skips all controls in the current file -- To implement complex logic, use Ruby 'or' (`||`) and 'and' (`&&`) inside your `only_if` block: - -```ruby - only_if('ready for launch') do - rocket_is_ready && weather_is_clear - end -``` - -### Test controls for applicability using `only_applicable_if` - -The `only_applicable_if` block allows to test if a control is applicable or not. In this example, the control with `only_applicable_if` block checks the condition and marks the control as not applicable (N/A) if the results of the `only_applicable_if` block evaluates to `false`. - -If **gnome-desktop** is not installed, the following control to test gnome settings marks control as **not applicable**. - -```ruby -control 'gnome-destkop-settings' do - impact 0.5 - desc 'some good settings' - desc 'check', 'check the settings file for good things' - desc 'fix', 'set the good things in the file /etc/gnome/settings' - tag nist: 'CM-6' - - only_applicable_if("The Gnome Desktop is not installed, this control is Not Applicable") { - package('gnome-desktop').installed? - } - - describe gnome_settings do - it should_be set_well - end -end -``` - -Run output: - -```bash -inspec exec path/to/audit-gnome-settings-profile --enhanced-outcomes - -Profile: InSpec Profile (audit-gnome-settings-profile) -Version: 0.1.0 -Target: local:// -Target ID: fa3923b9-f806-4cc2-960d-1ddefb4c7654 - - N/A gnome-destkop-settings: No-op - × No-op - N/A control due to only_applicable_if condition: The Gnome Desktop is not installed, this control is Not Applicable - -Profile Summary: 0 successful controls, 0 control failure, 0 controls not reviewed, 1 controls not applicable, 0 controls have error -Test Summary: 0 successful, 1 failures, 0 skipped -``` - -Some notes about `only_applicable_if`: - -- `only_applicable_if` applies to the entire `control`. If the results of the `only_applicable_if` block evaluates to `false`, any Chef InSpec resources mentioned as part of a `describe` block will not be run. Additionally, the contents of the describe blocks will not be run. -- If the results of the `only_applicable_if` block evaluates to `false`, it will invoke a failing test which will state the reason for N/A. - -### Additional metadata - -The following example illustrates various ways to add tags and references to `control` - -```ruby -control 'ssh-1' do - impact 1.0 - - title 'Allow only SSH Protocol 2' - desc ' - Only SSH protocol version 2 connections should be permitted. - The default setting in /etc/ssh/sshd_config is correct, and can be - verified by ensuring that the following line appears: Protocol 2 - ' - - tag 'production','development' - tag 'ssh','sshd','openssh-server' - - tag cce: 'CCE-27072-8' - tag disa: 'RHEL-06-000227' - - tag remediation: 'stig_rhel6/recipes/sshd-config.rb' - tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening' - - ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf' - ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html' - - describe ssh_config do - its('Protocol') { should cmp 2 } - end -end -``` - -## Using Ruby in InSpec - -The Chef InSpec Language is a Ruby based language. This allows you to be flexible with -Ruby code in controls: - -```ruby -json_obj = json('/file.json') -json_obj['keys'].each do |value| - .. -end -``` - -Ruby allows a lot of freedoms, but should be limited in controls so that they -remain portable and easy to understand. Please see our [profile style guide](/inspec/style/). - -Core and custom resources are written as regular Ruby classes which inherit from -`Inspec.resource`. - -### Interactive Debugging with Pry - -Here's a sample Chef InSpec control that uses Ruby variables to instantiate -a Chef InSpec resource once and use the content in multiple tests. - -```ruby -control 'check-perl' do - impact 0.3 - title 'Check perl compiled options and permissions' - perl_out = command('perl -V') - #require 'pry'; binding.pry; - describe perl_out do - its('exit_status') { should eq 0 } - its('stdout') { should match /USE_64_BIT_ALL/ } - its('stdout') { should match /useposix=true/ } - its('stdout') { should match /-fstack-protector/ } - end - - # extract an array of include directories - perl_inc = perl_out.stdout.partition('@INC:').last.strip.split("\n") - # ensure include directories are only writable by 'owner' - perl_inc.each do |path| - describe directory(path.strip) do - it { should_not be_writable.by 'group' } - it { should_not be_writable.by 'other' } - end - end -end -``` - -An **advanced** but very useful Ruby tip. In the previous example, I -commented out the `require 'pry'; binding.pry;` line. If you remove the -`#` prefix and run the control, the execution will stop at that line and -give you a `pry` shell. Use that to troubleshoot, print variables, see -methods available, etc. For the above example: - -```ruby -[1] pry> perl_out.exit_status -=> 0 -[2] pry> perl_out.stderr -=> "" -[3] pry> ls perl_out -Inspec::Plugins::Resource#methods: inspect -Inspec::Resources::Cmd#methods: command exist? exit_status result stderr stdout to_s -Inspec::Resource::Registry::Command#methods: inspec -instance variables: @__backend_runner__ @__resource_name__ @command @result -[4] pry> perl_out.stdout.partition('@INC:').last.strip.split("\n") -=> ["/Library/Perl/5.18/darwin-thread-multi-2level", - " /Library/Perl/5.18", -...REDACTED... -[5] pry> exit # or abort -``` - -You can use `pry` inside both the controls DSL and resources. Similarly, -for dev and test, you can use `inspec shell` which is based on `pry`, -for example: - -```ruby -$ inspec shell -Welcome to the interactive InSpec Shell -To find out how to use it, type: help - -inspec> command('ls ~/projects/github/inspec/docs').stdout -=> "README.md\nconfig.md\ndev\ndsl_inspec.md\ndsl_resource.md\nglossary.md\nhabitat.md\ninputs.md\ninspec_and_friends.md\nmatchers.md\nmigration.md\nplatforms.md\nplugin_kitchen_inspec.md\nplugins.md\nprofiles.md\nreporters.md\nresources\nshared\nshell.md\nstyle.md\nwaivers.md\n" -inspec> command('ls ~/projects/github/inspec/docs').stdout.split("\n").first -=> "README.md" - -inspec> help command -Name: command - -Description: -Use the command InSpec audit resource to test an arbitrary command that is run on the system. - -Example: -describe command('ls -al /') do - it { should exist } - its('stdout') { should match /bin/ } - its('stderr') { should eq '' } - its('exit_status') { should eq 0 } -end -``` - diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/custom_resources.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/custom_resources.md deleted file mode 100644 index e7592f1f6b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/custom_resources.md +++ /dev/null @@ -1,199 +0,0 @@ -+++ -title = "InSpec Custom Resources" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Custom Resources" - identifier = "inspec/profiles/libraries" - parent = "inspec/profiles" - weight = 40 -+++ - -You can extend the functionality of Chef InSpec profiles by creating custom resources. - -For hands-on examples, check out [Extending InSpec: InSpec Wrappers and Custom Resources](https://www.chef.io/training/tutorials) on Learn Chef. - -## Resource location - -Create custom resources in a profile's libraries directory. - -```bash -examples/profile -... -├── libraries -│   └── example_config.rb -``` - -## Resource structure - -The smallest possible resource takes this form: - -```ruby -class Tiny < Inspec.resource(1) - name 'tiny' -end -``` - -Resources are written as a regular Ruby class which inherits from -Inspec.resource. The number (1) specifies the version this resource -plugin targets. As Chef InSpec evolves, this interface may change and may -require a higher version. - -### Resource attributes - -Use the following attributes to configure a resource. - -`name` -: Identifier of the resource. - - Required - -`desc` -: Description of the resource - - Optional - -`example` -: Example usage of the resource - - Optional - -`supports` -: Platform restrictions of the resource - - Optional - -### Resource methods - -The following methods are available to the resource. - -`inspec` - -: Contains a registry of all other resources to interact with the operating system or target in general. - -`skip_resource` - -: A resource may call this method to indicate that requirements aren't met. All tests that use this resource will be marked as skipped. - -The additional methods may be defined within the resource: - -`resource_id` -: An instance method. Place logic here to determine the unique identifier for a resource, and set it using the superclass method. - - Following is an example of its usage in an InSpec test: - - ```ruby - # example_config resource can have unique conf file path as an identifier. - describe example_config do - its("resource_id") { should eq PATH_OF_CONF_FILE } - end - ``` - -### Example - -The following example shows a full resource using attributes and methods -to provide simple access to a configuration file: - -```ruby -class ExampleConfig < Inspec.resource(1) - name 'example_config' - - # Restrict to only run on the below platforms (if none were given, all OS's supported) - supports platform_family: 'fedora' - supports platform: 'centos', release: '6.9' - # Supports `*` for wildcard matcher in the release - supports platform: 'centos', release: '7.*' - - desc ' - Resource description ... - ' - - example ' - describe example_config do - its("signal") { should eq "on" } - end - ' - - # Load the configuration file on initialization - def initialize(path = nil) - @path = path || '/etc/example.conf' - @params = SimpleConfig.new( read_content ) - end - - # Expose all parameters of the configuration file. - def method_missing(name) - @params[name] - end - - def resource_id - value = example_method_to_determine_resource_id # define logic to determine resource_id value - super(value) - end - - private - - def read_content - f = inspec.file(@path) - # Test if the path exist and that it's a file - if f.file? - # Retrieve the file's contents - f.content - else - # If the file doesn't exist, skip all tests that use example_config - raise Inspec::Exceptions::ResourceSkipped, "Can't read config at #{@path}" - end - end -end -``` - -For a full example, see our [example resource](https://github.com/chef/inspec/blob/main/examples/profile/libraries/example_config.rb). - -## Alternate custom resource names - -If you have a profile that includes another profile with custom resources as a dependency, the custom resources from the dependent profile are included by default. -If two custom resource names conflict, you can use the `require_resource` InSpec DSL function to rename a custom resource in control code. - -```ruby -require_resource( - profile: '', - resource: '', - as: '' -) -``` - -where: - -- `` is the dependent profile -- `` is the resource name in the dependent profile -- `` is an alternate name for that resource - -## Lazy Loading - -Prior to InSpec v4.16, resources were pre-loaded for every invocation -of `inspec`. This was a heavy and unnecessary burden on the system and -exacerbated startup times (especially on Windows). - -As of InSpec v4.16, resources are lazily loaded into the `inspec` -process upon use. This greatly speeds up the initial startup costs of -the `inspec` process and only loads what you need to use. For example, `inspec ---version` no longer runs for 10 seconds!. - -### Overriding Core Resources - -Lazy loading does change the way the resource registry is handled in -ways that might break some assumptions. Specifically, -`inspec.` isn't pre-populated with the core resources that -InSpec ships with. If you make a local/custom resource of the same -name, referring to the core resource via `inspec.` will not -resolve to the core resource. - -As such, overriding core resources is not recommended best practice. - -If you really do need to do this, it is easiest to make a local -resource with a new name and refer to the core resource directly. -Otherwise, you need to ensure that the core resource you want is -registered (via `require "inspec/resource/"`) _before_ your -profile is run to ensure it is eagerly loaded and in the global -resource registry. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/depends.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/depends.md deleted file mode 100644 index 2f79bc4785..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/depends.md +++ /dev/null @@ -1,362 +0,0 @@ -+++ -title = "InSpec Profile Dependencies" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Dependencies" - identifier = "inspec/profiles/depends" - parent = "inspec/profiles" - weight = 50 -+++ - -A Chef InSpec profile can bring in the controls and custom resources from another -Chef InSpec profile. Additionally, when inheriting the controls of another profile, -a profile can skip or even modify those included controls. - -For hands-on examples, check out [Extending InSpec: InSpec Wrappers and Custom Resources](https://www.chef.io/training/tutorials) on Learn Chef. - -## Define dependencies - -Before a profile can use controls from another profile, the to-be-included profile -needs to be specified in the including profile’s `inspec.yml` file in the `depends` -section. For each profile to be included, a location for the profile from where -to be fetched and a name for the profile should be included. For example: - -```yaml -depends: -- name: linux-baseline - url: https://github.com/dev-sec/linux-baseline/archive/master.tar.gz -- name: ssh-baseline - url: https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz -``` - -Chef InSpec supports a number of dependency sources. - -### path - -The `path` setting defines a profile that is located on disk. This setting is -typically used during development of profiles and when debugging profiles. - -```yaml -depends: -- name: my-profile - path: /absolute/path -- name: another - path: ../relative/path -``` - -### url - -The `url` setting specifies a profile that is located at an HTTP- or HTTPS-based -URL. The profile must be accessible via a HTTP GET operation and must be a valid -profile archive (zip, tar, or tar.gz format). - -```yaml -depends: -- name: my-profile - url: https://example.com/path/to/profile.tgz -- name: profile-via-git - url: https://github.com/username/myprofile-repo/archive/master.tar.gz -``` - -`url` also supports basic authentication. - -```yaml -depends: -- name: my-profile - url: https://example.com/path/to/profile.tgz - username: user - password: password -``` - -### git - -A `git` setting specifies a profile that is located in a Git repository, with -optional settings for `branch`, `tag`, `commit`, `version`, and `relative_path`. The source -location is translated into a URL upon resolution. This type of dependency supports -version constraints via semantic versioning as Git tags. - -```yaml -depends: -- name: git-profile - git: http://example.com/path/to/repo - branch: desired_branch - tag: desired_version - commit: pinned_commit - version: semver_via_tags - relative_path: relative/optional/path/to/profile -``` - -### supermarket - -A `supermarket` setting specifies a profile that is located in a cookbook hosted -on Chef Supermarket. The source location is translated into a URL upon resolution. - -For example: - -```yaml -depends: -- name: supermarket-profile - supermarket: supermarket-username/supermarket-profile -``` - -Available Supermarket profiles can be listed with `inspec supermarket profiles`. - -### compliance - -A `compliance` setting specifies a profile that is located on the Chef Automate -or Chef Compliance server. - -For example: - -```yaml -depends: -- name: linux - compliance: base/linux -``` - -## Gem dependencies - -Any profile with Ruby gem dependencies that need to be installed can be specified using the `gem_dependencies` settings in the `inspec.yml` metadata file. - -For example, if you required any Ruby library in a custom resource that needs a specific gem to be installed, then you can specify those gems in the metadata file. -Chef InSpec will prompt to install the gems to `~/.inspec/gems` when you run your profile the first time. -To skip the prompt and automatically install, pass the `--auto-install-gems` option to `inspec exec`. - -```yaml -gem_dependencies: - - name: "mongo" - version: ">= 2.3.12" -``` - -## Alternate resource names - -By default, all [custom resources](/inspec/profiles/custom_resources/) from a listed dependency are available for use in a profile. -If two of your dependencies provide a resource with the same name, you can use the `require_resource` InSpec DSL function to disambiguate the two: - -```ruby -require_resource( - profile: '', - resource: '', - as: '' -) -``` - -where: - -- `` is the dependent profile -- `` is the resource name in the dependent profile -- `` is an alternate name for that resource - -## Use controls from a dependent profile - -After you define a dependent profile in the `inspec.yml` file, you can use controls from those profiles. - -See the `inspec` repository for an [example profile](https://github.com/inspec/inspec/tree/main/examples/inheritance) that inherits controls from another profile. - -The following examples show you how to include controls from a dependent profile. - -### Include all controls - -With the `include_controls` command in a profile, all controls from the named -profile will be executed every time the including profile is executed. - -For example, if you have a profile called `baseline-profile` with the following controls: - -- baseline-1 -- baseline-2 - -And `app-profile` with the following controls: - -- app-1 -- app-2 -- app-3 - -Add `baseline-profile` as dependency of `app-profile`, then include the `baseline-profile` controls using `include_controls` in the control code of `app-profile`: - -```ruby -include_controls 'baseline-profile' -``` - -Every time you execute `app-profile`, InSpec also executes all the controls from `baseline-profile`: - -- app-1 -- app-2 -- app-3 -- baseline-1 -- baseline-2 - -This is a great reminder that having a good naming convention for your controls -is helpful to avoid confusion when including controls from other profiles! - -### Skip a control - -What if one of the controls from the included profile does not apply to your environment? -Luckily, it is not necessary to maintain a slightly-modified copy of the included profile just to delete a control. -The `skip_control` command tells Chef InSpec to not run a particular control. - -For example, if you have a profile called `baseline-profile` with the following controls: - -- baseline-1 -- baseline-2 - -And `app-profile` with the following controls: - -- app-1 -- app-2 -- app-3 - -Add `baseline-profile` as dependency of `app-profile`, then include the `baseline-profile` controls using `include_controls` and `skip_control` to exclude the profile you don't want execute: - -```ruby -include_controls 'baseline-profile' do - skip_control 'baseline-2' -end -``` - -Every time you execute `app-profile`, InSpec also executes all the controls from `baseline-profile` except `baseline-2`: - -- app-1 -- app-2 -- app-3 -- baseline-1 - -### Modify a control - -Let's say a particular control from an included profile should still be run, but -the impact isn't appropriate? Perhaps the test should still run, but if it fails, -it should be treated as low severity instead of high severity? - -When a control is included, it can also be modified! - -For example, if you have a profile called `baseline-profile` with the following controls: - -- baseline-1 -- baseline-2 - -And `baseline-1` has an `impact` of `1.0` defined in `baseline-profile`: - -```ruby -control 'baseline-1' do - impact 1.0 - ... -end -``` - -Add `baseline-profile` as dependency of `app-profile`, then include the `baseline-profile` controls to `app-profile` using `include_controls` and redefine the impact of `baseline-1`: - -```ruby -include_controls 'baseline-profile' do - control 'baseline-1' do - impact 0.5 - end -end -``` - -In the above example, all controls from `baseline-profile` are executed along with all the controls from the including profile, `app-profile`. -However, should control `baseline-1` fail, it will be raised with an impact of `0.5` instead of the originally intended impact of `1.0`. - -### Selectively include controls - -Use the `require_controls` command selectively include certain controls from an included -profile. You don't have to skip all the unneeded controls, or worse, -copy/paste those controls bit-for-bit into your profile. - -For example, if you have a profile called `baseline-profile` with the following controls: - -- baseline-1 -- baseline-2 -- baseline-3 -- baseline-4 -- baseline-5 - -And `app-profile` with the following controls: - -- app-1 -- app-2 -- app-3 - -Add `baseline-profile` as dependency of `app-profile`, then include specific `baseline-profile` controls using `require_controls` in the control code of `app-profile`: - -```ruby -require_controls 'baseline-profile' do - control 'baseline-2' - control 'baseline-4' -end -``` - -Every time you execute `app-profile`, InSpec executes the controls `app-profile` and the controls specified in the `require_controls` block: - -- app-1 -- app-2 -- app-3 -- baseline-2 -- baseline-4 - -Controls `baseline-1`, `baseline-3`, and `baseline-5` are not run, just as if they were manually skipped. -This method of including specific controls ensures only the controls specified are executed; if new controls are added to a later version of `baseline-profile`, they would not be run. - -And, just the way its possible to modify controls when using `include_controls`, -controls can be modified with `require_controls` as well. - -```ruby -require_controls 'baseline-profile' do - control 'baseline-2' do - impact 0.5 - end - control 'baseline-4' -end -``` - -As with the prior example, only `baseline-2` and `baseline-4` are executed, but -if `baseline-2` fails, it will report with an impact of `0.5` instead of the -originally-intended `1.0` impact. - -## Include controls from different profile versions - -When a Chef InSpec profile has dependency on another profile to its specific version, then the controls can be included or selected by using the profile name and version separated by `-`. - -Here, `profile-a` has following dependency: - -```yaml -name: profile-a -depends: - - name: ssh - git: https://github.com/dev-sec/ssh-baseline.git - tag: 2.6.0 -``` - -And `profile-b` has following dependency: - -```yaml -name: profile-b -depends: - - name: ssh - git: https://github.com/dev-sec/ssh-baseline.git - tag: 2.7.0 -``` - -You can include or require controls of these profiles in a following manner: - -```ruby -include_controls "ssh-2.6.0" -include_controls "ssh-2.7.0" -``` - -OR - -```ruby -require_controls "ssh-2.6.0" -require_controls "ssh-2.7.0" -``` - -## Vendor dependencies - -When you execute a local profile, Inspec reads the `inspec.yml` file in order to -source any profile dependencies. It then caches the dependencies locally and -generates an `inspec.lock` file. - -If you add or update dependencies in `inspec.yml`, dependencies may be re-vendored -and the lockfile updated with `inspec vendor --overwrite` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/files.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/files.md deleted file mode 100644 index e3eeb185eb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/files.md +++ /dev/null @@ -1,60 +0,0 @@ -+++ -title = "Profile Files" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Files" - identifier = "inspec/profiles/files" - parent = "inspec/profiles" - weight = 50 -+++ - -A Chef InSpec profile may contain additional files that can be accessed during tests. -A profile file enables you to separate the logic of your tests from the data your tests check for. -For example, the list of ports you require to be open. - -## Files location - -Add files to the `files` directory at the root of a profile. - -```text -examples/profile -├── controls -│ ├── example.rb -│── files -│ └── services.yml -└── inspec.yml -``` - -## Access file - -Use `inspec.profile.file('FILENAME.yml')` to access data from the file. - -## Example - -With `files/services.yml` containing the following data: - -```yaml -- service_name: httpd-alpha - port: 80 -- service_name: httpd-beta - port: 8080 -``` - -The tests in `example.rb` can now access this file: - -```ruby -my_services = yaml(content: inspec.profile.file('services.yml')).params - -my_services.each do |s| - describe service(s['service_name']) do - it { should be_running } - end - - describe port(s['port']) do - it { should be_listening } - end -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/inputs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/inputs.md deleted file mode 100644 index 8d021b4b45..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/inputs.md +++ /dev/null @@ -1,485 +0,0 @@ -+++ -title = "Chef InSpec Inputs" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Inputs" - identifier = "inspec/profiles/Inputs" - parent = "inspec/profiles" - weight = 60 -+++ - -Inputs allow you to customize the behavior of Chef InSpec profiles. - -In [_profiles that accept inputs_](#profile-support), you can configure them using the following methods: - -- Inline in [control code](#control-code) -- In the [`inspec.yml` file](#inspecyml-file) -- In the command line using the [`--input` option](#input-cli-option) -- In an input file that's invoked with the CLI [`--input-file` option](#input-file-cli-option) -- In [input plugins](#plugins) - -Profiles that include other profiles can set inputs in the included profile, enabling a multi-layered approach to configuring profiles. - -## Profile support - -Profiles accept inputs from any input method as long as one or both of the following conditions exists: - -- inputs are listed in the [`inspec.yml` file](#inspecyml-file) -- inputs are included in the [control source code](#control-code) - -## Simple example - -Suppose you have a profile named `rock_critic` and its profile `inspec.yml` metadata file includes the following inputs: - -```yaml -# Optionally declare inputs in the profile metadata -# This lets you set up things like type checking, etc. -inputs: -- name: amplifier_max_volume - description: How loud the amplifiers can go - type: numeric - # More options, including value: and priority: are possible here -``` - -In the profile's control code, define the value of the input using the `input` function: - -```ruby -# Set a default value for an input. This is optional. -input('amplifier_max_volume', value: 10) - -control 'Big Rock Show' do - describe input('amplifier_max_volume') do # This line reads the value of the input - it { should cmp 11 } # The UK'S LOUDEST BAND - end -end -``` - -When the above profile is executed by using `inspec exec rock_critic`, you would see something like: - -```bash - × Big Rock Show: 10 - × 10 is expected to cmp == 11 - - expected: 11 - got: 10 - - (compared using `cmp` matcher) -Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped -``` - -The control fails because the value is set to `10`, but the control expects `11`. -That result clearly won't do. - -By default, inputs set using the CLI `--input` option override inputs defined in control code. -So, you can set the `amplifier_max_volume` to `11` and the control will pass. - -```sh -inspec exec rock_critic --input amplifier_max_volume=11 -``` - -which returns: - -```bash - ✔ Big Rock Show: 11 - ✔ 11 is expected to cmp == 11 - -Profile Summary: 1 successful control, 0 control failures, 0 controls skipped -``` - -## Set inputs - -You can set inputs using one or more of the following methods. Each method has a different priority allowing them to override each other. Some methods allow you to modify their priority. For more information, see the [input priority documentation](#input-priority). - -### `--input` CLI option - -Use the `--input` option to set inputs and values directly on the command line. - -Inputs set with the `--input` option have a priority of 50. - -```sh -inspec exec my_profile --input input_name=input_value -``` - -You can set multiple inputs. - -```sh -inspec exec my_profile --input input_name1=input_value1 name2=value2 -``` - -If a CLI input value resembles a number, it will be converted to an Integer or -Float. Scientific notation is not recognized. - -```sh -inspec exec my_profile --input amplifier_volume=-11 -inspec exec my_profile --input water_depth=11.5 -``` - -You can set inputs with complex values, such as arrays and hashes using either -YAML or JSON syntax. Just be sure to protect the string from the shell using single -quotes. - -```sh -inspec exec my_profile --input alphabet='[a,b,c]' -inspec exec my_profile --input fruits='{a: apples, b: bananas, c: cantelopes}' -inspec exec my_profile --input json_fruit='{"a": "apples", "g": ["grape01", "grape02"] }' -``` - -Do not repeat the `--input` flag; that will override the previous setting. - -As of Chef InSpec 4.12, this mechanism has the following limitations: - -- No [input options](#input-options) may be set---only the name and value. -- Because the CLI is outside the scope of any individual profile and the inputs - don't take options, the inputs are clumsily copied into every profile, - effectively making the CLI mechanism global. - -### `--input-file` CLI option - -You can set inputs and values with a YAML file in the command line. - -Inputs set the `--input-file` option have a priority of 40. - -Create a YAML file using the following format: - -```yaml -an_input: a_value -another_input: another_value -``` - -Invoke the input file using the `--input-file` option. - -```sh -inspec exec my_profile --input-file .yml -``` - -As of Chef InSpec 4.3.2, this mechanism has the following limitations: - -- No [input options](#input-options) may be set---only the name and value. -- Because the CLI is outside the scope of any individual profile and the inputs - don't take options, the inputs are clumsily copied into every profile, - effectively making the CLI mechanism global. - -### inspec.yml file - -In the [`inspec.yml` file](/inspec/profiles/inspec_yml), you may add a section for inputs. -You may define inputs there, clearly setting options including values, type checking, and whether the input is -required. - -```yaml -name: my_profile -inputs: -- name: webserver_user # Name is the only required field -- name: favorite_fruit - value: banana # You can set a value; priority is 30 for metadata -- name: meaning_of_life - type: Numeric - value: 42 - required: true - priority: 70 - sensitive: true -``` - -All [input options](#input-options) are supported in metadata files. - -Defining inputs in profile metadata has two major advantages: - -- The inputs and their configuration are listed explicitly in simple YAML in one place - a consumer of your profile does not need to read through the control code to find the inputs. -- You can set inputs in other profiles that you depend on using profile inheritance. - -#### Profile inheritance - -When your profile relies on another profile using the `depends` key in the metadata file, you can set---that is, override---the value of the input in the dependent profile by including the `profile` option and naming the dependent profile. - -```yaml -# child inspec.yml -name: child -inputs: -- name: favorite_food - value: pizza -``` - -```yaml -# wrapper inspec.yml -name: wrapper -depends: -- name: child - path: ../child -inputs: -- name: favorite_food - value: broccoli - profile: child # <----- REQUIRED to override the value in InSpec 4 -``` - -In **Chef InSpec 4+**, every input is namespaced. For example, you could have an -input named `wrapper/favorite_food` and one named `child/favorite_food`. If no -explicit profile option is set within the `wrapper` profile metadata file, then -`wrapper` is assumed to be the profile. - -### Control Code - -Inputs are available throughout the InSpec profile DSL. You can use them anywhere. - -```ruby -# some_controls.rb - -input('outer_input', value: 1) # here - -control 'control-1' do - input('control_dsl_input', value: 2) # here too - describe some_resource do - input('test_dsl_input', value: 3) # even here - it { should cmp input('expectation_dsl_input') } # and yes here too - end -end -``` - -#### Setting Inputs - -When you write `input('some_name', value: 'some_value')`, you are *setting* an input value in the DSL. -Because the `value:` option is present, a new value will be set. -You may also pass any other option listed in the -[input option reference](#input-options). - -#### Reading Inputs - -When you call `input('some_name')`, with or without additional options, the value of the input will be resolved and returned. -Note that this process may involve sourcing the value from another provider, using the value set in DSL, or overriding -the value provided in the same call. - -```ruby -# You can use the value in a Ruby variable -some_var = input('some_input_name') - -# Or more directly in a resource parameter -describe file(input('important_path')) do - it { should exist } -end - -# Or as the resource itself (this could be a string, here) -describe input('some_setting') do - it { should cmp 'correct_value' } -end - -# Or as the expected value -describe file('/etc/httpd/httpd.conf') do - its('owner') { should_not cmp input('webserver_user') } -end -``` - -The value returned can be used anywhere a Ruby value is used. - -### Plugins - -You can also set inputs using custom input plugins, which retrieve values from external sources like secret stores or databases. Please check [RubyGems.org](https://rubygems.org/) for available InSpec input plugins. - -#### Disabling Caching - -Especially with plugins, you may want to re-evaluate inputs every time and not cache them. -By default, an existing input value is reused which can lead to problems if the retrieved values are expected to change. -An example for this is using `kitchen-inspec` with input plugins to connect to a Vault server for password retrieval. - -To disable input caching, you can disable the cache from your Ruby code: - -```ruby -Inspec::InputRegistry.instance.cache_inputs = false -``` - - -## Input options - -`name` - -: The input name. - - Required - - Date type: `String`. - - Allowed in: all input methods. - - When used in control code and `inspec.yml` file, the name is unique within the - current profile. When used in CLI input files, and kitchen-inspec, - the input is copied across all profiles using the same name. - -`description` - -: Human-meaningful explanation of the input. - - Optional - - Data type: `String` - - Allowed in: control code, `inspec.yml` file - -`value` - -: The value that will be available when you read the input. - See the [Reading Inputs](#reading-inputs-in-control-dsl) section for more information. - - Optional - - Data type: any Ruby or YAML type - - Allowed in: all input methods. - -`type` - -: If provided, Inspec will check the value of the input to see if it's of the corresponding type. - Note that `Regexp` indicates that the input value itself should be a regular expression, not that it should - match any particular regular expression. - - Optional - - Data type: `String` - - Allowed values: - - - `String` - - `Numeric` - - `Regexp` - - `Array` - - `Hash` - - `Boolean` - - `Any` - - Allowed in: control code, `inspec.yml` file - -`required` - -: If `true`, a control using the input will be failed - if it [reads](#reading-inputs) the value when none has been set. - - Optional - - Data type: Boolean - - Allowed values: `true` or `false`. - - Allowed in: control code, `inspec.yml` file - -`priority` - -: Higher values have higher precedence. - For more information, see the [input priority documentation](#input-priority). - - Optional - - Data type: `Integer` - - Allowed values: 0-100 - - Allowed in: control code, `inspec.yml` file - -`profile` - -: Optional - - Data type: `String`. - - Sets an input in another profile from your profile. - - Allowed in: control code, `inspec.yml` file - -`sensitive` - -: Optional - - Date type: `true` or `false`. - - If `true`, the value of the input will be used normally - during the `exec` run, but the value will be obscured as "***" in the "inputs" or - "attributes" section of any [Reporter](/inspec/reporters/) that explicitly lists - inputs (the `json` reporter is one such reporter). Note that this will not obscure - input values that are used as test results. - - Allowed in: `inspec.yml` file - -`pattern` - -: Validates the input by matching it with the provided regular expression. - - Optional - - Date type: `Regexp`. - - Allowed in: control code, `inspec.yml` file - -## Input priority - -The following table lists the *default* priority for input methods in order from highest priority (50) to lowest priority (20). - -| Input Provider | Priority | May change priority | -| --------------------------------------- | -------- | ------------------- | -| CLI `--input` option | 50 | No | -| inspec-kitchen `inputs:` section | 40 | No | -| CLI `--input-file` option | 40 | No | -| `inspec.yml` file in a wrapper cookbook | 35 | Yes | -| `inspec.yml` file | 30 | Yes | -| Inline control code | 20 | Yes | - -### Priority override - -An input can have multiple assignments with varying priority values. -When Chef InSpec evaluates an input, it determines the input value by finding the setting event with the highest priority. - -You can set a priority using the [`priority` option](#input-options) in the following input methods: - -- `inspec.yml` metadata file -- Control code - -For example, to set a priority of 50 in an `inspec.yml` metadata file, use: - -```yaml -inputs: -- name: very_important_input - value: 12 - priority: 50 -``` - -To set a priority in control code, use: - -```ruby -input('also_important', value: 42, priority: 45) -``` - -### Priority debugging - -If it's difficult to determine why InSpec is using a particular priority value, you can use the Event Log to determine what is happening. - -First, use the `input_object()` DSL method. -This method is like `input()` in that it looks up an input, but instead of evaluating the current value, it returns the underlying `Inspec::Input` object. - -```ruby -puts input_object('troublesome_input').diagnostic_string -``` - -Or - -```ruby -require 'pp' -pp input_object('troublesome_input').events -``` - -`diagnostic_string` assembles the Event Log into a printable log message for -convenience. - -The Event Log contains entries for every time that the value changed, as well as -one for when the input was first created. When possible, stack probing is used -to determine file and line numbers. Most importantly, you will see priority numbers; -remember that highest priority wins; order only matters to break a tie. - -## InSpec Attributes - -When originally introduced, the Input facility was named *Attributes*. This name -was problematic, because: - -- The Chef Infra tool uses the same word to describe its parameterization system. -- Chef Infra attributes have a completely different and much more complex precedence system. -- This caused confusion about passing Chef Infra attributes into InSpec when using Audit Cookbook and kitchen-inspec. - -Based on these concerns, InSpec attributes have been renamed to InSpec inputs in Chef InSpec v4. - -Support for using the DSL keyword `attribute()`, the metadata field `attributes:`, and the corresponding kitchen-inspec and audit cookbook values are anticipated to continue through Chef InSpec v5. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/inspec_yml.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/inspec_yml.md deleted file mode 100644 index b43f10ad81..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/inspec_yml.md +++ /dev/null @@ -1,138 +0,0 @@ -+++ -title = "inspec.yml File" -draft = false -gh_repo = "inspec" - -aliases = ["/inspec/profiles/inspec_yaml"] - -[menu] - [menu.inspec] - title = "inspec.yml" - identifier = "inspec/profiles/inspec.yml" - parent = "inspec/profiles" - weight = 20 -+++ - -The `inspec.yml` metadata file describes a profile. This file is required. - -## Parameters - -The `inspec.yml` file defines the following information: - -`name` -: A unique name for the profile. - - Required - -`title` -: A human-readable name for the profile. - - Optional - -`maintainer` -: The profile maintainer. - - Optional - -`copyright` -: The copyright holder. - - Optional - -`copyright_email` -: The support contact information for the profile, typically an email address. - - Optional - -`license` -: The license for the profile. - - Optional - -`summary` -: A one line summary for the profile. - - Optional - -`description` -: A multiple line description of the profile. - - Optional - -`version` -: The profile version. - - Optional - -`inspec_version` -: The SemVer version of Chef InSpec that the profile can run under. - - Optional - -`supports` -: A list of [supported platform](/inspec/profiles/platforms/) targets. - - Optional - -`depends` -: A list of [profile dependencies](/inspec/profiles/depends/). - - Optional - -`inputs` -: A list of [inputs](/inspec/profiles/inputs) you can use in your controls. - - Optional - -`gem_dependencies` -: A list of profile [gem dependencies](/inspec/profiles/depends/#gem-dependencies) that must be installed for the profile to function correctly. - - Optional - -### Example - -```yaml -name: ssh -title: Basic SSH -maintainer: Chef Software, Inc. -copyright: Chef Software, Inc. -copyright_email: support@chef.io -license: Proprietary, All rights reserved -summary: Verify that SSH Server and SSH Client are configured securely -version: 1.0.0 -supports: - - platform-family: linux -inputs: -- name: input_name - required: true - description: 'Input description.' - value: 10 - priority: 50 -depends: - - name: profile - path: ../path/to/profile -gem_dependencies: - - name: "gem-name" - version: ">= 2.0.0" -inspec_version: "~> 2.1" -``` - -### Embedded ERB - -The `inspec.yml` also supports embedded ERB. - -```yaml -name: dummy -title: InSpec Profile -maintainer: The Authors -copyright: The Authors -copyright_email: you@example.com -license: Apache-2.0 -summary: An InSpec Compliance Profile -version: 0.1.0 -depends: -- name: inherit - url: "https://artifactory.com/artifactory/example-repo-local/inspec/0.4.1.tar.gz" - username: <%= ENV['USERNAME'] %> - password: <%= ENV['API_KEY'] %> -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/platforms.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/platforms.md deleted file mode 100644 index 3649a1afce..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/platforms.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "InSpec Profile Platform Support" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Platforms" - identifier = "inspec/profiles/platforms" - parent = "inspec/profiles" - weight = 90 -+++ - -Use the `supports` setting in the [`inspec.yml` file](/inspec/profiles/inspec_yml/) to specify one (or more) platforms for which a profile is targeting. The list of supported platforms may contain the following: - -- Use `platform-family` to restrict to a specific platform family. -- Use `platform-name` to restrict on a specific platform name. `platform-name` supports asterisk (`*`) wildcard use. -- Use `release` to restrict to a specific platform version, and use together with `platform-name`. `release` supports asterisk (`*`) wildcard use. -- Use `platform` to restrict on either platform-name or platform-family. - -To get a list of all valid values for `platform-name` and `platform-family`, run `inspec schema platforms`, which returns the supported list in JSON format. - -For compatibility we support `os-name` and `os-family`. We recommend all users -to change `os-name` to `platform-name` and `os-family` to `platform-family`. - -With Chef InSpec 2.0, we introduced new families to help distinguish the cloud -platforms. The new families can restrict the platform family to `os`, `aws`, `azure` or `gcp`. - -For example, to target anything running Debian Linux, use: - -```yaml -name: ssh -supports: - - platform-name: debian -``` - -To target only Ubuntu version 20.04, use: - -```yaml -name: ssh -supports: - - platform-name: ubuntu - release: 20.04 -``` - -To target the entire release of Ubuntu version 20.x, use: - -```yaml -name: ssh -supports: - - platform-name: ubuntu - release: 20.* -``` - -To target the Red Hat and derivative platforms such as CentOS and Oracle Linux, use: - -```yaml -name: ssh -supports: - - platform-family: redhat -``` - -To target the entire Windows 2019 platform family, including Datacenter and Core Servers, use: - -```yaml -name: ssh -supports: - - platform-name: windows_server_2019* -``` - -To target anything running on Amazon AWS, use: - -```yaml -name: ssh -supports: - - platform: aws -``` - -To target all of these examples in a single `inspec.yml` file, use: - -```yaml -name: ssh -supports: - - platform-name: debian - - platform-name: ubuntu - release: 20.04 - - platform-family: redhat - - platform: aws -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/signing.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/signing.md deleted file mode 100644 index 6998d29b49..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/signing.md +++ /dev/null @@ -1,193 +0,0 @@ -+++ -title = "Signed InSpec Profiles" -draft = false -gh_repo = "inspec" - -aliases = ['/inspec/signing/'] - -[menu] - [menu.inspec] - title = "Signed Profiles" - identifier = "inspec/profiles/Signed profiles" - parent = "inspec/profiles" - weight = 100 -+++ - -This page documents how to make and use signed InSpec profiles. - -A signed profile, or `.iaf` file, is an InSpec profile with a digital signature that attests to its authenticity. -Progress Chef-authored profiles are available as signed profiles starting in 2022. - -IAF files are not human-readable, but you can view them using `inspec export`. Support for IAF v2.0 was added to InSpec 5. - -## How does profile signing work? - -Profile signing uses a matched pair of keys. The _signing key_ is secret and is used to sign the profile. The _validation key_ is widely distributed and verifies the signed profile signature. - -Keypairs are first searched for in the current directory and then in the user's `~/.inspec/keys` directory. -Progress Chef validation keys are also distributed in the `etc/keys` directory of the InSpec installation tree. -Finally, if a validation key is not found, the profile verification system attempts to download keys from the [InSpec Github](https://github.com/inspec/inspec/tree/main/etc/keys) repository. - -## Execute a signed profile - -You can execute a signed profile like any other profile. - -```bash -$ inspec exec simple.iaf - -Profile: InSpec Profile (simple) -Version: 0.1.0 -Target: local:// -Target ID: 46f308fc-7ad8-4230-8dd0-f2582227e164 - - ✔ tmp-1.0: Create /tmp directory - ✔ File /tmp is expected to be directory - - File /tmp - ✔ is expected to be directory - -Profile Summary: 1 successful control, 0 control failures, 0 controls skipped -Test Summary: 2 successful, 0 failures, 0 skipped -``` - -A signed profile is checked for validity before it's executed. If the profile cannot be verified, then InSpec exits with `code 5` (bad signature). - -## Identify key used to sign profile - -The `inspec sign verify` command displays which key is used to sign a profile. - -```bash -$ inspec sign verify simple-0.1.0-v2.iaf -Verifying simple-0.1.0-v2.iaf -Detected format version 'INSPEC-PROFILE-2' -Attempting to verify using key 'cwolfe-03' -Profile is valid. -``` - -## See contents of signed profile - -Use the `inspec export` command to examine a signed profile's contents. You must be able to verify the profile in order to export the contents. By default, the `export` command dumps a profile summary in a human-readable YAML format, including most of the metadata and the control IDs, control source code, inputs, and other profile information. - -- To view a **signed profile**, run: - - ```bash - $ inspec export simple-0.1.0.iaf - --- - :name: simple - :title: InSpec Profile - :maintainer: The Authors - :copyright: The Authors - :copyright_email: you@example.com - :license: Apache-2.0 - :summary: An InSpec Compliance Profile - :version: 0.1.0 - :supports: - - :platform: os - :controls: - - :title: - :desc: - :descriptions: {} - :impact: 0.5 - :refs: [] - :tags: {} - :code: '' - :source_location: - :ref: "/Users/cwolfe/sandbox/inspec/inspec-5/lib/inspec/control_eval_context.rb" - :line: 92 - :id: "(generated from example.rb:6 7007cd4757c4892cc89977e9847c1051)" - - :title: Create /tmp directory - :desc: An optional description... - :descriptions: - :default: An optional description... - :impact: 0.7 - :refs: [] - :tags: {} - :code: | - control "tmp-1.0" do # A unique ID for this control - impact 0.7 # The criticality, if this control fails. - title "Create /tmp directory" # A human-readable title - desc "An optional description..." - describe file("/tmp") do # The actual test - it { should be_directory } - end - end - :source_location: - :ref: controls/example.rb - :line: 11 - :id: tmp-1.0 - :groups: - - :title: sample section - :controls: - - "(generated from example.rb:6 7007cd4757c4892cc89977e9847c1051)" - - tmp-1.0 - :id: controls/example.rb - :inputs: [] - :sha256: c1a5298d56f028386edf4c52573264ca38d476ce6156a053a2c412991fb0b646 - :status_message: '' - :status: loaded - :generator: - :name: inspec - :version: 5.14.5 - ``` - -- To view a profile's **README**, run: - - ```bash - $ inspec export --what readme simple-0.1.0.iaf - # Example InSpec Profile - - This example shows the implementation of an InSpec profile. - - ``` - -- To view a **signed profile's metadata file (inspec.yml)**, run: - - ```bash - $ inspec export --what metadata simple-0.1.0.iaf - name: simple - title: InSpec Profile - maintainer: The Authors - copyright: The Authors - copyright_email: you@example.com - license: Apache-2.0 - summary: An InSpec Compliance Profile - version: 0.1.0 - supports: - platform: os - ``` - -## Mandatory profile signing - -**Chef InSpec 6** and above has an optional setting that requires that all profiles are signed. -If mandatory profile signing is enabled, InSpec will not execute functions with an un-signed profile and exits with exit code 6. - -To enable mandatory profile signing, set the environment variable `CHEF_PREVIEW_MANDATORY_PROFILE_SIGNING` to any non-empty value. - -If you need to bypass mandatory profile signing, use the `--allow-unsigned-profiles` CLI option or set the `CHEF_ALLOW_UNSIGNED_PROFILES` environment variable. - -## Advanced Usage - -### Create a signing and validation keys - -Most users of signed profiles need not create keys of their own unless they wish to sign and distribute profiles themselves. -To generate keys of your own, use the `inspec sign generate-keys` command: - -```bash -$ inspec sign generate-keys --keyname test-03 -Generating keys -Generating signing key in /Users/cwolfe/.inspec/keys/test-03.pem.key -Generating validation key in /Users/cwolfe/.inspec/keys/test-03.pem.pub -``` - -Keep your signing key secret. You must devise a way of distributing the validation key to your profile users; they will be unable to use your signed IAF files unless they have the validation key. - -### Sign profile - -You will need a signing key to sign profiles. Specify the path of profile and the name of the key. - -```bash -$ inspec sign profile simple --keyname test-03 -Signing simple with key cwolfe-03 -Dependencies for profile simple successfully vendored to /Users/cwolfe/sandbox/inspec/inspec-5/temp/simple/vendor -Successfully generated simple-0.1.0.iaf -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/style.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/style.md deleted file mode 100644 index 44a4ef3d16..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles/style.md +++ /dev/null @@ -1,317 +0,0 @@ -+++ -title = "Chef InSpec Profile Style Guide" -draft = false -gh_repo = "inspec" - -aliases = ['/inspec/style/'] - -[menu] - [menu.inspec] - title = "Profile Style Guide" - identifier = "inspec/profiles/style" - parent = "inspec/profiles" - weight = 100 -+++ - -This is a set of recommended Chef InSpec rules you should use when writing controls. - -## "should" vs. "expect" syntax - -Users familiar with the RSpec testing framework may know that there are two ways -to write test statements: `should` and `expect`. The RSpec community decided that -`expect` is the preferred syntax. However, Chef InSpec recommends the `should` -syntax as it tends to read more easily to those users who are not as technical. - -Chef InSpec will continue to support both methods of writing tests. Consider -this `file` test: - -```Ruby -describe file('/tmp/test.txt') do - it { should be_file } -end -``` - -This can be re-written with `expect` syntax - -```Ruby -describe file('/tmp/test.txt') do - it 'should be a file' do - expect(subject).to(be_file) - end -end -``` - -The output of both of the above examples looks like this: - -```bash -File /tmp/test.txt - ✔ should be a file -``` - -In addition, you can make use of the `subject` keyword to further control your -output if you choose: - -```Ruby -describe 'test file' do - subject { file('/tmp/test.txt') } - it 'should be a file' do - expect(subject).to(be_file) - end -end -``` - -... which will render the following output: - -```bash -test file - ✔ should be a file -``` - -## Control Files - -### Place control files in `controls/` and end them with `.rb` - -Most syntax highlighters will render Chef InSpec files correctly across a wide list -of tools. - -Avoid: - -- `controls/ssh_config` -- `controls/ssh/config.rb` - -Use: - -- `controls/ssh_config.rb` -- `controls/ssh_config.rb` - -### Avoid `controls`/`control` in your control filenames - -Using `controls` in the filename creates unnecessary clutter when reading it. -Keep the names short and concise. - -Avoid: - -- `controls/ssh_controls.rb` - -Use: - -- `controls/ssh.rb` - -## Code Style - -### Avoid unnecessary parentheses in matchers - -Adding additional parentheses is not required and provides more readability if -it is not used: - -Avoid: - -- `it { should eq(value) }` - -Use: - -- `it { should eq value }` - -The exception are matchers that require additional arguments or named arguments. - -## Controls - -### Avoid wrapping controls in conditional statements - -This will create dynamic profiles whose controls depend on the execution. The -problem here is that we cannot render the profile or provide its information -before scanning a system. We want to be able to inform users of the contents of -their profiles before they run them. It is valid to skip controls that are not -necessary for a system, as long as you do it via `only_if` conditions. Ruby's -internal conditionals will hide parts of the profile to static analysis and -should thus be avoided. - -Avoid: - -```ruby -if package('..').installed? - control "package-test1" do - .. - end -end -``` - -Use: - -```ruby -control "package-test1" do - only_if { package('..').installed? } -end -``` - -Avoid: - -```ruby -case inspec.platform.name -when /centos/ - include_controls 'centos-profile' -... -``` - -Instead use the `supports` attribute in the `inspec.yml` of the profile you -want to include: - -```ruby -supports: - - platform-name: centos -``` - -Now whenever you run the base profile you can just -`include_controls 'centos-profile'`. It will only run the included profiles is -the platform matches the supported platform. - -### Avoid dynamic elements in the control IDs - -Control IDs are used to map test results to the tests and profiles. Dynamic -control IDs make it impossible to map results back, since the identifier which -connects tests and results may change in the process. - -Avoid: - -```ruby -control "test-file-#{name}" do - .. -end -``` - -Use: - -```ruby -control "test-all-files" do - .. -end -``` - -Sometimes you may create controls from a static list of elements. If this list -stays the same no matter what system is scanned, it may be ok to do so and use -it as a generator for static controls. - -### Avoid Ruby system calls - -Ruby code is executed on the system that runs InSpec. This allows Chef InSpec to work -without Ruby and RubyGems being required on remote targets (servers or -containers). System calls are often used to interact with the local OS or remote -endpoints from a local installation. - -Chef InSpec tests, however, are designed to be universally executable on all types -of runtimes, including local and remote execution. We want to give users the -ability to take an OS profile and execute it remotely or locally. - -### Avoid shelling out - -Avoid: - -- `` `ls` `` -- `system("ls")` -- `IO.popen("ls")` - -Use: - -- `command("ls")` or `powershell("Get-ChildItem")` - -Ruby's command executors will only run locally. Imagine a test like this: - -```ruby -describe `whoami` do - it { should cmp "bob\n" } -end -``` - -If you run this test on your local system and happen to be using Bob's account -it will succeed. But if you were to run it against -`--target alice@remote-host.com` it will still report that the user is bob -instead of alice. - -Instead, do this: - -```ruby -describe command('whoami') do - its('stdout') { should cmp "bob\n" } -end -``` - -If the profile is pointed to a remote endpoint using the `command` resource -will run it on the remote OS. - -### Avoid Ruby IO on files - -Similar to the command interactions these files will only be read locally with -Ruby's internal calls. If you run this test against a remote target it won't -read the file from the remote endpoint, but from the local OS instead. Use the -`file` resource to read files on the target system. - -Avoid: - -- `File.new("filename").read` -- `File.read("filename")` -- `IO.read("filename")` - -Use: - -- `file("filename")` - -In general, try to avoid Ruby's IO calls from within Chef InSpec controls and use -Chef InSpec resources instead. - -### Avoid Ruby gem dependencies in controls - -In addition to avoiding system-level gems and modules you should also limit the -use of external dependencies to resource packs or plugins. Gems need to be -resolved, installed, vendored, and protected from conflicts. We aim to avoid -exposing this complexity to users of InSpec, to make it a great tool even if you -are not a developer. - -Plugins should declare gem dependencies in their gemspec, and then rely on the -plugin installation facility to install and manage dependencies. - -### Avoid debugging calls (in production) - -One of the best way to develop and explore tests is the interactive debugging -shell `pry` (see [Interactive Debugging with Pry] (/inspec/dsl_inspec/#interactive-debugging-with-pry) -at the end of this page). However, after you finish your profile make sure you -have no interactive statements included anymore. Sometimes interactive calls are -hidden behind conditionals (`if` statements) that are harder to reach. These -calls can easily cause trouble when an automated profiles runs into an -interactive `pry` call that stops the execution and waits for user input. - -Avoid: - - `binding.pry` in production profiles - -Use: - - Use debugging calls during development only - -Also you may find it helpful to use the Chef InSpec logging interface: - -```ruby -Inspec::Log.info('Hi') -``` - -#### 9. Favor `cmp` over `eq` - -The `cmp` matcher handles type conversions, case insensitive comparisons, -converting strings to versions (e.g. '7.35.0-1ubuntu2.10'), and many other -troublesome things. Unless you want an exact match (if so use the `eq` matcher) -then the `cmp` matcher should be used. - -For example, this: - -```ruby -describe passwd.uids(0) do - its('users') { should cmp 'root' } -end -``` - -is preferred over: - -```ruby -describe passwd.uids(0) do - its('users') { should eq ['root'] } -end -``` - -See the [`cmp` matcher documentation](/inspec/matchers/#cmp) for more examples. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md deleted file mode 100644 index 723373e14c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md +++ /dev/null @@ -1,322 +0,0 @@ -+++ -title = "Chef InSpec Reporters" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Reporters" - identifier = "inspec/Reporters" - parent = "inspec" - weight = 100 -+++ - -A Chef InSpec reporter formats and delivers the results of a Chef InSpec audit run. You can output the results of your audits to more than one reporter. - -## Configure - -Configure the reporter(s) using the `--reporter` option or as part of the general configuration file using the `--config` option. - -You can use both the `--reporter` and `--config` options, in which case the options are merged. -While you can configure multiple reporters to write to different files, only one reporter can output to the screen(stdout). - -### reporter option - -You can specify one or more reporters using the `--reporter` CLI flag. You can also specify an output by appending a path separated by a colon. - -**Output JSON to screen** - -```bash -inspec exec example_profile --reporter json -# or explicitly specifying output to STDOUT: -inspec exec example_profile --reporter json:- -``` - -**Output YAML to screen.** - -```bash -inspec exec example_profile --reporter yaml -# or -inspec exec example_profile --reporter yaml:- -``` - -**Output CLI to screen and write JSON to a file.** - -```bash -inspec exec example_profile --reporter cli json:/tmp/output.json -``` - -**Output nothing to screen and write JUnit and HTML to a file.** - -```bash -inspec exec example_profile --reporter junit2:/tmp/junit.xml html:www/index.html -``` - -**Output JSON to screen and write to a file. Write JUnit to a file.** - -```bash -inspec exec example_profile --reporter json junit2:/tmp/junit.xml | tee out.json -``` - -If you wish to pass the profiles directly after specifying the reporters, you must use the end of options flag `--`. - -```bash -inspec exec --reporter json junit2:/tmp/junit.xml -- profile1 profile2 -``` - -**Output real-time progress to screen with a progress bar.** - -```bash -inspec exec example_profile --reporter progress-bar -``` - -### config file - -You can also set reporters using a configuration file. -For guidance on creating and using a config file, see the [InSpec config documentation](/inspec/config/). - -**Output CLI to screen.** - -```json -{ - "reporter": { - "cli" : { - "stdout" : true - } - } -} -``` - -**Output CLI to screen and write JSON to a file.** - -```json -{ - "reporter": { - "cli" : { - "stdout" : true - }, - "json" : { - "file" : "/tmp/output.json", - "stdout" : false - } - } -} -``` - -## Options - -The following are CLI options that are used to modify reporter behavior. -Many of these options allow you to limit the report size because some reporters (such as the json-automate reporter) limit on the total size of the report that can be processed. - -`--diff`, `--no-diff` - -: Include a `diff` comparison of textual differences in the failed test output. - - Use `--no-diff` to limit the size of the report output when tests contain large amounts of text output. - - Default: `true` - -`--enhanced-outcomes` - -: Includes enhanced outcome of controls in report data. - - The control level status outcomes are: - - `Passed` - - `Failed` - - `Not Applicable (N/A)` - - `Not Reviewed (N/R)` - - `Error (ERR)`. - - Supported with the following reporters: - - automate - - cli - - html2 - - json - - json-automate - - progress-bar - - yaml - - -`--filter-empty-profiles` - -: Remove empty profiles (those containing zero controls, such as resource packs) from the reporter's output. - -`--reporter-backtrace-inclusion` -`--no-reporter-backtrace-inclusion` - -: Include a code backtrace in report data. - - The `--no-reporter-backtrace-inclusion` option may be used to limit report size when large code stack traces are present in the output. - - Default: `true` - -`--reporter-include-source` - -: (CLI reporter only) Include full source code of controls in the report. - -`--reporter-message-truncation=N` - -: Number of characters to truncate failure messages in report data. - - This may be used to limit the size of reports when failure messages are exceptionally large. - - Default: no truncation - -## Reporters - -The following are the supported reporters. - -### automate - -The `automate` reporter type is a special reporter which sends its results over the network to [Chef Automate]({{< relref "/automate/">}}). To use this reporter, you must pass in the correct configuration via a JSON configuration `--config`. - -Example Configuration: - -```json -{ - "reporter": { - "automate" : { - "stdout" : false, - "url" : "https://AUTOMATE_URL/data-collector/v0/", - "token" : "AUTOMATE_ADMIN_TOKEN", - "insecure" : true, - "node_name" : "inspec_test_node", - "environment" : "prod" - } - } -} -``` - -#### Mandatory fields - -`stdout` -: Either suppress or shows the automate report in the CLI screen on completion. - -`url` -: Chef Automate. Append `data-collector/v0/` at the end. - -`token` -: Chef Automate tokens. You can generate this token by navigating to the **admin** tab of Automate and then clicking **API keys**. - -#### Optional fields - -`insecure` -: Disables or enables the SSL check when accessing the Chef Automate instance. - -`node_name` -: Node name which shows up in Chef Automate. - -`node_uuid` -: Node UUID, which shows up in Chef Automate. Use a single static UUID per node for all your reports. You must specify a `node_uuid` in the Chef InSpec configuration file if running Chef InSpec outside of an audit cookbook or another environment where a `chef_guid` or `node_uuid` is already known to Chef InSpec. - -`environment` -: Sets the environment metadata for Chef Automate. - -### cli - -This is the basic text based report. It includes details about tests that passed and failed and an overall summary at the end. - -### documentation - -This reporter is a very minimal text-based report. It shows you which tests passed by name and has a small summary at the end. - -### html - -This reporter is the legacy RSpec HTML reporter retained for backward compatibility. -The report generated is unaware of profiles or controls and only contains unsorted test information. -Most users should migrate to the `html2` reporter for more complete data. - -### html2 - -This reporter is an improved HTML reporter that contains full data about the structure of the profile, controls, and tests. The generated report renders HTML code for viewing your tests in a browser. - -The `html2` reporter requires no configuration to function. However, options `--alternate_css_file` and `--alternate_js_file` are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. - -For details, see [our configuration file documentation](/inspec/config/). - -For example: - -```json -{ - "version": "1.2", - "plugins": { - "inspec-reporter-html2": { - "alternate_js_file":"/var/www/js/my-javascript.js", - "alternate_css_file":"/var/www/css/my-style.css" - } - } -} -``` - -#### alternate_css_file - -Specifies the full path to the location of a CSS file that is read and inlined into the HTML report. The default CSS is not included. - -#### alternate_js_file - -Specifies the full path to the location of a JavaScript file that is read and inlined into the HTML report. The default JavaScript is included. The JavaScript file should implement at least a `pageLoaded()` function, which is called by the `onload` event of the HTML `body` element. - -### json - -This reporter includes all information about the profiles and test results in standard JSON format. You may optionally pass through arbitrary structured JSON data by setting a JSON configuration with the `--config` parameter. - -For example: - -```json -{ - "reporter": { - "json": { - "stdout": true, - "passthrough": { - "a": 1, - "b": false - } - } - } -} -``` - -### json-automate - -The `json-automate` reporter is a special reporter that prepares the data format used by the Automate reporter. `json-automate` does not communicate on the network; instead, it simply produces the JSON report format that Automate would be consuming. Notably, the report is based on the `json` reporter, with the following modifications: - -- Controls appearing in child profiles are de-duplicated by ID, merging into the parent profile. -- Child profiles are deleted, flattening the report. - -The `json-automate` reporter is primarily used for internal needs, but some users may find it helpful if they want a JSON-based reporter that merges controls. - -### json-min - -This reporter is a redacted version of the JSON and only includes test results. - -### json-rspec - -This reporter includes all information from the Rspec runner. Unlike the JSON reporter, this includes Rspec-specific details. - -### junit - -This legacy reporter outputs nonstandard JUnit XML and is provided only for backward compatibility. New JUnit users should use the junit2 reporter. - -### junit2 - -This reporter outputs the standard JUnit spec in XML format. New JUnit users should use this reporter instead of the legacy junit reporter. - -### progress - -This reporter is very condensed and provides you a `.`(pass), `f`(fail), or `*`(skip) character per test and a small summary at the end. - -### progress-bar - -This reporter outputs the real-time progress of a running InSpec profile using a progress bar and prints the running control's ID with an indicator of the control's status (`Passed`, `failed`, or `skipped`). - -For example: - -![Progress Bar Reporter showing outcome of tests in CLI output.](/images/inspec/reporter_outcome_progress_bar.png) - -And reporter outcome with `--enhanced-outcomes` option: - -![Progress Bar Reporter showing outcome of tests in CLI output with enhance output.](/images/inspec/reporter_outcome_progress_bar_enhanced_outcomes.png) - -### yaml - -This reporter includes all information about the profiles and test results in standard yaml format. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md deleted file mode 100644 index 8e4ca031e5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "InSpec Resources Reference" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "InSpec Resources (Single Page)" - identifier = "inspec/resources/_index.md Chef InSpec Resources (Single Page)" - parent = "inspec/resources" - weight = 10 -+++ - -The following list of InSpec resources are available. - -{{< inspec/inspec_resources_filter >}} - -## OS - -{{< inspec/inspec_resources platform="os" >}} - -### Linux - -The following resources work on Linux operating systems. - -{{< inspec/inspec_resources platform="linux" >}} - -### BSD - -The following resources work on BSD operating systems. - -{{< inspec/inspec_resources platform="bsd" >}} - -### Windows - -The following resources work on Windows operating systems. - -{{< inspec/inspec_resources platform="windows" >}} - -## Alibaba - -{{< inspec/inspec_resources platform="alicloud" >}} - -## AWS - -{{< inspec/inspec_resources platform="aws" >}} - -## Azure - -{{< inspec/inspec_resources platform="azure" >}} - -## GCP - -{{< inspec/inspec_resources platform="gcp" >}} - -## Habitat - -{{< inspec/inspec_resources platform="habitat" >}} - -## Kubernetes - -{{< inspec/inspec_resources platform="k8s" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md deleted file mode 100644 index a445e65737..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "aide_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "aide_conf" - identifier = "inspec/resources/os/aide_conf.md aide_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `aide_conf` Chef InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.37.6 of InSpec. - -## Syntax - -An `aide_conf` resource block can be used to determine if the selection lines contain one (or more) directories whose files should be added to the aide database: - - describe aide_conf('path') do - its('selection_lines') { should include '/sbin' } - end - -where - -- `'selection_lines'` refers to all selection lines found in the aide.conf file -- `('path')` is the non-default path to the `aide.conf` file (optional) -- `should include 'value'` is the value that is expected - -Use the where clause to match a selection_line to one rule or a particular set of rules found in the aide.conf file: - - describe aide_conf.where { selection_line == '/bin' } do - its('rules.flatten') { should include 'r' } - end - - describe aide_conf.where { selection_line == '/sbin' } do - its('rules') { should include ['p', 'i', 'l', 'n', 'u', 'g', 'sha512'] } - end - -## Properties - -### `rules` - -The `rules` property returns the list of rules set in the `aide.conf` file. - - its('rules') { should include ['r', 'sha512'] } - -### `all_have_rule` - -The `all_have_rule` property returns the all selected lines from `aide.conf` file e.g. 'p', 'i' etc. - - aide_conf.all_have_rule('sha512') - -### `selection_lines` - -The `selection_lines` property returns the list of lines from `aide.conf` file. - - its('selection_lines') { should include '/sbin' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if all selection lines contain the `xattr` rule - - describe aide_conf.all_have_rule('xattr') do - it { should eq true } - end - -### Test whether selection line for /bin contains a particular rule - - describe aide_conf.where { selection_line == '/bin' } do - its('rules.flatten') { should include 'r' } - end - -### Test whether the selection line for `/sbin` consists of a particular set of rules - - describe aide_conf.where { selection_line == '/sbin' } do - its('rules') { should include ['r', 'sha512'] } - end - -### The usage of all_have_rule will return whether or not all selection lines in audit.conf contain a particular rule: - - describe aide_conf.all_have_rule('sha512') do - it { should eq true } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache.md deleted file mode 100644 index 2e12131d29..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "apache resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "apache" - identifier = "inspec/resources/os/apache.md apache resource" - parent = "inspec/resources/os" -+++ - -{{< warning >}} - -This resource is deprecated and should not be used. It was removed in Chef InSpec 4.0. The documentation below is preserved as a reference. Replacement functionality is available in the [`apache_conf`](/inspec/resources/apache_conf/) resource. - -{{< /warning >}} - -Use the `apache` Chef InSpec audit resource to test the state of the Apache server on Linux/Unix systems. - -## Availability - -### Install - -This resource was distributed along with Chef InSpec itself. - -### Version - -This resource first became available in v1.51.15 of InSpec and was removed in version 4.0. - -## Syntax - -An `apache` Chef InSpec audit resource block declares settings that should be tested: - - describe apache do - its('setting_name') { should cmp 'value' } - end - -where - -- `'setting_name'` is description of the Apache configuration file -- `{ should cmp 'value' }` is the value that is expected - -## Properties - -- `service`, `conf_dir`, `conf_path`, `user` - -## Property Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the service name. - - describe apache do - its ('service') { should cmp 'apache2' } - end - -### Test the configuration location - - describe apache do - its ('conf_dir') { should cmp '/etc/apache2' } - end - -### Test the path of the configuration file - - describe apache do - its ('conf_path') { should cmp '/etc/apache2/apache2.conf' } - end - -### Test the apache user - - describe apache do - its ('user') { should cmp 'www-data' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md deleted file mode 100644 index 9b2ab4defc..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "apache_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "apache_conf" - identifier = "inspec/resources/os/apache_conf.md apache_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `apache_conf` Chef InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Requirements - -`ServerRoot` must be included in an Apache configuration file. If not present, the included configurations will not be accessible to the resource. - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `apache_conf` Chef InSpec audit resource block declares configuration settings that should be tested: - - describe apache_conf('path') do - its('setting_name') { should eq 'value' } - end - -where - -- `'setting_name'` is a configuration setting defined in the Apache configuration file -- `('path')` is the non-default path to the Apache configuration file -- `{ should eq 'value' }` is the value that is expected - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for blocking .htaccess files on CentOS - - describe apache_conf do - its('AllowOverride') { should cmp 'None' } - end - -### Test ports for SSL - - describe apache_conf do - its('Listen') { should cmp '443' } - end - -### Test multiple ports are listening - - describe apache_conf do - its('Listen') { should =~ [ '80', '443' ] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This Chef InSpec audit resource matches any service that is listed in the Apache configuration file: - - its('PidFile') { should_not eq '/var/run/httpd.pid' } - -or: - - its('Timeout') { should cmp '300' } - -For example: - - describe apache_conf do - its('MaxClients') { should cmp '100' } - its('Listen') { should cmp '443' } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md deleted file mode 100644 index 6febfb3f2d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "apt resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "apt" - identifier = "inspec/resources/os/apt.md apt resource" - parent = "inspec/resources/os" -+++ - -Use the `apt` Chef InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `apt` resource block tests the contents of Apt and PPA repositories: - - describe apt('path') do - it { should exist } - it { should be_enabled } - end - -where - -- `apt('path')` must specify an Apt or PPA repository -- `('path')` may be an `http://` address, a `ppa:` address, or a short `repo-name/ppa` address -- `exist` and `be_enabled` are a valid matchers for this resource - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if apt repository exists and is enabled - - describe apt('http://ppa.launchpad.net/juju/stable/ubuntu') do - it { should exist } - it { should be_enabled } - end - -### Verify that a PPA repository exists and is enabled - - describe apt('ppa:nginx/stable') do - it { should exist } - it { should be_enabled } - end - -### Verify that a repository is not present - - describe apt('ubuntu-wine/ppa') do - it { should_not exist } - it { should_not be_enabled } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if a repository is enabled on the system: - - it { should be_enabled } - -### exist - -The `exist` matcher tests if a repository exists on the system: - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md deleted file mode 100644 index e2cc55954c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md +++ /dev/null @@ -1,57 +0,0 @@ -+++ -title = "audit_policy resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "audit_policy" - identifier = "inspec/resources/os/audit_policy.md audit_policy resource" - parent = "inspec/resources/os" -+++ - -Use the `audit_policy` Chef InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory: - - describe audit_policy do - its('parameter') { should eq 'value' } - end - -where - -- `'parameter'` must specify a parameter -- `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test that a parameter is not set to "No Auditing" - - describe audit_policy do - its('Other Account Logon Events') { should_not eq 'No Auditing' } - end - -### Test that a parameter is set to "Success" - - describe audit_policy do - its('User Account Management') { should eq 'Success' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md deleted file mode 100644 index d02fb8a1c7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "auditd resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "auditd" - identifier = "inspec/resources/os/auditd.md auditd resource" - parent = "inspec/resources/os" -+++ - -Use the `auditd` Chef InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the `auditctl -l` command. This resource supports versions of `audit` >= 2.3. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.38.8 of InSpec. - -## Syntax - -An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do: - - describe auditd do - its('lines') { should include %r(-w /etc/ssh/sshd_config) } - end - -or test that multiple individual rules are defined: - - describe auditd do - its('lines') { should include %r(-a always,exit -F arch=.* -S init_module,delete_module -F key=modules) } - its('lines') { should include %r(-a always,exit -F arch=.* -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=.+) } - end - -where each test must declare one (or more) rules to be tested. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if a rule contains a matching element that is identified by a regular expression - -For `audit` >= 2.3: - - describe auditd do - its('lines') { should include %r(-a always,exit -F arch=.* -S chown.* -F auid>=1000 -F auid!=-1 -F key=perm_mod) } - end - -### Query the audit daemon status - - describe auditd.status('backlog') do - it { should cmp 0 } - end - -### Query properties of rules targeting specific syscalls or files - uniq is used to handle multiple rules for the same syscall with redundant field values - - describe auditd.syscall('open') do - its('action.uniq') { should eq ['always'] } - its('list.uniq') { should eq ['exit'] } - end - - describe auditd.file('/etc/sudoers') do - its('permissions') { should include ['x'] } - end - -The where accessor can be used to filter on fields. For example: - - describe auditd.syscall('chown').where { arch == "b32" } do - its('action') { should eq ['always'] } - its('list') { should eq ['exit'] } - its('exit') { should include ['-EACCES'] } - its('exit') { should include ['-EPERM'] } - end - -The key filter may be useful in evaluating rules with particular key values: - - describe auditd.where { key == "privileged" } do - its('permissions') { should include ['x'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md deleted file mode 100644 index 1f310dfef9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "auditd_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "auditd_conf" - identifier = "inspec/resources/os/auditd_conf.md auditd_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `auditd_conf` Chef InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `auditd_conf` resource block declares configuration settings that should be tested: - - describe auditd_conf('path') do - its('keyword') { should cmp 'value' } - end - -where - -- `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file -- `('path')` is the non-default path to the `auditd.conf` configuration file -- `{ should cmp 'value' }` is the value that is expected - -## Properties - -This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive: - -- `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `conf_path`, `content`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `params`, `space_left`, `space_left_action` - -## Property Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the auditd.conf file - - describe auditd_conf do - its('log_file') { should cmp '/full/path/to/file' } - its('log_format') { should cmp 'raw' } - its('flush') { should cmp 'none' } - its('freq') { should cmp 1 } - its('num_logs') { should cmp 0 } - its('max_log_file') { should cmp 6 } - its('max_log_file_action') { should cmp 'email' } - its('space_left') { should cmp 2 } - its('action_mail_acct') { should cmp 'root' } - its('space_left_action') { should cmp 'email' } - its('admin_space_left') { should cmp 1 } - its('admin_space_left_action') { should cmp 'halt' } - its('disk_full_action') { should cmp 'halt' } - its('disk_error_action') { should cmp 'halt' } - end - - describe file(auditd_conf.conf_path) do - its('group') { should cmp 'root' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### `cmp` - -The `cmp` matcher compares values across types. - - its('freq') { should cmp 1 } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md deleted file mode 100644 index 0752b159d9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md +++ /dev/null @@ -1,253 +0,0 @@ -+++ -title = "azurerm_ad_user resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_ad_user" - identifier = "inspec/resources/azure/azurerm_ad_user.md azurerm_ad_user resource" - parent = "inspec/resources/azure" -+++ - -{{< warning >}} - -This resource will be deprecated when version 2 of the inspec-azure resource pack is released. - -{{< /warning >}} - -Use the `azurerm_ad_user` InSpec audit resource to test properties of -an Azure Active Directory user within a Tenant. - -## Azure REST API version - -This resource interacts with version `1.6` of the Azure Graph API. For more -information see the [official Azure documentation](https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/users-operations#GetAUser). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.1.0 of the inspec-azure resource pack. - -## Syntax - -The `user_id` must be given as a parameter. - - describe azurerm_ad_user(user_id: 'someUserId') do - it { should exist } - end - -## Examples - -If an Active Directory user account is referenced with a valid ID - - describe azurerm_ad_user(user_id: 'someValidId') - it { should exist } - end - -If an Active Directory user account is referenced with an invalid ID - - describe azurerm_ad_user(user_id: 'someInvalidId') - it { should_not exist } - end - -## Parameters - -- `user_id` - -## Parameter Examples - -`user_id` is a required parameter. - - describe azurerm_ad_user(user_id: 'MyUserId') do - ... - end - -## Attributes - -- `object_id` -- `account_enabled` -- `city` -- `country` -- `department` -- `displayName` -- `facsimile_telephone_number` -- `given_name` -- `job_title` -- `mail` -- `mail_nickname` -- `mobile` -- `password_policies` -- `password_profile` -- `postal_code` -- `state` -- `street_address` -- `surname` -- `telephone_number` -- `usage_location` -- `user_principal_name` -- `user_type` - -### object_id - -The user's object ID. - -### account_enabled - -Whether the account is enabled. - -### city - -The user's city. - -### country - -The user's country. - -### department - -The user's department. - -### displayName - -The display name of the user. - -### facsimile_telephone_number - -the user's facsimile (fax) number. - -### given_name - -the given name for the user. - -### job_title - -the user's job title. - -### mail - -the primary email address of the user. - -### mail_nickname - -The mail alias for the user. - -### mobile - -The user's mobile (cell) phone number. - -### password_policies - -The password policies for the user. - -### password_profile - -The password profile for the user. - -### postal_code - -The user's postal (ZIP) code. - -### state - -The user's state. - -### street_address - -The user's street address. - -### surname - -The user's surname (family name or last name). - -### telephone_number - -The user's telephone number. - -### usage_location - -A two letter country code (ISO standard 3166). Required for users that will be -assigned licenses due to legal requirement to check for availability of -services in countries. Examples include: "US", "JP", and "GB". - -### user_principal_name - -The principal name of the user. - -### user_type - -A string value that can be used to classify user types in your directory, such as 'Member' and 'Guest'. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). Given the example response in their documentation: - -``` -... - "preferredLanguage": "en-US", - "provisionedPlans": [ - { - "capabilityStatus": "Enabled", - "provisioningStatus": "Success", - "service": "exchange" - }, -... -``` - -We may access `provisioningStatus` with: - -```ruby -its('provisionedPlants.first.provisioningStatus') { should eq "Success" } -``` - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_ad_user(user_id: 'someUserId') do - it { should exist } - end - -## Azure Permissions - -The Client/Active Directory Application you have configured InSpec Azure to use (`AZURE_CLIENT_ID`) must -have permissions to read User data from the Azure Graph RBAC API. - -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) -for information on how to grant these permissions to your application. - -Note: An Azure Admin must grant your application these permissions. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md deleted file mode 100644 index 7e1880896e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "azurerm_ad_users resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_ad_users" - identifier = "inspec/resources/azure/azurerm_ad_users.md azurerm_ad_users resource" - parent = "inspec/resources/azure" -+++ - -{{< warning >}} - -This resource will be deprecated when version 2 of the inspec-azure resource pack is released. - -{{< /warning >}} - -Use the `azurerm_ad_users` InSpec audit resource to test properties of -some or all Azure Active Directory users within a Tenant. - -## Azure REST API version - -This resource interacts with version `1.6` of the Azure Graph API. For more -information see the [official Azure documentation](https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/users-operations#GetUsers). - -I don't see a way to select the version of the API in the Azure documents. If -you notice a newer version being referenced in the official documentation -please open an issue or submit a pull request using the updated version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.1.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_ad_users` resource block returns all Azure Active Directory user accounts for the -contained within the configured Tenant and then tests that group group of users. - - describe azurerm_ad_users do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check Users are present - - describe azurerm_ad_users do - it { should exist } - end - -### Ensure there are no Guest accounts active - - describe azurerm_ad_users.guest_accounts - it { should_not exist } - end - -## Filter Criteria - -- `names` - -### names - -Filters the results to include only those Users that match the given -name. This is a string value. - - describe azurerm_ad_users.where{ displayName.eql?('Haris Shefu') } do - it { should exist } - end - -## Properties - -- `object_ids` -- `display_names` -- `mails` -- `user_types` - -### object_ids - -The azureIds property provides a list of all User's Azure IDs. - - its('azure_ids') { should include '44211066-f292-4546-8ced-2ab0e0911f44' } - -### display_names - -The displayNames property provides a list of all the User display names. - - its('display_names') { should include 'Azure Admin Account' } - -### mails - -The mails property provides a list of all the User email addresses, where present. - - its('mails') { should include 'admin@example.com' } - -### user_types - -The userTypes property provides a list of all User Types for all users. - - its('user_types') { should include 'Member' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_ad_users do - it { should exist } - end - -## Azure Permissions - -The Client/Active Directory Application you have configured InSpec Azure to use (`AZURE_CLIENT_ID`) must -have permissions to read User data from the Azure Graph RBAC API. - -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) -for information on how to grant these permissions to your application. - -Note: An Azure Admin must grant your application these permissions. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md deleted file mode 100644 index 24c79217ff..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "azurerm_aks_cluster resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_aks_cluster" - identifier = "inspec/resources/azure/azurerm_aks_cluster.md azurerm_aks_cluster resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_aks_cluster" >}} - -Use the `azurerm_aks_cluster` InSpec audit resource to test properties of an Azure AKS Cluster. - -## Azure REST API version - -This resource interacts with version `2018-03-31` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_aks_cluster` resource block identifies an AKS Cluster by name and Resource Group. - - describe azurerm_aks_cluster(resource_group: 'example', name: 'ClusterName') do - ... - end - -## Examples - -### Test that an example Resource Group has the specified AKS Cluster - - describe azurerm_aks_cluster(resource_group: 'example', name: 'ClusterName') do - it { should exist } - end - -### Test that a specified AKS cluster was successfully provisioned - - describe azurerm_network_security_group(resource_group: 'example', name: 'ClusterName') do - its('properties.provisioningState') { should cmp 'Succeeded' } - end - -### Test that a specified AKS cluster the correct number of nodes in pool - - describe azurerm_network_security_group(resource_group: 'example', name: 'ClusterName') do - its('properties.agentPoolProfiles.first.count') { should cmp 5 } - end - -## Parameters - -- `name` -- `resource_group` - -## Parameter Examples - -The Resource Group as well as the AKS Cluster name. - - describe azurerm_aks_cluster(resource_group: 'example', name: 'ClusterName') do - it { should exist } - end - -## Attributes - -All of the attributes are available via dot notation. This is an example of the currently available attributes. - -```ruby -control 'azurerm_aks_cluster' do - describe azurerm_aks_cluster(resource_group: 'example', name: 'ClusterName') do - it { should exist } - its('properties.provisioningState') { should cmp 'Succeeded' } - its('properties.kubernetesVersion') { should cmp '1.11.3' } - its('properties.dnsPrefix') { should cmp 'ClusterName' } - its('properties.fqdn') { should cmp 'ClusterName' } - its('properties.agentPoolProfiles.first.name') { should cmp 'agentpool' } - its('properties.agentPoolProfiles.first.count') { should cmp 3 } - its('properties.agentPoolProfiles.first.vmSize') { should cmp 'Standard_DS2_V2' } - its('properties.agentPoolProfiles.first.storageProfile') { should cmp 'ManagedDisks' } - its('properties.agentPoolProfiles.first.maxPods') { should cmp 110 } - its('properties.agentPoolProfiles.first.osType') { should cmp 'Linux' } - end -end -``` - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ClusterName' to always exist - describe azurerm_aks_cluster(resource_group: 'example', name: 'ClusterName') do - it { should exist } - end - - # If we expect 'ClusterName' to never exist - describe azurerm_aks_cluster(resource_group: 'example', name: 'ClusterName') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md deleted file mode 100644 index e6b9c519d8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "azurerm_aks_clusters resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_aks_clusters" - identifier = "inspec/resources/azure/azurerm_aks_clusters.md azurerm_aks_clusters resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_aks_clusters" >}} - -Use the `azurerm_aks_clusters` InSpec audit resource to enumerate AKS Clusters. - -## Azure REST API version - -This resource interacts with version `2018-03-31` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_aks_clusters` resource block identifies AKS Clusters by -Resource Group. - - describe azurerm_aks_clusters(resource_group: 'ExampleGroup') do - ... - end - -## Examples - -### Test that an example Resource Group has the named AKS Cluster - - describe azurerm_aks_clusters(resource_group: 'ExampleGroup') do - its('names') { should include('ClusterName') } - end - -## Properties - -- `names` - -### names - -The name of the AKS Cluster - - its('names') { should include('ClusterName') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ExampleGroup' Resource Group to have AKS Clusters - describe azurerm_aks_clusters(resource_group: 'ExampleGroup') do - it { should exist } - end - - # If we expect 'EmptyExampleGroup' Resource Group to not have AKS Clusters - describe azurerm_aks_clusters(resource_group: 'EmptyExampleGroup') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md deleted file mode 100644 index 81e4a9e98c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azurerm_cosmosdb_database_account resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_cosmosdb_database_account" - identifier = "inspec/resources/azure/azurerm_cosmosdb_database_account.md azurerm_cosmosdb_database_account resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_cosmosdb_database_account" >}} - -Use the `azurerm_cosmosdb_database_account` InSpec audit resource to test properties and configuration of -an Azure CosmosDb Database Account within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2015-04-08` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure.service/new-azureprofile?view=azuresmps-4.0.0). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `cosmosdb_database_account` must be given as a parameter. - - describe azurerm_cosmosdb_database_account(resource_group: 'my-rg', cosmosdb_database_account 'my-cosmos-db') do - it { should exist } - end - -## Examples - -If an CosmosDb Database Account is referenced with a valid `Resource Group` and `CosmosDb Database Account` - - describe azurerm_cosmosdb_database_account(resource_group: 'my-rg', cosmosdb_database_account 'my-cosmos-db') do - it { should exist } - end - -If an CosmosDb Database Account is referenced with an invalid `Resource Group` and `CosmosDb Database Account` - - describe azurerm_cosmosdb_database_account(resource_group: 'my-rg', cosmosdb_database_account 'fake-cosmos-db') do - it { should not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the CosmosDb Database Account belongs. -- `cosmosdb_database_account` - The unique name of the CosmosDb Database Account. - -## Attributes - -- `id` -- `name` -- `location` -- `type` -- `kind` -- `tags` -- `properties` - -### id - -Azure resource ID. - -### name - -CosmosDb Database Account name, e.g. `my-cosmosdb-account`. - -### location - -Resource location, e.g. `eastus`. - -### type - -The type of Resource, typically `Microsoft.DocumentDB/databaseAccounts`. - -### kind - -Indicates the type of database account, e.g. `GlobalDocumentDB`, `MongoDB` - -### tags - -Resource tags applied to the Cosmos DB Account. - -### properties - -A collection of additional configuration properties related to the CosmosDb Database Account, e.g. `Capability, ConsistencyPolicy, DatabaseAccountKind`. - -For a full list of properties please take a look at the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/databaseaccounts/get#definitions) - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -describe azurerm_cosmosdb_database_account(resource_group: 'my-rg', cosmosdb_database_account 'my-cosmos-db') do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md deleted file mode 100644 index d265e3a429..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "azurerm_event_hub_authorization_rule resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_event_hub_authorization_rule" - identifier = "inspec/resources/azure/azurerm_event_hub_authorization_rule.md azurerm_event_hub_authorization_rule resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_event_hub_authorization_rule" >}} - -Use the `azurerm_event_hub_authorization_rule` InSpec audit resource to test properties and configuration of -an Azure Event Hub Authorization Rule within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2017-04-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/dotnet/api/microsoft.servicebus.messaging.namespaceinfo?view=azure-dotnet). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `namespace_name`, `event_hub_name` and `authorization_rule_name` must be given as a parameter. - - describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name 'event-hub-namespace', event_hub_name: 'event-hub', authorization_rule_name: 'my-auth-rule') do - it { should exist } - end - -## Examples - -If an Event Hub Authorization Rule is referenced with a valid `Resource Group`, `Namespace Name`, `Event Hub Name` and `Authorization Rule Name` - - describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name: 'event-hub-namespace', event_hub_endpoint: 'event-hub', authorization_rule: 'my-auth-rule') do - it { should exist } - end - -If a Event Hub Authorization Rule is referenced with an invalid `Resource Group`, `Namespace Name`, `Event Hub Name` or `Authorization Rule Name` - - describe azurerm_event_hub_namespace(resource_group: 'invalid-rg', namespace_name: 'i-do-not-exist', event_hub_endpoint: 'fake-endpoint', authorization_rule: 'fake-auth-rule') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the Event Hub Namespace belongs. -- `namespace_name` - The unique name of the Event Hub Namespace. -- `event_hub_name` - The unique name of the Event Hub Name. -- `authorization_rule_name` - The unique name of the Event Hub Authorization Rule. - -## Attributes - -- `id` -- `name` -- `properties.rights` -- `type` - -### id - -Azure resource ID. - -### name - -Event Hub Authorization Rule name, e.g. `my-auth-rule`. - -### properties - -A collection of additional configuration properties related to the Event Hub Authorization Rule, eg. `rights` - -### type - -The type of Resource, typically `Microsoft.EventHub/Namespaces/EventHubs/AuthorizationRules`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name 'event-hub-namespace', event_hub_name: 'event-hub', authorization_rule_name: 'my-auth-rule') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md deleted file mode 100644 index b3c4e0334e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azurerm_event_hub_event_hub resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_event_hub_event_hub" - identifier = "inspec/resources/azure/azurerm_event_hub_event_hub.md azurerm_event_hub_event_hub resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_event_hub_event_hub" >}} - -Use the `azurerm_event_hub_event_hub` InSpec audit resource to test properties and configuration of -an Azure Event Hub Event Hub within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2017-04-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/dotnet/api/eventhub?view=bts-2020). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `namespace_name` and `event_hub_name` must be given as a parameter. - - describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name 'my-event-hub-ns', event_hub_name 'event-hub') do - it { should exist } - end - -## Examples - -If an Event Hub Event Hub is referenced with a valid `Resource Group`, `Namespace Name` and `Event Hub Name` - - describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_name 'event-hub') do - it { should exist } - end - -If a Event Hub Event Hub is referenced with an invalid `Resource Group`, `Namespace Name` and `Event Hub Name` - - describe azurerm_event_hub_event_hub(resource_group: 'invalid-rg', namespace_name: 'i-do-not-exist', event_hub_name 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the Event Hub Event Hub belongs. -- `namespace_name` - The unique name of the Event Hub Namespace. -- `event_hub_name` - The unique name of the Event Hub Name. - -## Attributes - -- `id` -- `name` -- `type` -- `properties` - -### id - -Azure resource ID. - -### name - -Event Hub name, e.g. `event-hub`. - -### type - -The type of Resource, typically `Microsoft.EventHub/Namespaces/EventHubs`. - -### properties - -A collection of additional configuration properties related to the Event Hub Event Hub, e.g. `messageRetentionInDays, partitionCount, status`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_name: 'event-hub') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md deleted file mode 100644 index 866a4bdaea..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md +++ /dev/null @@ -1,144 +0,0 @@ -+++ -title = "azurerm_event_hub_namespace resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_event_hub_namespace" - identifier = "inspec/resources/azure/azurerm_event_hub_namespace.md azurerm_event_hub_namespace resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_event_hub_namespace" >}} - -Use the `azurerm_event_hub_namespace` InSpec audit resource to test properties and configuration of -an Azure Event Hub Namespace within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2017-04-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/relay/namespaces). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `namespace_name` must be given as a parameter. - - describe azurerm_event_hub_namespace(resource_group: 'my-rg', namespace_name 'my-event-hub-ns') do - it { should exist } - end - -## Examples - -If an Event Hub Namespace is referenced with a valid `Resource Group` and `Namespace Name` - - describe azurerm_event_hub_namespace(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns') do - it { should exist } - end - -If an Event Hub Namespace is referenced with an invalid `Resource Group` or `Namespace Name` - - describe azurerm_event_hub_namespace(resource_group: 'invalid-rg', namespace_name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the Event Hub Namespace belongs. -- `namespace_name` - The unique name of the Event Hub Namespace. - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `tags` -- `type` - -### id - -Azure resource ID. - -### name - -Event Hub Namespace name, e.g. `my-event-hub-ns`. - -### sku - -SKU properties for the Event Hub Namespace. Such as sku name, billing tier and capacity. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the Event Hub -Namespace, e.g. `isAutoInflateEnabled,maximumThroughputUnits,kafkaEnabled`. - -### tags - -Resource tags applied to the Event Hub Namespace. - -### type - -The type of Resource, typically `Microsoft.EventHub/Namespaces`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_event_hub_namespace(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md deleted file mode 100644 index ea90d4892c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "azurerm_iothub resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_iothub" - identifier = "inspec/resources/azure/azurerm_iothub.md azurerm_iothub resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_iothub" >}} - -Use the `azurerm_iothub` InSpec audit resource to test properties and configuration of -an Azure Event Hub Namespace within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2018-04-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `resource_name` must be given as a parameter. - - describe azurerm_iothub(resource_group: 'my-rg', resource_name 'my-iot-hub') do - it { should exist } - end - -## Examples - -If an IoT Hub is referenced with a valid `Resource Group` and `Resource Name` - - describe azurerm_iothub(resource_group: 'my-rg', resource_name 'my-iot-hub') do - it { should exist } - end - -If an IoT Hub is referenced with an invalid `Resource Group` or `Resource Name` - - describe azurerm_iothub(resource_group: 'invalid-rg', resource_name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the IoT Hub belongs. -- `resource_name` - The unique name of the IoT Hub. - -## Attributes - -- `id` -- `name` -- `type` -- `location` -- `tags` -- `etag` -- `properties` -- `sku` - -### id - -Azure resource ID. - -### name - -IoT Hub name, e.g. `my-iot-hub`. - -### type - -The type of Resource, typically `Microsoft.Devices/IotHubs`. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the IoT Hub, e.g. `eventHubEndpoints,routing,messagingEndpoints`. - -For a full list of properties please take a look at the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/get#definitions) - -### tags - -Resource tags applied to the IoT Hub. - -### etag - -The etag applied to the IoT Hub. - -### sku - -SKU properties for the IoT Hub. Such as sku name, billing tier and capacity. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_iothub(resource_group: 'my-rg', resource_name 'my-iot-hub') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md deleted file mode 100644 index 57b3556d15..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "azurerm_iothub_event_hub_consumer_group resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_iothub_event_hub_consumer_group" - identifier = "inspec/resources/azure/azurerm_iothub_event_hub_consumer_group.md azurerm_iothub_event_hub_consumer_group resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_iothub_event_hub_consumer_group" >}} - -Use the `azurerm_iothub_event_hub_consumer_group` InSpec audit resource to test -properties and configuration of an Azure IoT Hub Event Hub Consumer Group within -a Resource Group. - -## Azure REST API version - -This resource interacts with version `2018-04-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/geteventhubconsumergroup). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `resource_name`, `event_hub_endpoint` and `consumer_group` must be given as a parameter. - - describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub', consumer_group: 'my-consumer-group') do - it { should exist } - end - -## Examples - -If an IoT Hub Event Hub Consumer Group is referenced with a valid `Resource Group`, `Resource Name`, `Event Hub Endpoint` and `Consumer Group` - - describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub', consumer_group: 'my-consumer-group') do - it { should exist } - end - -If an IoT Hub Event Hub Consumer Group is referenced with an invalid `Resource Group`, `Resource Name`, `Event Hub Endpoint` or `Consumer Group` - - describe azurerm_iothub_event_hub_consumer_group(resource_group: 'invalid-rg', resource_name: 'invalid-resource', event_hub_endpoint: 'invalid-event-hub', consumer_group: 'invalid-consumer-group') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the IoT Hub belongs. -- `resource_name` - The unique name of the IoT Hub. -- `event_hub_endpoint` - The unique name of the IoT Hub Endpoint -- `consumer_group` - The unique name of the IoI Hub Endpoint consumer group - -## Attributes - -- `id` -- `name` -- `type` -- `etag` -- `properties` - -### id - -Azure resource ID. - -### name - -The Event Hub-compatible consumer group identifier, e.g. `my-consumer-group`. - -### type - -The type of Resource, typically `Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups`. - -### properties - -A collection of additional configuration properties related to the IoT Hub Consumer Group, e.g. `created`. - -### etag - -The etag applied to the IoT Hub Consumer Group. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub', consumer_group: 'my-consumer-group') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md deleted file mode 100644 index 4b25f86edc..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "azurerm_iothub_event_hub_consumer_groups resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_iothub_event_hub_consumer_groups" - identifier = "inspec/resources/azure/azurerm_iothub_event_hub_consumer_groups.md azurerm_iothub_event_hub_consumer_groups resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_iothub_event_hub_consumer_groups" >}} - -Use the `azurerm_iothub_event_hub_consumer_groups` InSpec audit resource to test properties and configuration of -an Azure IoT Hub Event Hub Consumer Groups within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2018-04-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/geteventhubconsumergroup). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.11.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `resource_name` and `event_hub_endpoint` must be given as a parameter. - - describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub') do - its('names') { should include "my-consumer-group"} - its('types') { should include 'Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups' } - end - -## Examples - -If a IoT Hub Event Hub Consumer Groups is referenced with a valid `Resource Group`, `Resource Name` and `Event Hub Endpoint` - - describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub') do - it { should exist } - end - -If a IoT Hub Event Hub Consumer Groups is referenced with an invalid `Resource Group`, `Resource Name` or `Event Hub Endpoint` - - describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'invalid-rg', resource_name: 'invalid-resource', event_hub_endpoint: 'invalideventhub') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the IoT Hub belongs. -- `resource_name` - The unique name of the IoT Hub. -- `event_hub_endpoint` - The unique name of the IoT Hub Endpoint - -## Attributes - -- `ids` -- `names` -- `types` -- `etag` -- `properties` - -### ids - -The Azure resource IDs. - -### names - -The Event Hub-compatible consumer group names identifier. - -its('types') { should include(`my-consumer-group-a`, `my-consumer-group-b`) } - -### types - -The types of the Resources, typically `Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups`. - -its('types') { should include(`Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups`) } - -### properties - -A collection of additional configuration properties related to the IoT Hub Consumer Group, e.g. `created`. - -### etags - -The etag applied to the IoT Hub Consumer Group. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md deleted file mode 100644 index f3ba9d3e3f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md +++ /dev/null @@ -1,139 +0,0 @@ -+++ -title = "azurerm_key_vault resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_key_vault" - identifier = "inspec/resources/azure/azurerm_key_vault.md azurerm_key_vault resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_key_vault" >}} - -Use the `azurerm_key_vault` InSpec audit resource to test properties and configuration of -an Azure Key Vault. - -## Azure REST API version - -This resource interacts with version `2016-10-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `vault_name` must be given as a parameter. - - describe azurerm_key_vault(resource_group: 'inspec-resource-group', vault_name: 'vault-101') do - it { should exist } - its('name') { should eq('vault-101') } - end - -## Examples - -If a Key Vault is referenced with a valid `Resource Group` and `Vault Name` - - describe azurerm_key_vault(resource_group: 'my-rg', vault_name: 'vault-101') do - it { should exist } - end - -If a Key Vault is referenced with an invalid `Resource Group` or `Vault Name` - - describe azurerm_key_vault(resource_group: 'invalid-rg', vault_name: 'vault-null') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the Key Vault belongs. -- `vault_name` - The unique name of the Key Vault. - -## Attributes - -- `id` -- `name` -- `location` -- `type` -- `tags` -- `properties` - -### id - -Azure resource ID. - -### name - -Key Vault name, e.g. `vault-101`. - -### location - -Resource location, e.g. `eastus`. - -### type - -The type of Resource, typically `Microsoft.KeyVault/vaults`. - -### tags - -Resource tags applied to the Key Vault. - -### properties - -A collection of additional configuration properties related to the Key Vault, e.g. `vaultUri`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_key_vault(resource_group: 'my-rg', vault_name: 'vault-101') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md deleted file mode 100644 index 7bb1521169..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "azurerm_key_vault_key resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_key_vault_key" - identifier = "inspec/resources/azure/azurerm_key_vault_key.md azurerm_key_vault_key resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_key_vault_key" >}} - -Use the `azurerm_key_vault_key` InSpec audit resource to test properties and configuration of -an Azure Key within a Vault. - -## Azure REST API version - -This resource interacts with version `2016-10-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/getkey/getkey). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.0 of the inspec-azure resource pack. - -## Syntax - -The `vault_name` and `key_name` must be given as a parameter. - -You may also specify a `key_version` - if no version is specified, the most recent version of the key will be used. - - describe azurerm_key_vault_key('vault-101', 'secret-key') do - its('key.kid') { should_not be_nil } - its('attributes.enabled') { should eq true } - end - -## Examples - -If a Key Vault Key is referenced with a valid `Vault Name`, `Key Name` and `Key Version` - - describe azurerm_key_vault_key('vault-101', 'secret-key', '7df9bf2c3b4347bab213ebe233f0e350') do - it { should exist } - its('key.kid') { should_not be_nil } - its('attributes.enabled') { should eq true } - end - -If a Key Vault Key is referenced with an invalid `Vault Name` or `Key Name` - - describe azurerm_key_vault_key('vault-101', 'incorrect-key') do - it { should_not exist } - end - -## Parameters - -- `vault_name` - The name of the Key Vault. -- `key_name` - The name of the Key. -- `key_version` (Optional) - The version of a Key, e.g. `7df9bf2c3b4347bab213ebe233f0e350`. - -## Attributes - -- `attributes` -- `key` -- `managed` -- `tags` - -### attributes - -The key management attributes. - -### key - -The JSON web key. - -### managed - -True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. - -### tags - -Resource tags applied to the Key. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_key_vault_key('vault-101', 'secret-key') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. -Your Azure Key Vault should also have this Service Principal listed in it's Access Policy with both `keys/get` and `keys/list` permissions. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md deleted file mode 100644 index 56fc8dac85..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md +++ /dev/null @@ -1,124 +0,0 @@ -+++ -title = "azurerm_key_vault_keys resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_key_vault_keys" - identifier = "inspec/resources/azure/azurerm_key_vault_keys.md azurerm_key_vault_keys resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_key_vault_keys" >}} - -Use the `azurerm_key_vault_keys` InSpec audit resource to test properties and -configuration of Azure Keys within Vaults. - -## Azure REST API version - -This resource interacts with version `2016-10-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/getkeys/getkeys). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_key_vault_keys` resource block returns all Keys within a Vault. - - describe azurerm_key_vault_keys('my-vault') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check Keys within a Vault - - azurerm_key_vault_keys('my-vault').entries.each do |key| - describe key do - its('kid') { should_not be nil } - its('attributes.enabled') { should eq true } - end - end - -## Filter Criteria - -All fields described in [Attributes](#attributes) can be used to filter. Below is an example using `managed`. - -### managed - -Filters the results to include only those Keys which are not managed by the Vault. This is a boolean value. - - describe azurerm_key_vault_keys('my-vault').where{ managed.eql?(false) } do - it { should_not exist } - end - -## Attributes - -- `attributes` -- `kid` -- `managed` -- `tags` - -### attributes - -The key management attributes. - -### kid - -Key identifier. - -### managed - -True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. - -### tags - -Resource tags applied to the Key. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_key_vault_keys('my-vault') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. -Your Azure Key Vault should also have this Service Principal listed in it's Access Policy with `keys/list` permissions. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md deleted file mode 100644 index 6595c0a0ae..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azurerm_key_vault_secret resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_key_vault_secret" - identifier = "inspec/resources/azure/azurerm_key_vault_secret.md azurerm_key_vault_secret resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_key_vault_secret" >}} - -Use the `azurerm_key_vault_secret` InSpec audit resource to test properties and configuration of -an Azure Secret within a Vault. - -## Azure REST API version - -This resource interacts with version `2016-10-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/getsecret/getsecret). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.0 of the inspec-azure resource pack. - -## Syntax - -The `vault_name` and `secret_name` must be given as a parameter. - -You may also specify a `secret_version` - if no version is specified, the most recent version of the secret will be used. - - describe azurerm_key_vault_secret('vault-101', 'secret-101') do - it { should exist } - its('value') { should_not be_nil } - end - -## Examples - -If a Key Vault Secret is referenced with a valid `Vault Name`, `Secret Name` and `Secret Version` - - describe azurerm_key_vault_secret('vault-101', 'secret-101', '7df9bf2c3b4347bab213ebe233f0e350') do - its('value') { should_not be_nil } - end - -If a Key Vault Secret is referenced with an invalid `Vault Name` or `Secret Name` - - describe azurerm_key_vault_secret('vault-101', 'incorrect-secret') do - it { should_not exist } - end - -## Parameters - -- `vault_name` - The name of the Key Vault. -- `secret_name` - The name of the Key. -- `secret_version` (Optional) - The version of a Key, e.g. `7df9bf2c3b4347bab213ebe233f0e350`. - -## Attributes - -- `id` -- `value` -- `attributes` -- `kid` -- `content_type` -- `managed` -- `tags` - -### id - -The secret id. - -### value - -The secret value. - -### attributes - -The secret management attributes. - -### kid - -If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate. - -### content_type - -The content type of the secret. - -### managed - -True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true. - -### tags - -Resource tags applied to the Secret. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_key_vault_secret('vault-101', 'secret') do - it { should exist } - end - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. -Your Azure Key Vault should also have this Service Principal listed in it's Access Policy with both `secret/get` and `secret/list` permissions. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md deleted file mode 100644 index 8d55c619f8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "azurerm_key_vault_secrets resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_key_vault_secrets" - identifier = "inspec/resources/azure/azurerm_key_vault_secrets.md azurerm_key_vault_secrets resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_key_vault_secrets" >}} - -Use the `azurerm_key_vault_secrets` InSpec audit resource to test properties and configuration of Azure Secrets within Vaults. - -## Azure REST API version - -This resource interacts with version `2016-10-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/getsecrets/getsecrets). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - -name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_key_vault_secrets` resource block returns all Secrets within a Vault. - - describe azurerm_key_vault_secrets('my-vault') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check Keys within a Vault - - azurerm_key_vault_secrets('my-vault').entries.each do |secret| - describe secret do - its('id') { should_not be nil } - its('attributes.exp') { should_not be_nil } - end - end - -## Filter Criteria - -All fields described in [Attributes](#attributes) can be used to filter. Below is an example using `managed`. - -### managed - -Filters the results to include only those Secrets which are not managed by the Vault. This is a boolean value. - - describe azurerm_key_vault_secrets('my-vault').where{ managed.eql?(false) } do - it { should_not exist } - end - -## Attributes - -- `id` -- `attributes` -- `contentType` -- `managed` -- `tags` - -### id - -Secret identifier. - -### attributes - -The secret management attributes. - -### contentType - -Type of the secret value such as a password. - -### managed - -True if the secret's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. - -### tags - -Resource tags applied to the Key. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_key_vault_secrets('my-vault') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. -Your Azure Key Vault should also have this Service Principal listed in it's Access Policy with `secrets/list` permissions. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md deleted file mode 100644 index 73c26983b6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md +++ /dev/null @@ -1,141 +0,0 @@ -+++ -title = "azurerm_key_vaults resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_key_vaults" - identifier = "inspec/resources/azure/azurerm_key_vaults.md azurerm_key_vaults resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_key_vaults" >}} - -Use the `azurerm_key_vaults` InSpec audit resource to test properties and configuration of Azure Key Vaults. - -## Azure REST API version - -This resource interacts with version `2016-10-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/listbyresourcegroup). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_key_vaults` resource block returns all Azure Key Vaults within a Resource Group. - - describe azurerm_key_vaults(resource_group: 'my-rg') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check Key Vaults are present - - describe azurerm_key_vaults(resource_group: 'my-rg') do - it { should exist } - its('names') { should include 'vault-101' } - end - -## Filter Criteria - -### names - -Filters the results to include only those vaults which match the given -name. This is a string value. - - describe azurerm_key_vaults(resource_group: 'my-rg').where{ name.eql?('vault-101') } do - it { should exist } - end - -### location - -Filters the results to include only those vaults which reside in a given location. This is a string value. - - describe azurerm_key_vaults(resource_group: 'my-rg').where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `location` -- `type` -- `tags` -- `properties` - -### ids - -Azure resource ID. - -### names - -Key Vault name, e.g. `vault-101`. - - its('names') { should include 'vault-101' } - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### type - -The type of Resource, typically `Microsoft.KeyVault/vaults`. - -### tag - -Resource tags applied to the Key Vault. - -### properties - -A collection of additional configuration properties related to the Key Vault, e.g. `vaultUri`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_key_vaults(resource_group: 'my-rg') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md deleted file mode 100644 index 0e935de785..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "azurerm_load_balancer resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_load_balancer" - identifier = "inspec/resources/azure/azurerm_load_balancer.md azurerm_load_balancer resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_load_balancer" >}} - -Use the `azurerm_load_balancer` InSpec audit resource to test properties and configuration of -an Azure Load Balancer. - -## Azure REST API version - -This resource interacts with version `2018-11-01` of the Azure Management API. -For more information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/load-balancer/loadbalancers/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.2 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `loadbalancer_name` must be given as a parameter. - - describe azurerm_load_balancer(resource_group: 'inspec-resource-group-9', loadbalancer_name: 'example_lb') do - it { should exist } - end - -## Examples - -If a Load Balancer is referenced with a valid `Resource Group` and `Load balancer Name` - - describe azurerm_load_balancer(resource_group: 'my-rg', loadbalancer_name: 'lb-1') do - it { should exist } - end - -If a Load Balancer is referenced with an invalid `Resource Group` or `Load balancer Name` - - describe azurerm_load_balancer(resource_group: 'invalid-rg', loadbalancer_name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the Load Balancer belongs. -- `loadbalancer_name` - The unique name of the Load balancer. - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `tags` -- `type` - -### id - -Azure resource ID. - -### name - -Load Balancer name, e.g. `lb-1`. - -### sku - -SKU of load balancer. This is billing information related properties of a load balancer. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the Load balancer, e.g. `loadBalancingRules`. - -### tags - -Resource tags applied to the Load balancer. - -### type - -The type of Resource, typically `Microsoft.Network/loadBalancers`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -```ruby -describe azurerm_load_balancer(resource_group: 'my-rg', loadbalancer_name: 'lb-1') do - it { should exist } -end -``` - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md deleted file mode 100644 index 2cbd3f930a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "azurerm_load_balancers resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_load_balancers" - identifier = "inspec/resources/azure/azurerm_load_balancers.md azurerm_load_balancers resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_load_balancer" >}} - -Use the `azurerm_load_balancers` InSpec audit resource to test properties and configuration of Azure Load Balancers. - -## Azure REST API version - -This resource interacts with version `2018-11-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/load-balancer/loadbalancers/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.2 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_load_balancers` resource block returns all Azure Load Balancers, either within a Resource Group (if provided), or within an entire Subscription. - - describe azurerm_load_balancer do - ... - end - -or - - describe azurerm_load_balancers(resource_group: 'my-rg') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check Load balancers are present - - describe azurerm_load_balancers do - it { should exist } - its('names') { should include 'my-lb' } - end - -## Filter Criteria - -### names - -Filters the results to include only those load balancers which match the given name. This is a string value. - - describe azurerm_load_balancers.where{ name.eql?('production-lb-5') } do - it { should exist } - end - -### location - -Filters the results to include only those load balancers which reside in a given location. This is a string value. - - describe azurerm_load_balancers.where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `tags` -- `type` - -### ids - -Azure resource ID. - -### names - -Load balancer name, e.g. `my-lb`. - - its('names') { should include 'my-lb' } - -### SKU - -SKU of load balancer. This is metadata used for the Azure portal experience. - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### properties - -A collection of additional configuration properties related to the Load Balancer, e.g. `loadBalancingRules`. - -### tag - -Resource tags applied to the Load balancer. - -### type - -The type of Resource, typically `Microsoft.Network/loadBalancers`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_load_balancers do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md deleted file mode 100644 index 97804aff1d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "azurerm_locks resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_locks" - identifier = "inspec/resources/azure/azurerm_locks.md azurerm_locks resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_locks" >}} - -Use the `azurerm_locks` InSpec audit resource to test properties of some or all Azure Resource Locks. - -## Azure REST API version - -This resource interacts with version `2016-09-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/managementlocks/listatresourcelevel). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.8 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_locks` resource block returns all Locks on a given Resource. - - describe azurerm_locks(resource_group: 'rg', resource_name: 'my-vm', resource_type: 'Microsoft.Compute/virtualMachines') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Ensure a Lock exists - - describe azurerm_locks(resource_group: 'my-rg', resource_name: 'my-vm', resource_type: 'Microsoft.Compute/virtualMachines') do - it { should exist } - end - -## Filter Criteria - -- `ids` -- `names` -- `properties` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md deleted file mode 100644 index 9482121d34..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md +++ /dev/null @@ -1,274 +0,0 @@ -+++ -title = "azurerm_management_group resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_management_group" - identifier = "inspec/resources/azure/azurerm_management_group.md azurerm_management_group resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_management_group" >}} - -Use the `azurerm_management_group` InSpec audit resource to test properties related to a -management group. - -## Azure REST API version - -This resource interacts with version `2018-03-01-preview` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.loganalytics.models.managementgroups?view=azure-java-preview). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -The `group_id` must be given as a parameter. - - describe azurerm_management_group(group_id: 'MyGroupId') do - ... - end - -Optionally, you may use the `expand`, `recurse` and/or `filter` parameters. - - describe azurerm_management_group(group_id: 'MyGroupId', expand: 'children', recurse: true) do - ... - end - - describe azurerm_management_group(group_id: 'MyGroupId', expand: 'children', recurse: true, filter: 'children.childType ne Subscription') do - ... - end - -## Examples - -describe azurerm_management_group(group_id: '20000000-0000-0000-0000-000000000000', expand: 'children', recurse: true) do -it { should exist } -its('id') { should eq '/providers/Microsoft.Management/managementGroups/20000000-0000-0000-0000-000000000000' } -its('type') { should eq '/providers/Microsoft.Management/managementGroups' } -its('name') { should eq '20000000-0000-0000-0000-000000000000' } -its('display_name') { should eq 'Management Group Display Name One' } -its('tenant_id') { should eq '56700000-0000-0000-0000-000000000000' } -its('parent_name') { should eq '10000000-0000-0000-0000-000000000000' } -its('parent_id') { should eq '/providers/Microsoft.Management/managementGroups/10000000-0000-0000-0000-000000000000' } -its('parent_display_name') { should eq 'Tenant Root Group' } -its('children_display_names') { should include('Management Group Display Name Child') } -its('children_ids') { should include('/providers/Microsoft.Management/managementGroups/40000000-0000-0000-0000-000000000000') } -its('children_names') { should include('40000000-0000-0000-0000-000000000000') } -its('children_types') { should include('/providers/Microsoft.Management/managementGroups') } -end - -describe azurerm_management_group(group_id: '40000000-0000-0000-0000-000000000000', expand: 'children', recurse: true) do -it { should exist } -its('id') { should eq '/providers/Microsoft.Management/managementGroups/40000000-0000-0000-0000-000000000000' } -its('type') { should eq '/providers/Microsoft.Management/managementGroups' } -its('name') { should eq '40000000-0000-0000-0000-000000000000' } -its('display_name') { should eq 'Management Group Display Name Child' } -its('tenant_id') { should eq '56700000-0000-0000-0000-000000000000' } -its('parent_name') { should eq '20000000-0000-0000-0000-000000000000' } -its('parent_id') { should eq '/providers/Microsoft.Management/managementGroups/20000000-0000-0000-0000-000000000000' } -its('parent_display_name') { should eq 'Management Group Display Name One' } -its('children_display_names') { should eq [] } -its('children_ids') { should eq [] } -its('children_names') { should eq [] } -its('children_types') { should eq [] } -end - -## Parameters - -- `group_id` -- `expand` -- `recurse` -- `filter` - -## Parameter Examples - -### group_id (required) - -Defines the group id of the management group that you wish -to test. - - describe azurerm_management_group(group_id: 'MyGroupId') do - ... - end - -### expand (optional) - -Query string parameter allows clients to request inclusion of children -so that you can test them. - - describe azurerm_management_group(group_id: 'MyGroupId', expand: 'children') do - ... - end - -### recurse (optional) - -Setting this to true allows clients to request inclusion of entire hierarchy in -the response payload. Note that `expand: 'children'` must be passed up if -`recurse` is set to `true`. - - describe azurerm_management_group(group_id: 'MyGroupId', expand: 'children', recurse: true) do - ... - end - -### filter (optional) - -A filter which allows the exclusion of subscriptions from results (i.e. `filter: 'children.childType ne Subscription'`) - - describe azurerm_management_group(group_id: 'MyGroupId', expand: 'children', recurse: true, filter: 'children.childType ne Subscription') do - ... - end - -## Attributes - -- `id` -- `type` -- `name` -- `tenant_id` -- `parent_name` -- `parent_id` -- `parent_display_name` -- `children_display_names` -- `children_ids` -- `children_names` -- `children_roles` -- `children_types` - -### id - -The management group id. - - its('id') { should eq('/providers/Microsoft.Management/managementGroups/MyGroupId') } - -id will be in -format: - - '/providers/Microsoft.Management/managementGroups/' - -### type - -The management group type. - - its('type') { should eq('/providers/Microsoft.Management/managementGroups') } - -### name - -The management group name. - - its('name') { should eq('MyGroupName') } - -### tenant_id - -The management groups tenant id. - - its('tenant_id') { should eq('00000000-0000-0000-0000-000000000000') } - -### parent_name - -The management group parent name. - - its('parent_name') { should eq('MyGroupsParentName') } - -### parent_id - -The management group parent id - - its('parent_id') { should eq('/providers/Microsoft.Management/managementGroups/MyGroupsParentId') } - -parent_id will be in -format: - - '/providers/Microsoft.Management/managementGroups/' - -### parent_display_name - -The management groups parent display name - - its('parent_display_name') { should eq('My Groups Parent Display Name!') } - -### children_display_names - -The management group children display names. - - its('children_display_names') { should include('I am a child of the group!') } - -### children_ids - -The management group children ids. - - its('children_ids') { should include('/providers/Microsoft.Management/managementGroups/a-child-name') } - -### children_names - -The management group children names. - - its('children_names') { should include('a-child-name') } - -### children_roles - -The management group children roles. - - its('children_roles') { should include('/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635') } - -### children_types - -The management group - - its('children_types') { should include('') } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # If a management group is found it will exist - describe azurerm_management_group(group_id: 'MyGroupId') do - it { should exist } - end - - # management groups that aren't found will not exist - describe azurerm_management_group(group_id: 'DoesNotExist') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the Tenant Root Group or the specific management group(s) you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md deleted file mode 100644 index 3b5979fc53..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "azurerm_management_groups resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_management_groups" - identifier = "inspec/resources/azure/azurerm_management_groups.md azurerm_management_groups resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_management_groups" >}} - -Use the `azurerm_management_groups` InSpec audit resource to test properties related to -management groups. - -## Azure REST API version - -This resource interacts with version `2018-03-01-preview` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.loganalytics.models.managementgroups.list?view=azure-java-preview). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, -add the following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - - describe azurerm_management_groups do - ... - end - -## Examples - -### Check Attributes of All Management Groups - -```ruby -describe azurerm_management_groups do - its('ids') { should include "/providers/Microsoft.Management/managementGroups/mg_id" } - its('names') { should include "parent_mg" } - its('types') { should include '/providers/Microsoft.Management/managementGroups' } -end -``` - -### Filter Results to Inspect the Properties of Specific Management Group - -```ruby -describe azurerm_management_groups.where(name: 'mg_parent').entries.first do - its('properties') { should have_attributes(:tenantId => tenant_id, :displayName => parent_dn)} -end -``` - -## Parameters - -N/A - -## Attributes - -- `ids` -- `types` -- `names` -- `properties` - -### ids - -The management group ids. - -### types - -The management group types. - -### names - -The management group names. - -### properties - -Additional properties relating to management groups. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -This InSpec audit resource has no special matchers. For a full list of -available matchers, please visit our [Universal Matchers -page](/inspec/matchers/). - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_management_groups(name: 'my-mg') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `Contributor` or `Management Group Contributor` role on the -Tenant Root Group or the specific management group(s) you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md deleted file mode 100644 index dec1edf782..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md +++ /dev/null @@ -1,172 +0,0 @@ -+++ -title = "azurerm_monitor_activity_log_alert resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_monitor_activity_log_alert" - identifier = "inspec/resources/azure/azurerm_monitor_activity_log_alert.md azurerm_monitor_activity_log_alert resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_monitor_activity_log_alert" >}} - -Use the `azurerm_monitor_activity_log_alert` InSpec audit resource to test properties -of an Azure Monitor Activity Log Alert. - -## Azure REST API version - -This resource interacts with version `2017-04-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_monitor_activity_log_alert` resource block identifies an Activity Log Alert by -name and resource group. - - describe azurerm_monitor_activity_log_alert(resource_group: 'example', name: 'AlertName') do - ... - end - -## Examples - -### Test that an example resource has an Activity Log Alert - - describe azurerm_monitor_activity_log_alert(resource_group: 'example', name: 'AlertName') do - it { should exist } - end - -### Test an example resource has an Activity Log Alert with the correct operation - - describe azurerm_monitor_activity_log_alert(resource_group: 'example', name: 'AlertName') do - its('operations') { should include 'Microsoft.Authorization/policyAssignments/write' } - end - -## Parameters - -- `name` -- `resource_group` - -## Parameter Examples - -The resource group as well as the Activity Log Alert -name. - - describe azurerm_monitor_activity_log_alert(resource_group: 'example', name: 'AlertName') do - its('operations') { should include 'Microsoft.Authorization/policyAssignments/write' } - end - -## Attributes - -For more information on these attributes see [Azure REST API documentation](https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get#activitylogalertresource). - -- `id` -- `name` -- `operations` -- `properties` -- `conditions` - -### id - -The Activity Log Alert's id. - - its('id') { should eq(id) } - -### name - -The Activity Log Alert's name. - - its('name') { should eq(name) } - -### operations - -The operations collection can be checked for the presence or absence of a given -operation string. - - its('operations') { should include 'Microsoft.Authorization/policyAssignments/write' } - -### properties.actions - -A list of actions that are executed when the condition is met. - -### properties.description - -Description of this alert. - - its('properties.description') { should eq 'Alert description' } - -### properties.enabled - -Indicates if this alert is enabled or not (`true`|`false`). - - its('properties.enabled') { should be_true } - -### properties.scopes - -List of resources this alert applies to. There must be at least one item in -this list. - - its('properties.scopes') { should include 'subscriptions/SUBSCRIPTION_ID' } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'AlertName' to always exist - describe azurerm_monitor_activity_log_alert(resource_group: 'example', name: 'AlertName') do - it { should exist } - end - - # If we expect 'OtherAlertName' to never exist - describe azurerm_monitor_activity_log_alert(resource_group: 'example', name: 'OtherAlertName') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md deleted file mode 100644 index c062205f45..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "azurerm_monitor_activity_log_alerts resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_monitor_activity_log_alerts" - identifier = "inspec/resources/azure/azurerm_monitor_activity_log_alerts.md azurerm_monitor_activity_log_alerts resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_monitor_activity_log_alerts" >}} - -Use the `azurerm_monitor_activity_log_alerts` InSpec audit resource to verify that an -Activity Log Alert exists. - -## Azure REST API version - -This resource interacts with version `2017-04-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/listbysubscriptionid). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_monitor_activity_log_alerts` resource block identifies Activity Log Alerts by -name. - - describe azurerm_monitor_activity_log_alerts do - ... - end - -## Examples - -### Test that an example resource has an Activity Log Alert - - describe azurerm_monitor_activity_log_alerts do - its('names') { should include('ExampleLogAlert') } - end - -## Attributes - -- `names` - -### names - -The name of the Activity Log Alert - - its('names') { should include('ExampleLogAlert') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ExampleLogAlert' to exist - describe azurerm_monitor_activity_log_alerts do - it { should exist } - end - - # If we do not expect 'ExampleLogAlert' to exist - describe azurerm_monitor_activity_log_alerts do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md deleted file mode 100644 index db691e7953..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md +++ /dev/null @@ -1,134 +0,0 @@ -+++ -title = "azurerm_monitor_log_profile resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_monitor_log_profile" - identifier = "inspec/resources/azure/azurerm_monitor_log_profile.md azurerm_monitor_log_profile resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_monitor_log_profile" >}} - -Use the `azurerm_monitor_log_profile` InSpec audit resource to test properties -of an Azure Monitor Log Profile. - -## Azure REST API version - -This resource interacts with version `2016-03-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/monitor/logprofiles/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_monitor_log_profile` resource block identifies a Log Profile by name. - - describe azurerm_monitor_log_profile(name: 'default') do - ... - end - -## Examples - -### Test that a Log Profile exists - - describe azurerm_monitor_log_profile(name: 'default') do - it { should exist } - end - -### Test that Log Profile retention is enabled - - describe azurerm_monitor_log_profile(name: 'default') do - its('retention_enabled') { should be true } - end - -## Parameters - -- `name` - -## Parameter Examples - -The name of the Log Profile. - - describe azurerm_monitor_log_profile(name: 'default') do - it { should exist } - end - -## Attributes - -- `retention_enabled` -- `retention_days` - -### retention_enabled - -Determine if retention is enabled - - its('retention_enabled') { should be true } - -### retention_days - -Determine number of days retention is enabled for - - its('retention_days') { should eq(365) } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'default' to exist - describe azurerm_monitor_log_profile(name: 'default') do - it { should exist } - end - - # If we expect 'default' to not exist - describe azurerm_monitor_log_profile(name: 'default') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md deleted file mode 100644 index 903bd2c5ce..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "azurerm_monitor_log_profiles resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_monitor_log_profiles" - identifier = "inspec/resources/azure/azurerm_monitor_log_profiles.md azurerm_monitor_log_profiles resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_monitor_log_profiles" >}} - -Use the `azurerm_monitor_log_profiles` InSpec audit resource to verify that a Log Profile -exists. - -## Azure REST API version - -This resource interacts with version `2016-03-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/monitor/logprofiles/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_monitor_log_profiles` resource block identifies a Log Profile by name. - - describe azurerm_monitor_log_profiles do - ... - end - -## Examples - -### Test that an example resource has a Log Profile - - describe azurerm_monitor_log_profiles do - its('names') { should include('ExampleProfile') } - end - -## Attributes - -- `names` - -### names - -The name of the Log Profile - - its('names') { should include('ExampleProfile') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ExampleProfile' to exist - describe azurerm_monitor_log_profiles do - its('names') { should include('ExampleProfile') } - end - - # If we expect 'ExampleProfile' to not exist - describe azurerm_monitor_log_profiles do - its('names') { should_not include('ExampleProfile') } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md deleted file mode 100644 index 7df5f743a8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "azurerm_mysql_database resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_mysql_database" - identifier = "inspec/resources/azure/azurerm_mysql_database.md azurerm_mysql_database resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_mysql_database" >}} - -Use the `azurerm_mysql_database` InSpec audit resource to test properties and configuration of -an Azure MySQL Database on a MySQL Server. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/flexibleserver/databases). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.6.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `server_name` and `database_name` must be given as a parameter. - - describe azurerm_mysql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'order-db') do - it { should exist } - end - -## Examples - -If a MySQL Database is referenced with a valid `Resource Group`, `Server Name` and `Database name` - - describe azurerm_mysql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'order-db') do - it { should exist } - its('name') { should be 'order-db' } - end - -If a MySQL Database is referenced with an invalid `Resource Group`, `Server Name` or `Database Name` - - describe azurerm_mysql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'invalid-db-name') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the MySQL Server belongs. -- `server_name` - The unique name of the MySQL Server. -- `database_name` - The unique name of the MySQL Database. - -## Attributes - -- `id` -- `name` -- `type` -- `properties` - -### id - -Azure resource ID. - -### name - -SQL Server name, e.g. `customer-database`. - -### type - -The type of Resource, typically `Microsoft.DBforMySQL/servers/databases`. - -### properties - -A collection of additional configuration properties related to the MySQL Database, e.g. `collation`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_mysql_database(resource_group: 'my-rg', server_name: 'server-name-1', database_name: 'customer-db') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md deleted file mode 100644 index dc3e00ffa3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "azurerm_mysql_databases resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_mysql_databases" - identifier = "inspec/resources/azure/azurerm_mysql_databases.md azurerm_mysql_databases resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_mysql_databases" >}} - -Use the `azurerm_mysql_databases` InSpec audit resource to test properties and configuration of Azure MySQL Databases. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/flexibleserver/databases/list-by-server). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.6.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_mysql_databases` resource block returns all MySQL Databases on a MySQL Server, within a resource group. - - describe azurerm_mysql_databases(resource_group: ..., server_name: ...) do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check MySQL Databases are present - - describe azurerm_mysql_databases(resource_group: 'resource-group-1', server_name: 'production') do - it { should exist } - its('names') { should include 'my-database-name' } - end - -## Filter Criteria - -- `azure_mysql_databases` resources are filterable on all available properties. Below are some examples. - -### names - -Filters the results to include only those databases that match the given -name. This is a string value. - - describe azurerm_mysql_databases(resource_group: 'rg', server_name: 'server').where{ name.eql?('production-database') } do - it { should exist } - end - -### location - -Filters the results to include only those resource groups that reside in a given location. This is a string value. - - describe azurerm_mysql_databases(resource_group: 'rg', server_name: 'server').where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `type` -- `properties` - -### ids - -Azure resource ID. - -### names - -SQL Database name, e.g. `my-sql-database`. - - its('names') { should include 'my-sql-database' } - -### type - -The type of Resource, typically `Microsoft.Sql/servers/databases`. - -### properties - -A collection of additional configuration properties related to the MySQL Database, e.g. `collation`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_mysql_databases do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md deleted file mode 100644 index 0619aa0679..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "azurerm_mysql_server resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_mysql_server" - identifier = "inspec/resources/azure/azurerm_mysql_server.md azurerm_mysql_server resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_mysql_server" >}} - -Use the `azurerm_mysql_server` InSpec audit resource to test properties and configuration of -an Azure MySQL Server. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/databases/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.6.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `server_name` must be given as a parameter. - - describe azurerm_mysql_server(resource_group: 'inspec-resource-group-9', server_name: 'example_server') do - it { should exist } - end - -## Examples - -If a SQL Server is referenced with a valid `Resource Group` and `Server Name` - - describe azurerm_sql_server(resource_group: 'my-rg', server_name: 'sql-server-1') do - it { should exist } - end - -If a SQL Server is referenced with an invalid `Resource Group` or `Server Name` - - describe azurerm_sql_server(resource_group: 'invalid-rg', server_name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the SQL Server belongs. -- `server_name` - The unique name of the SQL Server. - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `tags` -- `type` - -### id - -Azure resource ID. - -### name - -MySQL Server name, e.g. `my-sql-server`. - -### sku - -SKU of mysql server. This is billing information related properties of a server. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the MySQL Server, e.g. `administratorLogin`. - -### tags - -Resource tags applied to the MySQL Server. - -### type - -The type of Resource, typically `Microsoft.DBforMySQL/servers`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_mysql_server(resource_group: 'my-rg', server_name: 'server-name-1') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md deleted file mode 100644 index 5144936364..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "azurerm_mysql_servers resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_mysql_servers" - identifier = "inspec/resources/azure/azurerm_mysql_servers.md azurerm_mysql_servers resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_mysql_servers" >}} - -Use the `azurerm_mysql_servers` InSpec audit resource to test properties and configuration of multiple Azure MySQL Servers. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/sql/2020-08-01-preview/servers/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.6.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_mysql_servers` resource block returns all Azure MySQL Servers, either within a Resource Group (if provided), or within an entire Subscription. - - describe azurerm_mysql_servers do - ... - end - -or - - describe azurerm_mysql_servers(resource_group: 'my-rg') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check SQL Servers are present - - describe azurerm_mysql_servers do - it { should exist } - its('names') { should include 'my-server-name' } - end - -## Filter Criteria - -### names - -Filters the results to include only those servers which match the given name. This is a string value. - - describe azurerm_mysql_servers.where{ name.eql?('production-server-5') } do - it { should exist } - end - -### location - -Filters the results to include only those servers which reside in a given location. This is a string value. - - describe azurerm_mysql_servers.where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `tags` -- `type` - -### ids - -Azure resource ID. - -### names - -SQL Server name, e.g. `my-sql-server`. - - its('names') { should include 'my-sql-database' } - -### sku - -SKU of mysql server. This is billing information related properties of a server. - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### properties - -A collection of additional configuration properties related to the MySQL Server, e.g. `administratorLogin`. - -### tag - -Resource tags applied to the MySQL Server. - -### type - -The type of Resource, typically `Microsoft.DBforMySQL/servers`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_mysql_servers do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md deleted file mode 100644 index 1f262f526f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azurerm_network_interface resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_network_interface" - identifier = "inspec/resources/azure/azurerm_network_interface.md azurerm_network_interface resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_network_interface" >}} - -Use the `azurerm_network_interface` InSpec audit resource to test properties and configuration of Azure Network Interface. - -## Azure REST API version - -This resource interacts with version `2018-11-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.devtestlabs.fluent.models.labvirtualmachineinner.networkinterface?view=azure-java-preview). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.2 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `name` must be given as a parameter. - - describe azurerm_network_interface(resource_group: 'inspec-resource-group-9',name: 'example-nic-name') do - it { should exist } - end - -## Examples - -If a Network Interface is referenced with a valid `Resource Group` and `Name` - - describe azurerm_network_interface(resource_group: 'my-rg', name: 'name-nic') do - it { should exist } - end - -If a Network Interface is referenced with an invalid `Resource Group` or `Name` - - describe azurerm_network_interface(resource_group: 'invalid-rg', name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the Network Interface belongs. -- `name` - The unique name of the Network interface. - -## Attributes - -- `id` -- `name` -- `location` -- `properties` -- `tags` -- `type` -- `private_ip` -- `public_ip` - -### id - -Azure resource ID. - -### name - -Network interface name, e.g. `vm-nic`. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the Network interface, e.g. `ipConfigurations`. - -### tags - -Resource tags applied to the Network Interface. - -### type - -The type of Resource, typically `Microsoft.Network/networkInterfaces`. - -### private_ip - -The Network interface private IP. - -### public_ip - -The Network interface public IP. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_network_interface(resource_group: 'my-rg', name: 'nic-name-1') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md deleted file mode 100644 index 5ef285f8d9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "azurerm_network_interfaces resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_network_interfaces" - identifier = "inspec/resources/azure/azurerm_network_interfaces.md azurerm_network_interfaces resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_network_interfaces" >}} - -Use the `azurerm_network_interfaces` InSpec audit resource to test properties and configuration of Azure Network interfaces. - -## Azure REST API version - -This resource interacts with version `2018-11-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/network-interfaces-in-cloud-service). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.2 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_network_interfaces` resource block returns all Azure Network Interfaces, -either within a Resource Group (if provided), or within an entire Subscription. - - describe azurerm_network_interfaces do - ... - end - -or - - describe azurerm_network_interfaces(resource_group: 'my-rg') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check Network interfaces are present - - describe azurerm_network_interfaces do - it { should exist } - its('names') { should include 'my-network-interface-name' } - end - -## Filter Criteria - -### names - -Filters the results to include only those network interfaces which match the given name. This is a string value. - - describe azurerm_network_interfaces.where{ name.eql?('network-interface-5') } do - it { should exist } - end - -### location - -Filters the results to include only those servers which reside in a given location. This is a string value. - - describe azurerm_network_interfaces.where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `location` -- `properties` -- `tags` -- `type` - -### ids - -Azure resource ID. - -### names - -Network interface name, e.g. `nic-name`. - - its('names') { should include 'nic-name' } - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### properties - -A collection of additional configuration properties related to the Network interface, e.g. `ipConfigurations`. - -### tag - -Resource tags applied to the Network interface. - -### type - -The type of Resource, typically `Microsoft.Network/networkInterfaces`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_network_interfaces do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md deleted file mode 100644 index ea26ecece7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md +++ /dev/null @@ -1,162 +0,0 @@ -+++ -title = "azurerm_network_security_group resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_network_security_group" - identifier = "inspec/resources/azure/azurerm_network_security_group.md azurerm_network_security_group resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_network_security_group" >}} - -Use the `azurerm_network_security_group` InSpec audit resource to test properties of an -Azure Network Security Group. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_network_security_group` resource block identifies a Network Security Group by -name and Resource -Group. - - describe azurerm_network_security_group(resource_group: 'example', name: 'GroupName') do - ... - end - -## Examples - -### Test that an example Resource Group has the specified Network Security Group - - describe azurerm_network_security_group(resource_group: 'example', name: 'GroupName') do - it { should exist } - end - -### Test that an example Resource Group has a Network Security Group that allows SSH from the internet - - describe azurerm_network_security_group(resource_group: 'example', name: 'GroupName') do - it { should allow_ssh_from_internet } - end - -## Parameters - -- `name` -- `resource_group` - -## Parameter Examples - -The Resource Group as well as the Network Security Group -name. - - describe azurerm_network_security_group(resource_group: 'example', name: 'GroupName') do - it { should allow_rdp_from_internet } - end - -## Attributes - -- `security_rules` -- `default_security_rules` -- `allow_ssh_from_internet` -- `allow_rdp_from_internet` -- `properties` - -### security_rules - -The security_rules property contains the set of Security Rules. - - its('security_rules') { should_not be_empty } - -### default_security_rules - -The default_security_rules property contains the set of Default Security Rules. - - its('default_security_rules') { should_not be_empty } - -### allow_ssh_from_internet - -The allow_ssh_from_internet property contains a boolean value determined by analyzing -the Security Rules and Default Security Rules for unrestricted SSH access. - - it { should_not allow_ssh_from_internet } - -### allow_rdp_from_internet - -The allow_rdp_from_internet property contains a boolean value determined by analyzing -the Security Rules and Default Security Rules for unrestricted RDP access. - - it { should_not allow_rdp_from_internet } - -### allow\port_from_internet - -The allow_port_from_internet property contains a boolean value determined by analyzing -the Security Rules and Default Security Rules for unrestricted access to a specified port. - - it { should_not allow_port_from_internet('443') } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'GroupName' to always exist - describe azurerm_network_security_group(resource_group: 'example', name: 'GroupName') do - it { should exist } - end - - # If we expect 'EmptyGroupName' to never exist - describe azurerm_network_security_group(resource_group: 'example', name: 'EmptyGroupName') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md deleted file mode 100644 index ea724ecae5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md +++ /dev/null @@ -1,96 +0,0 @@ -+++ -title = "azurerm_network_security_groups resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_network_security_groups" - identifier = "inspec/resources/azure/azurerm_network_security_groups.md azurerm_network_security_groups resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_network_security_groups" >}} - -Use the `azurerm_network_security_groups` InSpec audit resource to enumerate Network -Security Groups. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_network_security_groups` resource block identifies Network Security Groups by -Resource Group. - - describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do - ... - end - -## Examples - -### Test that an example Resource Group has the named Network Security Group - - describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do - its('names') { should include('ExampleNetworkSecurityGroup') } - end - -## Attributes - -- `names` - -### names - -The name of the Network Security Group - - its('names') { should include('ExampleNetworkSecurityGroup') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ExampleGroup' Resource Group to have Network Security Groups - describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do - it { should exist } - end - - # If we expect 'EmptyExampleGroup' Resource Group to not have Network Security Groups - describe azurerm_network_security_groups(resource_group: 'EmptyExampleGroup') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md deleted file mode 100644 index 6556a67501..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "azurerm_network_watcher resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_network_watcher" - identifier = "inspec/resources/azure/azurerm_network_watcher.md azurerm_network_watcher resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_network_watcher" >}} - -Use the `azurerm_network_watcher` InSpec audit resource to test properties of an Azure -Network Watcher. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-watcher/networkwatchers/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_network_watcher` resource block identifies a Network Watcher by name and -resource group. - - describe azurerm_network_watcher(resource_group: 'example', name: 'WatcherName') do - ... - end - -## Examples - -### Test that an example Resource Group has the specified Network Watcher - - describe azurerm_network_watcher(resource_group: 'example', name: 'WatcherName') do - it { should exist } - end - -### Test that an example Resource Group has a Network Watcher with the Provisioning State value 'Succeeded' - - describe azurerm_network_watcher(resource_group: 'example', name: 'WatcherName') do - its('provisioning_state') { should eq 'Succeeded' } - end - -## Parameters - -- `name` -- `resource_group` - -## Parameter Examples - -The Resource Group as well as the Network Watcher name. - - describe azurerm_network_watcher(resource_group: 'example', name: 'WatcherName') do - its('provisioning_state') { should eq 'Succeeded' } - end - -## Attributes - -- `provisioning_state` - -### provisioning_state - -The provisioning_state field can be checked for the value of the Provisioning State. - - its('provisioning_state') { should eq 'Succeeded' } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'WatcherName' to always exist - describe azurerm_network_watcher(resource_group: 'example', name: 'WatcherName') do - it { should exist } - end - - # If we expect 'WatcherNotFound' to never exist - describe azurerm_network_watcher(resource_group: 'example', name: 'WatcherNotFound') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md deleted file mode 100644 index 195cec9b89..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "azurerm_network_watchers resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_network_watchers" - identifier = "inspec/resources/azure/azurerm_network_watchers.md azurerm_network_watchers resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_network_watchers" >}} - -Use the `azurerm_network_watchers` InSpec audit resource to verify that a Network Watcher -exists. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure Management API. -For more information see the [official Azure -documentation](https://docs.microsoft.com/en-us/rest/api/network-watcher/networkwatchers/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_network_watchers` resource block identifies Network Watchers by Resource -Group. - - describe azurerm_network_watchers(resource_group: 'example_group') do - ... - end - -## Examples - -### Test that an example Resource Group has the named Network Watcher - - describe azurerm_network_watchers(resource_group: 'example_group') do - its('names') { should include('ExampleNetworkWatcher') } - end - -## Attributes - -- `names` - -### names - -The name of the Network Watcher - - its('names') { should include('ExampleNetworkWatcher') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ExampleGroup' Resource Group to have Network Watchers - describe azurerm_network_watchers(resource_group: 'ExampleGroup') do - it { should exist } - end - - # If we expect 'MissingExampleGroup' Resource Group to not have Network Watchers - describe azurerm_network_watchers(resource_group: 'MissingExampleGroup') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md deleted file mode 100644 index 524a38bc59..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md +++ /dev/null @@ -1,130 +0,0 @@ -+++ -title = "azurerm_postgresql_database resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_postgresql_database" - identifier = "inspec/resources/azure/azurerm_postgresql_database.md azurerm_postgresql_database resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_postgresql_database" >}} - -Use the `azurerm_postgresql_database` InSpec audit resource to test properties and configuration of -an Azure PostgreSQL Database on a PostgreSQL Server. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.powershell.cmdlets.postgresql.postgresql.-ctor?view=az-ps-latest). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `server_name` and `database_name` must be given as a parameter. - - describe azurerm_postgresql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'order-db') do - it { should exist } - end - -## Examples - -If a PostgreSQL Database is referenced with a valid `Resource Group`, `Server Name` and `Database name` - - describe azurerm_postgresql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'order-db') do - it { should exist } - its('name') { should be 'order-db' } - end - -If a PostgreSQL Database is referenced with an invalid `Resource Group`, `Server Name` or `Database Name` - - describe azurerm_postgresql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'invalid-db-name') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the PostgreSQL Server belongs. -- `server_name` - The unique name of the PostgreSQL Server. -- `database_name` - The unique name of the PostgreSQL Database. - -## Attributes - -- `id` -- `name` -- `type` -- `properties` - -### id - -Azure resource ID. - -### name - -SQL Server name, e.g. `customer-database`. - -### type - -The type of Resource, typically `Microsoft.DBforPostgreSQL/servers/databases`. - -### properties - -A collection of additional configuration properties related to the PostgreSQL Database, e.g. `collation`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_postgresql_database(resource_group: 'my-rg', server_name: 'server-name-1', database_name: 'customer-db') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md deleted file mode 100644 index 0c5ed33b6c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azurerm_postgresql_databases resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_postgresql_databases" - identifier = "inspec/resources/azure/azurerm_postgresql_databases.md azurerm_postgresql_databases resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_postgresql_databases" >}} - -Use the `azurerm_postgresql_databases` InSpec audit resource to test properties and configuration of Azure PostgreSQL Databases. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/databases/list-by-server). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_postgresql_databases` resource block returns all Databases on a PostgreSQL Server, within a Resource Group. - - describe azurerm_postgresql_databases(resource_group: ..., server_name: ...) do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check PostgreSQL Databases are present - - describe azurerm_postgresql_databases(resource_group: 'resource-group-1', server_name: 'production') do - it { should exist } - its('names') { should include 'my-database-name' } - end - -## Filter Criteria - -- `azure_postgresql_databases` resources are filterable on all available properties. Below are some examples. - -### names - -Filters the results to include only those databases that match the given -name. This is a string value. - - describe azurerm_postgresql_databases(resource_group: 'rg', server_name: 'server').where{ name.eql?('production-database') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `type` -- `properties` - -### ids - -Azure resource ID. - -### names - -SQL Database name, e.g. `my-sql-database`. - - its('names') { should include 'my-sql-database' } - -### type - -The type of Resource, typically `Microsoft.Sql/servers/databases`. - -### properties - -A collection of additional configuration properties related to the PostgreSQL Database. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_postgresql_databases do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md deleted file mode 100644 index 40de7f3f01..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md +++ /dev/null @@ -1,138 +0,0 @@ -+++ -title = "azurerm_postgresql_server resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_postgresql_server" - identifier = "inspec/resources/azure/azurerm_postgresql_server.md azurerm_postgresql_server resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_postgresql_server" >}} - -Use the `azurerm_postgresql_server` InSpec audit resource to test properties and configuration of -an Azure PostgreSQL Server. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/databases/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `server_name` must be given as a parameter. - - describe azurerm_postgresql_server(resource_group: 'inspec-resource-group-9', server_name: 'example_server') do - it { should exist } - end - -## Examples - -If a PostgreSQL Server is referenced with a valid `Resource Group` and `Server Name` - - describe azurerm_postgresql_server(resource_group: 'my-rg', server_name: 'sql-server-1') do - it { should exist } - end - -If a PostgreSQL Server is referenced with an invalid `Resource Group` or `Server Name` - - describe azurerm_postgresql_server(resource_group: 'invalid-rg', server_name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the SQL Server belongs. -- `server_name` - The unique name of the SQL Server. - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `type` - -### id - -Azure resource ID. - -### name - -Server name, e.g. `my-sql-server`. - -### sku - -SKU of server. This is billing information related properties of a server. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the PostgreSQL Server, e.g. `administratorLogin`. - -### type - -The type of Resource, typically `Microsoft.DBforPostgreSQL/servers`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_postgresql_server(resource_group: 'my-rg', server_name: 'server-name-1') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md deleted file mode 100644 index 42598a84cf..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "azurerm_postgresql_servers resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_postgresql_servers" - identifier = "inspec/resources/azure/azurerm_postgresql_servers.md azurerm_postgresql_servers resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_postgresql_servers" >}} - -Use the `azurerm_postgresql_servers` InSpec audit resource to test properties and configuration of multiple Azure PostgreSQL Servers. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/flexibleserver(preview)/servers/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_postgresql_servers` resource block returns all Azure PostgreSQL Servers, either within a Resource Group (if provided), or within an entire Subscription. - - describe azurerm_postgresql_servers do - ... - end - -or - - describe azurerm_postgresql_servers(resource_group: 'my-rg') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check SQL Servers are present - - describe azurerm_postgresql_servers do - it { should exist } - its('names') { should include 'my-server-name' } - end - -## Filter Criteria - -### names - -Filters the results to include only those servers which match the given name. This is a string value. - - describe azurerm_postgresql_servers.where{ name.eql?('production-server-5') } do - it { should exist } - end - -### location - -Filters the results to include only those servers which reside in a given location. This is a string value. - - describe azurerm_postgresql_servers.where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `sku` -- `location` -- `properties` -- `type` - -### ids - -Azure resource ID. - -### names - -SQL Server name, e.g. `my-sql-server`. - - its('names') { should include 'my-sql-database' } - -### sku - -SKU of the server. This is billing information related properties of a server. - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### properties - -A collection of additional configuration properties related to the PostgreSQL Server, e.g. `administratorLogin`. - -### type - -The type of Resource, typically `Microsoft.DBforPostgreSQL/servers`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_postgresql_servers do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md deleted file mode 100644 index a9d9315210..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md +++ /dev/null @@ -1,137 +0,0 @@ -+++ -title = "azurerm_resource_groups resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_resource_groups" - identifier = "inspec/resources/azure/azurerm_resource_groups.md azurerm_resource_groups resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_resource_groups" >}} - -Use the `azurerm_resource_groups` InSpec audit resource to test properties of -some or all Azure Resource Groups - -A Resource Group is a grouping of Azure resources. This allows you to issue a common -command on a group of resources. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure Management API. -For more information see the [official Azure -documentation](https://docs.microsoft.com/en-us/rest/api/resources/resourcegroups/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.0.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_resource_groups` resource block uses an optional filter to select a -group of Resource Groups and then tests that group. - - describe azurerm_resource_groups do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check for a Resource Group - - describe azurerm_resource_groups do - its('names') { should include 'MyResourceGroup' } - end - -### Insist that your resource group exists - - describe azurerm_resource_groups.where(name: 'MyResourceGroup') - it { should exist } - end - -### Use names to get all Virtual Machines in Azure - - azurerm_resource_groups.names.each do |resource_group| - describe azurerm_virtual_machines(resource_group: resource_group, name: 'MyVmName') do - its('monitoring_agent_installed') { should be true } - end - end - -## Filter Criteria - -- `names` - -### names - -Filters the results to include only those resource groups that match the given name. This -is a string value. - - describe azurerm_resource_groups.where { name.start_with?('InSpec') } do - it { should exist } - end - -## Attributes - -- `ids` -- `names` -- `tags` - -### names - -The ids property provides a list of all the Resource Group ids. - - its('ids') { should include 'MyResourceGroupID' } - -The names property provides a list of all the Resource Group names. - - its('names') { should include 'MyResourceGroup' } - -The tags property provides a list of all the Resource Group tags. - - its('tags') { should include '{MyResourceGroupTag=""}' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use `should_not` if you -expect zero matches. - - describe azurerm_resource_groups do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md deleted file mode 100644 index 69ff382575..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md +++ /dev/null @@ -1,140 +0,0 @@ -+++ -title = "azurerm_role_definition resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_role_definition" - identifier = "inspec/resources/azure/azurerm_role_definition.md azurerm_role_definition resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_role_definition" >}} - -Use the `azurerm_role_definition` InSpec audit resource to test properties of -an Azure Role Definition. - -## Azure REST API version - -This resource interacts with version `2015-07-01` of the Management API. For more -information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/authorization/roledefinitions/get#roledefinition). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.7 of the inspec-azure resource pack. - -## Syntax - -The `name` of the Role must be given as a parameter. For built-in roles, such as `Owner` or `Contributor`, this role name takes the form of a UUID. For `CustomRole`'s which you have added to your subscription yourself, the Name field will be what you choose on creation of the Role. - - describe azurerm_role_definition(name: 'some-custom-role-name') do - ... - end - -## Examples - -Ensure a given role has a specific permission - - describe azurerm_role_definition(name: 'policy-reader-only') - it { should exist } - its('permissions_allowed') { should include 'Microsoft.Authorization/policyassignments/read'} - its('permissions_allowed') { should_not include 'Microsoft.Authorization/policyassignments/write'} - its('permissions_allowed') { should_not include '*'} - end - -## Attributes - -- `id` -- `name` -- `role_name` -- `type` -- `role_type` -- `assignable_scopes` -- `permissions_allowed` -- `permissions_not_allowed` - -### id - -The object ID of the Role - -### name - -The name of the Role. For a built-in role this will be an Azure generated UUID. For a CustomRole this will be the name you specified on creation. - -### role_name - -The human readable name of the Role. - -### type - -The type of the object, e.g. `Microsoft.Authorization/roleDefinitions` - -### role_type - -`BuiltInRole` or `CustomRole` - -### assignable_scopes - -Role Assignable scopes. - -### permissions_allowed - -Provider permissions granted with this role. - -### permissions_not_allowed - -Provider permissions blocked with this role. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). Given the example response in their documentation: - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_role_definition(name: 'some-role') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md deleted file mode 100644 index f864d9c453..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "azurerm_role_definitions resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_role_definitions" - identifier = "inspec/resources/azure/azurerm_role_definitions.md azurerm_role_definitions resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_role_definitions" >}} - -Use the `azurerm_role_definitions` InSpec audit resource to test properties of -some or all Azure Role Definitions. - -## Azure REST API version - -This resource interacts with version `2015-07-01` of the Azure Graph API. For more -information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/authorization/roledefinitions/list#roledefinition). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.7 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_role_definitions` resource block returns all Role definitions within a subscription and allows testing of them. - - describe azurerm_role_definitions do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check a role has the correct permissions are present - -```ruby -describe azurerm_role_definitions.where{name.eql?('Custom-Admin')} do - its ('properties.first.permissions.first') { should have_attributes(actions: ['*']) } -end -``` - -### Check a role does not have certain permissions - - describe azurerm_role_definitions do - its ('properties.first.permissions.first') { should have_attributes(notActions: [ - 'Microsoft.Authorization/*/Delete', - 'Microsoft.Authorization/*/Write', - 'Microsoft.Authorization/elevateAccess/Action', - 'Microsoft.Blueprint/blueprintAssignments/write', - 'Microsoft.Blueprint/blueprintAssignments/delete' - ]) } - end - -## Filter Criteria - -### names - -Filters the results to include only those resource groups that match the given -name. This is a string value. - - describe azurerm_role_definitions.where{name.eql?('Custom-Admin') } do - it { should exist } - end - -## Properties - -- `ids` -- `names` -- `properties` - -### ids - -The Object IDs of the Roles. - -### names - -The names of the Roles. For a built-in role this will be an Azure generated UUID. For a CustomRole this will be the name you specified on creation. - -### properties - -Additional properties available for the Roles. May be accessed with dot notation in controls. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_role_definitions do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md deleted file mode 100644 index d0b49c9721..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "azurerm_security_center_policies resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_security_center_policies" - identifier = "inspec/resources/azure/azurerm_security_center_policies.md azurerm_security_center_policies resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_security_center_policies" >}} - -Use the `azurerm_security_center_policies` InSpec audit resource to test -properties of some or all Azure Security Center Policies. - -Security Center Policies are defined for each Resource Group. A Security Center Policy -called `default` also exists for every subscription. - -## Azure REST API version - -This resource interacts with version `2015-06-01-Preview` of the Azure -Management API. For more information see the [official Azure documentation](). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.0.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_security_center_policies` resource block uses an optional filter to -select a group of Security Center Policies and confirm that the expected groups -exist. - - describe azurerm_security_center_policies do - ... - end - -## Examples - -### Check for a Security Center Policy - - describe azurerm_security_center_policies do - its('names') { should include 'default' } - end - -### Assert default Security Center Policy exists - - describe azurerm_security_center_policies.where(name: 'default') - it { should exist } - end - -## Filter Criteria - -- `names` - -### names - -Filters the results to include only those Security Center Policies that match the given -name. This is a string value. - - # default should always exist - describe azurerm_security_center_policies.where(name: 'default') - it { should exist } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use `should_not` if you -expect zero matches. - - # default should always exist - describe azurerm_security_center_policies.where(name: 'default') - it { should exist } - end - - # this security center policy should not exist - describe azurerm_security_center_policies.where(name: 'DoesNotExist') - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md deleted file mode 100644 index 320dd54736..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md +++ /dev/null @@ -1,299 +0,0 @@ -+++ -title = "azurerm_security_center_policy resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_security_center_policy" - identifier = "inspec/resources/azure/azurerm_security_center_policy.md azurerm_security_center_policy resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_security_center_policy" >}} - -Use the `azurerm_security_center_policy` InSpec audit resource to test properties -of the `default` Security Center Policy. Azure currently only supports looking -up the `default` policy via their Rest API. If you attempt to look up a -different Security Policy you will receive an error. - -An Azure Security Center Policy defines a set of controls recommended for -resources within this subscription. These settings will generate alerts if -something is found to violate the recommendations. This resource allows you to -inspect what alerts you have configured for your account. - -## Azure REST API Version - -This resource interacts with version `2015-06-01-Preview` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/previous-versions/azure/reference/mt704062%28v%3dazure.100%29). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.0.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_security_center_policy` resource block identifies a Security Center -Policy by name. In the current Rest API you may only lookup a `default` policy. -If no policy is given the default one will be used. - - describe azurerm_security_center_policy(name: 'default') do - ... - end - -## Examples - -### Assert that the default Security Center Policy exists - - describe azurerm_security_center_policy(name: 'default') do - it { should exist } - end - -### Assert that the default Security Center Policy has log collection enabled - - describe azurerm_security_center_policy(name: 'default') do - its('log_collection') { should eq('On') } - end - -### A non default policy may not be searched - - describe azurerm_security_center_policy(name: 'NonDefaultPolicy') do - it { should_not exist } - end - -## Parameters - -- `name` - -## Parameter Examples - -The name of the Security Center Policy. It must be `default`. If no name is given then it -will search for the `default` Security Center Policy (Optional). - - describe azurerm_security_center_policy(name: 'default') do - its('log_collection') { should eq('On') } - end - -## Attributes - -- `id` -- `name` -- `log_collection` -- `patch` -- `baseline` -- `anti_malware` -- `disk_encryption` -- `network_security_groups` -- `web_application_firewall` -- `next_generation_firewall` -- `vulnerability_assessment` -- `storage_encryption` -- `just_in_time_network_access` -- `app_whitelisting` -- `sql_auditing` -- `sql_transparent_data_encryption` -- `notifications_enabled`, -- `send_security_email_to_admin` -- `contact_emails` -- `contact_phone` -- `pricing_tier` - -### id - -The id of the Security Center -Policy. - - its('id') { should eq('/subscriptions//providers/Microsoft.Security/policies/default') } - -### name - -The name of the Security Center Policy. - - its('name') { should eq('default') } - -### log_collection - -Log collection indicates if the monitoring agent will collect security data (`On`|`Off`). - - its('log_collection') { should eq('On') } - -### pricing_tier - -Cost/Feature Model under which the subscription is operating (`Standard`|`Free`). - - its('pricing_tier') { should eq('Standard') } - -### patch - -Patch indicates if system updates should be enabled for virtual machines (`On`|`Off`). - - its('patch') { should eq('On') } - -### baseline - -Baseline indicates if OS vulnerabilities recommendations for virtual machines are enabled -(`On`|`Off`). - - its('baseline') { should eq('On') } - -### anti_malware - -Anti-Malware indicates if endpoint protection recommendations for virtual machines are -enabled (`On`|`Off`). - - its('anti_malware') { should eq('On') } - -### disk_encryption - -Disk Encryption indicates if recommendations for virtual machines are enabled -(`On`|`Off`). - - its('disk_encryption') { should eq('On') } - -### network_security_groups - -Network security groups indicates if recommendations for virtual machines are enabled -(`On`|`Off`). - - its('network_security_groups') { should eq('On') } - -### web_application_firewall - -Web application firewall indicates if recommendations for virtual machines are enabled -(`On`|`Off`). - - its('web_application_firewall') { should eq('On') } - -### next_generation_firewall - -Next generation firewall indicates if recommendations for virtual machines are enabled -(`On`|`Off`). - - its('next_generation_firewall') { should eq('On') } - -### vulnerability_assessment - -Vulnerability assessment indicates if recommendations for virtual machines are enabled -(`On`|`Off`). - - its('vulnerability_assessment') { should eq('On') } - -### storage_encryption - -Storage Encryption indicates if new data in Azure Blobs and Files will be encrypted by default (`On`|`Off`). - - its('storage_encryption') { should eq('On') } - -### just_in_time_network_access - -Just in time network access indicates if recommendations for virtual machines are enabled -(`On`|`Off`). - - its('just_in_time_network_access') { should eq('On') } - -### app_whitelisting - -App whitelisting indicates if adaptive application controls are enabled (`On`|`Off`). - - its('app_whitelisting') { should eq('On') } - -### sql_auditing - -SQL auditing indicates if auditing and threat detection recommendations are enabled -(`On`|`Off`). - - its('sql_auditing') { should eq('On') } - -### sql_transparent_data_encryption - -SQL transparent data encryption indicates if recommendations are enabled (`On`|`Off`). - - its('sql_transparent_data_encryption') { should eq('On') } - -### notifications_enabled - -Notifications enabled indicates if security alerts are emailed to the security contact -(`true`|`false`). - - its('notifications_enabled') { should eq(true) } - -### send_security_email_to_admin - -Send security email to admin indicates if the subscription admin will receive security -alerts (`true`|`false`). - - its('send_security_email_to_admin') { should eq(true) } - -### contact_emails - -Contact emails contains a list of security email addresses. - - its('contact_emails') { should include('security@example.com') } - -### contact_phone - -Contact phone contains the security contact phone number. - - its('contact_phone') { should eq('1-111-111-1111') } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # default should always exist - describe azurerm_security_center_policy(name: 'default') do - it { should exist } - end - - # this security center policy should not exist - describe azurerm_security_center_policy(name: 'DoesNotExist') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md deleted file mode 100644 index 02fcdac56e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "azurerm_sql_database resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_sql_database" - identifier = "inspec/resources/azure/azurerm_sql_database.md azurerm_sql_database resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_sql_database" >}} - -Use the `azurerm_sql_database` InSpec audit resource to test properties and configuration of -an Azure SQL Database on a SQL Server. - -## Azure REST API version - -This resource interacts with version `2017-10-01-preview` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/sql/databases/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, `server_name` and `database_name` must be given as a parameter. - - describe azurerm_sql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'order-db') do - it { should exist } - end - -## Examples - -If a SQL Database is referenced with a valid `Resource Group`, `Server Name` and `Database name` - - describe azurerm_sql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'order-db') do - it { should exist } - its('name') { should be 'order-db'} - end - -If a SQL Database is referenced with an invalid `Resource Group`, `Server Name` or `Database Name` - - describe azurerm_sql_database(resource_group: 'inspec-rg', server_name: 'customer_server', database_name: 'invalid-db-name') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the SQL Server belongs. -- `server_name` - The unique name of the SQL Server. -- `database_name` - The unique name of the SQL Database. - -## Attributes - -- `id` -- `name` -- `kind` -- `location` -- `type` -- `sku` -- `properties` - -### id - -Azure resource ID. - -### name - -SQL Server name, e.g. `customer-database`. - -### kind - -Kind of sql database. This is metadata used for the Azure portal experience. - -### location - -Resource location, e.g. `eastus`. - -### type - -The type of Resource, typically `Microsoft.Sql/servers/databases`. - -### sku - -The name and tier of the SKU. - -### properties - -A collection of additional configuration properties related to the SQL Database, e.g. `collation`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_sql_database(resource_group: 'my-rg', server_name: 'server-name-1', database_name: 'customer-db') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md deleted file mode 100644 index 8ac26109d8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md +++ /dev/null @@ -1,148 +0,0 @@ -+++ -title = "azurerm_sql_databases resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_sql_databases" - identifier = "inspec/resources/azure/azurerm_sql_databases.md azurerm_sql_databases resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_sql_databases" >}} - -Use the `azurerm_sql_databases` InSpec audit resource to test properties and configuration of Azure SQL Databases. - -## Azure REST API version - -This resource interacts with version `2017-10-01-preview` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/sql/databases/listbyserver). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_sql_databases` resource block returns all SQL Databases on a SQL Server, within a resource group. - - describe azurerm_sql_databases(resource_group: ..., server_name: ...) do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check SQL Databases are present - - describe azurerm_sql_databases(resource_group: 'resource-group-1', server_name: 'production') do - it { should exist } - its('names') { should include 'my-database-name' } - end - -## Filter Criteria - -- `azure_sql_databases` resources are filterable on all available properties. Below are some examples. - -### names - -Filters the results to include only those databases that match the given -name. This is a string value. - - describe azurerm_sql_databases(resource_group: 'rg', server_name: 'server').where{ name.eql?('production-database') } do - it { should exist } - end - -### location - -Filters the results to include only those resource groups that reside ina given location. This is a string value. - - describe azurerm_sql_databases(resource_group: 'rg', server_name: 'server').where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `kind` -- `location` -- `type` -- `sku` -- `properties` - -### ids - -Azure resource ID. - -### names - -SQL Database name, e.g. `my-sql-database`. - - its('names') { should include 'my-sql-database' } - -### kinds - -Kind of sql database. This is metadata used for the Azure portal experience. - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### type - -The type of Resource, typically `Microsoft.Sql/servers/databases`. - -### sku - -The name and tier of the SKU. - -### properties - -A collection of additional configuration properties related to the SQL Database, e.g. `collation`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_sql_databases do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md deleted file mode 100644 index 40c7659f9d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "azurerm_sql_server resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_sql_server" - identifier = "inspec/resources/azure/azurerm_sql_server.md azurerm_sql_server resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_sql_server" >}} - -Use the `azurerm_sql_server` InSpec audit resource to test properties and configuration of -an Azure SQL Server within a Resource Group. - -## Azure REST API version - -This resource interacts with version `2018-06-01-preview` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/sql/servers/get#server). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `server_name` must be given as a parameter. - - describe azurerm_sql_server(resource_group: 'inspec-resource-group-9', server_name: 'example_server') do - it { should exist } - end - -## Examples - -If a SQL Server is referenced with a valid `Resource Group` and `Server Name` - - describe azurerm_sql_server(resource_group: 'my-rg', server_name: 'sql-server-1') do - it { should exist } - end - -If a SQL Server is referenced with an invalid `Resource Group` or `Server Name` - - describe azurerm_sql_server(resource_group: 'invalid-rg', server_name: 'i-do-not-exist') do - it { should_not exist } - end - -## Parameters - -- `resource_group` - The resource Group to which the SQL Server belongs. -- `server_name` - The unique name of the SQL Server. - -## Attributes - -- `id` -- `name` -- `kind` -- `location` -- `properties` -- `tags` -- `type` - -### id - -Azure resource ID. - -### name - -SQL Server name, e.g. `my-sql-server`. - -### kind - -Kind of sql server. This is metadata used for the Azure portal experience. - -### location - -Resource location, e.g. `eastus`. - -### properties - -A collection of additional configuration properties related to the SQL Server, e.g. `administratorLogin`. - -### tags - -Resource tags applied to the SQL Server. - -### type - -The type of Resource, typically `Microsoft.Sql/servers`. - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_sql_server(resource_group: 'my-rg', server_name: 'server-name-1') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md deleted file mode 100644 index 3804ab0258..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "azurerm_sql_servers resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_sql_servers" - identifier = "inspec/resources/azure/azurerm_sql_servers.md azurerm_sql_servers resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_sql_servers" >}} - -Use the `azurerm_sql_servers` InSpec audit resource to test properties and configuration of Azure SQL Servers. - -## Azure REST API version - -This resource interacts with version `2018-06-01-preview` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/sql/servers/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_sql_servers` resource block returns all Azure SQL Servers, either within a Resource Group (if provided), or within an entire Subscription. - - describe azurerm_sql_servers do - ... - end - -or - - describe azurerm_sql_servers(resource_group: 'my-rg') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check SQL Servers are present - - describe azurerm_sql_servers do - it { should exist } - its('names') { should include 'my-server-name' } - end - -## Filter Criteria - -### names - -Filters the results to include only those servers which match the given name. This is a string value. - - describe azurerm_sql_servers.where{ name.eql?('production-server-5') } do - it { should exist } - end - -### location - -Filters the results to include only those servers which reside in a given location. This is a string value. - - describe azurerm_sql_servers.where{ location.eql?('eastus') } do - it { should exist } - end - -## Attributes - -- `id` -- `name` -- `kind` -- `location` -- `properties` -- `tags` -- `type` - -### ids - -Azure resource ID. - -### names - -SQL Server name, e.g. `my-sql-server`. - - its('names') { should include 'my-sql-database' } - -### kinds - -Kind of sql server. This is metadata used for the Azure portal experience. - -### locations - -Resource location, e.g. `eastus`. - - its('locations') { should_not include 'eastus' } - -### properties - -A collection of additional configuration properties related to the SQL Server, e.g. `administratorLogin`. - -### tag - -Resource tags applied to the SQL Server. - -### type - -The type of Resource, typically `Microsoft.Sql/servers`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_sql_servers do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md deleted file mode 100644 index 7fdfed47be..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md +++ /dev/null @@ -1,151 +0,0 @@ -+++ -title = "azurerm_storage_account_blob_container resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_storage_account_blob_container" - identifier = "inspec/resources/azure/azurerm_storage_account_blob_container.md azurerm_storage_account_blob_container resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_storage_account_blob_container" >}} - -Use the `azurerm_storage_account_blob_container` InSpec audit resource to test properties related to a -Blob Container in an Azure Storage Account. - -## Azure REST API version - -This resource interacts with version `2018-07-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/javascript/api/@azure/arm-storage/blobcontainers?view=azure-node-latest). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_storage_account_blob_container` block returns the requested Blob Container within an Azure Storage Account. - -The `resource_group`, `storage_account_name` and `blob_container_name` must be given as -parameters. - - describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'production', - blob_container_name: 'logs') do - ... - ... - end - -## Examples - -### Ensure that the Blob Container exists - - describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'default', - blob_container_name: 'logs') do - it { should exist } - its('name') { should eq('logs') } - end - -### Ensure that the Blob Container is private - - describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'production', - blob_container_name: 'logs') do - its('properties') { should have_attributes(publicAccess: 'None') } - end - -## Parameters - -- `resource_group` -- `storage_account_name` -- `blob_container_name` - -## Attributes - -- `id` -- `name` -- `etag` -- `properties` -- `type` - -### id - -Fully qualified resource ID for the resource, e.g. - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - -### name - -The name of the resource - -### etag - -Resource Etag, e.g. - - \"0x8D592D74CC20EBA\" - -### properties - -Additional properties relating to the Blob Container, e.g. - - its('properties') { should have_attributes(publicAccess: 'None') } - -### type - -The resource type, e.g. - - Microsoft.Storage/storageAccounts/blobServices/containers - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'production', - blob_container_name: 'logs') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md deleted file mode 100644 index e4c13711f0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "azurerm_storage_account_blob_containers resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_storage_account_blob_containers" - identifier = "inspec/resources/azure/azurerm_storage_account_blob_containers.md azurerm_storage_account_blob_containers resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_storage_account_blob_containers" >}} - -Use the `azurerm_storage_account_blob_containers` InSpec audit resource to test properties and configuration of Blob Containers within an Azure Storage Account. - -## Azure REST API version - -This resource interacts with version `2018-07-01` of the Azure Management API. For more -information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.storage.models.blobcontainers.list?view=azure-java-stable). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.3.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_storage_account_blob_containers` block returns all Blob Containers within a given Azure Storage Account. - -The `resource_group` and `storage_account_name` must be given as parameters. - - describe azurerm_storage_account_blob_containers(resource_group: 'rg', storage_account_name: 'production') do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Ensure that a Blob Container exists - - describe azurerm_storage_account_blob_containers(resource_group: 'rg', storage_account_name: 'sa') do - its('names') { should include('my_blob_container') } - end - -## Filter Criteria - -- `ids` -- `names` -- `etags` - -### names - -Filters the results to include only those containers which match the given name. This is a string value. - - describe azurerm_storage_account_blob_containers(resource_group: 'rg', storage_account_name: 'sa') do - its('names') { should include('my_blob_container') } - end - -## Attributes - -- `ids` -- `names` -- `etags` - -### ids - -Azure resource ID. - -### names - -Blob Container name, e.g. `my-blob-container`. - - its('names') { should include 'my-blob-container' } - -### etags - -The etag of the Resource, e.g. `\"0x8D592D74CC20EBA\"`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_storage_account_blob_containers do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md deleted file mode 100644 index 3f096e5042..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md +++ /dev/null @@ -1,188 +0,0 @@ -+++ -title = "azurerm_subnet resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_subnet" - identifier = "inspec/resources/azure/azurerm_subnet.md azurerm_subnet resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_subnet" >}} - -Use the `azurerm_subnet` InSpec audit resource to test properties related to a -subnet for a given virtual network. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/subnets/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group`, virtual network `vnet`, and subnet 'name' must be given as parameters. -Since subnet must be in the context of a virtual network, this parameter had to be included. - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - ... - end - -## Examples - -### Ensure That the Subnet Exists for a given Virtual Network - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - it { should exist } - end - -### Ensure That the Subnets Address Prefix Is Configured as Expected - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - its('address_prefix') { should eq [192.168.0.0/24] } - end - -### Ensure That the Subnet Is Attached to the Right Network Security Group - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - its('nsg') { should eq 'NetworkSecurityGroupName'} - end - -## Parameters - -- `resource_group` -- `vnet` -- `name` - -## Parameter Examples - -### resource_group (required) - -Defines the resource group of the subnet that you wish to test resides in. - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - ... - end - -### vnet (required) - -Defines the virtual network that the subnet that you wish to test is a part of. - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - ... - end - -### name (required) - -Defines the name of the subnet that you wish to test. - - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - ... - end - -## Attributes - -- `id` -- `name` -- `type` -- `address_prefix` -- `nsg` - -### id - -The subnet's id. - - its('id') { should eq(id) } - -Id will be in -format: - - '/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/Inspec-VNet/subnets/Inspec-Subnet' - -### name - -The subnets's name. - - its('name') { should eq('SubnetName') } - -### type - -The virtual network's resource type. - - its('type') { should eq 'Microsoft.Network/virtualNetworks/subnets' } - -### address_prefix - -The address prefix for the subnet. - - its('address_prefix') { should eq "x.x.x.x/x" } - -### nsg - -The network security group attached to the subnet. - - its('nsg') { should eq 'MyNetworkSecurityGroupName' } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # If a subnet is found it will exist - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'MySubnetName') do - it { should exist } - end - - # subnets that aren't found will not exist - describe azurerm_subnet(resource_group: 'MyResourceGroup', vnet: 'MyVnetName', name: 'DoesNotExist') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md deleted file mode 100644 index 19d14d7d89..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "azurerm_subnets resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_subnets" - identifier = "inspec/resources/azure/azurerm_subnets.md azurerm_subnets resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_subnet" >}} - -Use the `azurerm_subnets` InSpec audit resource to test properties related to -subnets for a resource group. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/subnets/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.2.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and 'vnet' must be given as a parameter. - - describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do - ... - end - -## Examples - - # Exists if any subnets exist for a given virtual network in the resource group - describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do - it { should exist } - end - -## Parameters - -- `resource_group` -- 'vnet' - -### Parameter Examples - -### resource_group (required) - -Defines the resource group of the subnet that you wish to test resides in. - - describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do - ... - end - -### vnet (required) - -Defines the virtual network that the subnet that you wish to test is a part of. - - describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do - ... - end - -### name - -Filters the results to only those that match the given name. - - # Insist that MySubnet exists - describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do - .where(name: 'MySubnet') do - it { should exist } - end - -## Attributes - -- `names` - -### names - -Gives a list of all the subnet names in the virtual network. - - its('names') { should include('SubnetName1', 'SubnetName2') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # Should not exist if no subnets are in the virtual network - describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md deleted file mode 100644 index 35f46dcd02..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "azurerm_subscription resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_subscription" - identifier = "inspec/resources/azure/azurerm_subscription.md azurerm_subscription resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_subscription" >}} - -Use the `azurerm_subscription` InSpec audit resource to test properties related to the current subscription -subscription. - -## Azure REST API version - -This resource interacts with version `2019-10-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.7.0 of the inspec-azure resource pack. - -## Syntax - -The resource will retrieve the current subscription which InSpec is using, which is -specified in your environment/service principal. - - describe azurerm_subscription do - ... - end - -## Examples - -### Ensure a Location Is Available in a Subscription - - describe azurerm_subscription do - its('name') { should eq 'subscription name' } - its('locations') { should include 'eastus' } - end - -## Parameters - -No parameters required. - -## Attributes - -- `id` -- `name` -- `locations` - -### id - -The subscription's unique id. e.g. '1ea4649e-0132-4f1c-8b68-9f9b2147281c' - -### name - -The subscriptions's display name. - - its('name') { should eq('subscription name') } - -### locations - -An array of locations available in this subscription. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_subscription do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md deleted file mode 100644 index 686840b06f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md +++ /dev/null @@ -1,236 +0,0 @@ -+++ -title = "azurerm_virtual_machine resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_virtual_machine" - identifier = "inspec/resources/azure/azurerm_virtual_machine.md azurerm_virtual_machine resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_virtual_machine" >}} - -Use the `azurerm_virtual_machine` InSpec audit resource to test properties related to a -virtual machine. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.0.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and virtual machine `name` must be given as -parameters. - - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - ... - end - -## Examples - -### Ensure That the Virtual Machine Has the Expected Data Disks - - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - its('data_disks') { should include 'DataDisk1' } - its('data_disks') { should include 'DataDisk2' } - end - -### Ensure That the Virtual Machine Has the Expected Monitoring Agent Installed - - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should have_monitoring_agent_installed } - end - -## Parameters - -- `resource_group` -- `name` - -## Parameter Examples - -### resource_group (required) - -Defines the resource group that the virtual machine that you wish to test resides -in. - - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - ... - end - -### name (required) - -Defines the name of the virtual machine that you wish to -test. - - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - ... - end - -## Attributes - -- `id` -- `name` -- `location` -- `properties` -- `resources` -- `tags` -- `type` -- `zones` -- `installed_extensions_types` -- `installed_extensions_names` -- `monitoring_agent_installed` -- `os_disk_name` -- `data_disk_names` - -### id - -The virtual machine's id. - - its('id') { should eq(id) } - -Id will be in -format: - - '/subscriptions//resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVirtualMachine' - -### name - -The virtual machine's name. - - its('name') { should eq('MyVmName') } - -### location - -The virtual machine's location. - - its('location') { should eq('East US') } - -### tags - -The virtual machine's tags. - - its('tags') { should eq({ 'key' => 'value' }) } - -### type - -The virtual machine's resource type. - - its('type') { should eq('Microsoft.Compute/virtualMachines') } - -### zones - -The virtual machine's availability zones. - - its('zones') should include('zone1', 'zone2') - -### os_disk_name - -The virtual machine's operating system disk name. - - its('os_disk_name') { should eq('OsDiskName') } - -### data_disk_names - -The virtual machine's data disk names. - - its('data_disk_names') { should include('DataDisk1') } - -### installed_extensions_types - -List of all installed extensions' types for the virtual machine. - - its('installed_extensions_types') { should eq(['ExtensionType']) } - -### installed_extensions_names - -List of all installed extensions' names for the virtual machine. - - its('installed_extensions_names') { should eq(['ExtensionName']) } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # If a virtual machine is found it will exist - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should exist } - end - - # virtual machines that aren't found will not exist - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'DoesNotExist') do - it { should_not exist } - end - -### have_only_approved_extensions - - # Check if a virtual machine has only approved extensions. If an extension - # is used that's not in the list then the check will fail. - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should have_only_approved_extensions(['ApprovedExtension', 'OtherApprovedExtensions']) } - end - -### have_monitoring_agent_installed - - # Will be true if the MicrosoftMonitoringAgent is installed (Windows only) - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should have_monitoring_agent_installed } - end - -### have_endpoint_protection_installed - - # Will be true if any of the given extensions are installed. - describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'MyVmName') do - it { should have_endpoint_protection_installed(['Extension1', 'Extension2']) } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md deleted file mode 100644 index fa5663b990..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md +++ /dev/null @@ -1,184 +0,0 @@ -+++ -title = "azurerm_virtual_machine_disk resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_virtual_machine_disk" - identifier = "inspec/resources/azure/azurerm_virtual_machine_disk.md azurerm_virtual_machine_disk resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_virtual_machine_disk" >}} - -Use the `azurerm_virtual_machine_disk` InSpec audit resource to test properties related to -a virtual machine's disk. This resource will only support managed disks. If your disk is -not managed it will not `exist` to the matcher. - -## Azure REST API version - -This resource interacts with version `2017-03-30` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/disks/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.0.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and `name` must be given as parameters. - - describe azurerm_virtual_machine_disk(resource_group: 'MyResourceGroup', name: 'MyDiskName') do - ... - end - -## Examples - - # If a disk is found it will exist - describe azurerm_virtual_machine_disk(resource_group: 'MyResourceGroup', name: 'MyDiskName') do - it { should exist } - end - - # Check if encryption is enabled - describe azurerm_virtual_machine_disk(resource_group: 'MyResourceGroup', name: 'MyDiskName') do - its('encryption_enabled') { should be true } - end - -## Parameters - -- `resource_group`, `name` - -## Parameter Examples - - # resource_group and name are required parameters - describe azurerm_virtual_machine_disk(resource_group: 'MyGroup', name: 'MyDiskName') do - ... - end - -## Attributes - -- `id` -- `name` -- `managedBy` -- `sku` -- `properties` -- `type` -- `location` -- `tags` -- `encryption_enabled` - -### id - -The disk's unique identifier. - - its('id') { should eq(id) } - -Id will be in the -format: - - /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/disks/myManagedDisk - -### name - -The disk's name. - - its('name') { should eq('MyDiskName') } - -### managedBy - -The resource managing the disk if it is attached to a virtual machine. - - its('managedBy') { should eq(ResourceId) } - -ResourceId will be in the -format: - - /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/disks/myManagedDisk - -### sku - -The disk's sku name (`Standard_LRS`|`StandardSSD_LRS`|`Premium_LRS`). - - its('sku.name') { should eq('Standard_LRS') } - -### properties - -The disk's properties. This is a hash of key/value pairs. - -### type - -The disk's type. Will always be `Microsoft.Compute/disks`. - - its('type') { should eq('Microsoft.Compute/disks') } - -### location - -The disk's location. Will be the region where the disk resides. - - its('location') { should eq('West US') } - -### tags - -The disk's tags. Will be a hash of key/value pairs. - - its('tags') { should eq({ 'department' => 'IT' }) - -### encryption_enabled - -If the disk is encrypted or not (`true`|`false`). - - its('encryption_enabled') { should be true } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - describe azurerm_virtual_machine_disk(resource_group: 'MyResourceGroup', name: 'MyDiskName') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md deleted file mode 100644 index c5e9d26712..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "azurerm_virtual_machine_disks resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_virtual_machine_disks" - identifier = "inspec/resources/azure/azurerm_virtual_machine_disks.md azurerm_virtual_machine_disks resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_virtual_machine_disks" >}} - -Use the `azurerm_virtual_machine_disks` InSpec audit resource to test properties of -some or all Azure Disks within a subscription. - -## Azure REST API version - -This resource interacts with version `2019-03-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/disks/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.8.0 of the inspec-azure resource pack. - -## Syntax - -An `azurerm_virtual_machine_disks` resource block returns all Azure Disks in a subscription. - - describe azurerm_virtual_machine_disks do - ... - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Check a Disk exists - - describe azurerm_virtual_machine_disks do - it('names') { should include 'app-server-disk' } - end - -### Ensure there are no detached disks - - describe azurerm_virtual_machine_disks.where { attached == true } do - it { should_not exist } - end - -## Filter Criteria - -- `ids` -- `names` -- `properties` -- `tags` -- `locations` -- `attached` -- `resource_groups` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the filter returns at least one result. Use -`should_not` if you expect zero matches. - - describe azurerm_virtual_machine_disks.where { == } do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md deleted file mode 100644 index 39468e702b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md +++ /dev/null @@ -1,155 +0,0 @@ -+++ -title = "azurerm_virtual_machines resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_virtual_machines" - identifier = "inspec/resources/azure/azurerm_virtual_machines.md azurerm_virtual_machines resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_virtual_machines" >}} - -Use the `azurerm_virtual_machines` InSpec audit resource to test properties related to -virtual machines for a resource group. - -## Azure REST API version - -This resource interacts with version `2017-12-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.0.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` must be given as a parameter. - - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup') do - ... - end - -## Examples - - # Exists if any virtual machines exist in the resource group - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup') do - it { should exist } - end - - # Filters based on platform - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup').where(platform: 'windows') do - it { should exist } - end - -## Parameters - -- `resource_group` - -### Parameter Examples - -#### resource_group (required) - - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup') do - ... - end - -## Filter Criteria - -- `platform` -- `name` -- `os_disk` - -### platform - -Filters the results to only include those that match the given platform. Valid choices are -`linux` and `windows`. - - # Insist that you have at least one windows virtual machine - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup').where(platform: 'windows') do - it { should exist } - end - -### name - -Filters the result to only those that match the given name. - - # Insist that you have at least one virtual machine that starts with 'MyVm' - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup').where { name.start_with?('WindowsVm') } do - it { should exist } - end - -## Attributes - -- `os_disks` -- `data_disks` -- `vm_names` - -### os_disks - -Gives a list of OS disk names for all the virtual machines in the resource group. - - its('os_disks.sort') { should eq ['MyDisk1', 'MyDisk2'] } - -### data_disks - -Gives a list of data disks for all the virtual machines in the resource group. - - its('os_disks.sort') { should eq [['MyDisk1'], ['MyDisk2']] } - -Note that it returns an array of arrays. You may flatten them for testing: - - its('os_disks.flatten.sort') { should eq ['MyDisk1', 'MyDisk2'] } - -### vm_names - -Gives a list of all the virtual machine names in the resource group. - - its('vm_names') { should include('MyVm1', 'MyVm2') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # Should not exist if no virtual machines are in the resource group - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup') do - it { should_not exist } - end - - # Should exist if the filter returns a single virtual machine - describe azurerm_virtual_machines(resource_group: 'MyResourceGroup').where(platform: 'windows') do - it { should exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md deleted file mode 100644 index 13b3cd3b5f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md +++ /dev/null @@ -1,223 +0,0 @@ -+++ -title = "azurerm_virtual_network resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_virtual_network" - identifier = "inspec/resources/azure/azurerm_virtual_network.md azurerm_virtual_network resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_virtual_network" >}} - -Use the `azurerm_virtual_network` InSpec audit resource to test properties related to a -virtual network. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/virtualnetworks/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.1.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` and virtual network `name` must be given as -parameters. - - describe azurerm_virtual_network(resource_group: 'MyResourceGroup', name: 'MyVnetName') do - ... - end - -## Examples - -### Ensure That the Virtual Network Exists in the East US Region - - describe azurerm_virtual_network(resource_group: resource_group, name: 'MyVnetName') do - it { should exist } - its('location') { should eq 'East US' } - end - -### Ensure That the Virtual Network's Dns Servers Are Configured as Expected - - describe azurerm_virtual_network(resource_group: resource_group, name: 'MyVnetName') do - its('dns_servers') { should eq ["192.168.0.6"] } - end - -### Ensure That the Virtual Network's Address Space Is Configured as Expected - - describe azurerm_virtual_network(resource_group: resource_group, name: 'MyVnetName') do - its('address_space') { should eq ["192.168.0.0/24"] } - end - -## Parameters - -- `resource_group` -- `name` - -## Parameter Examples - -### resource_group (required) - -Defines the resource group that the virtual network that you wish to test resides in. - - describe azurerm_virtual_network(resource_group: 'MyResourceGroup', name: 'MyVnetName') do - ... - end - -### name (required) - -Defines the name of the virtual network that you wish to test. - - describe azurerm_virtual_network(resource_group: 'MyResourceGroup', name: 'MyVnetName') do - ... - end - -## Attributes - -- `id` -- `name` -- `location` -- `tags` -- `type` -- `subnets` -- `address_space` -- `dns_servers` -- `vnet_peerings` -- `enable_ddos_protection` -- `enable_vm_protection` - -### id - -The virtual network's id. - - its('id') { should eq(id) } - -Id will be in -format: - - '/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/MyVnetName' - -### name - -The virtual network's name. - - its('name') { should eq('MyVnetName') } - -### location - -The virtual network's location. - - its('location') { should eq('East US') } - -### type - -The virtual network's resource type. - - its('type') { should eq 'Microsoft.Network/virtualNetworks' } - -### tags - -The virtual network's tags. - - its('tags') { should eq({ 'key' => 'value' }) } - -### subnets - -The list of subnet names that are attached to this virtual network. - - its('subnets') { should eq ["MySubnetName"] } - -### address_space - -The list of address spaces used by the virtual network. - - its('address_space') { should eq ["x.x.x.x/x"] } - -### dns_servers - -The list of DNS servers configured for the virtual network. The virtual network returns these IP addresses -when virtual machines makes a DHCP request. - - its('dns_servers') { should eq ["x.x.x.x", "x.x.x.x"] } - -### vnet_peerings - -A mapping of names and the virtual network ids of the virtual network peerings. - - its('vnet_peerings') { should eq "MyVnetPeeringConnection"=>"PeeringConnectionID"} - -### enable_ddos_protection - -Boolean value showing if Azure DDoS standard protection is enabled on the virtual network. - - its('enable_ddos_protection') { should eq true } - -### enable_vm_protection - -Boolean value showing if the virtual network has VM protection enabled. - - its('enable_vm_protection') { should eq false } - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # If a virtual network is found it will exist - describe azurerm_virtual_network(resource_group: 'MyResourceGroup', name: 'MyVnetName') do - it { should exist } - end - - # virtual networks that aren't found will not exist - describe azurerm_virtual_network(resource_group: 'MyResourceGroup', name: 'DoesNotExist') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md deleted file mode 100644 index 0144d3927c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md +++ /dev/null @@ -1,117 +0,0 @@ -+++ -title = "azurerm_virtual_networks resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_virtual_networks" - identifier = "inspec/resources/azure/azurerm_virtual_networks.md azurerm_virtual_networks resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_virtual_networks" >}} - -Use the `azurerm_virtual_networks` InSpec audit resource to test properties related to -virtual networks for a resource group. - -## Azure REST API version - -This resource interacts with version `2018-02-01` of the Azure -Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/virtualnetworks/list). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - - name: inspec-azure - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -### Version - -This resource first became available in 1.1.0 of the inspec-azure resource pack. - -## Syntax - -The `resource_group` must be given as a parameter. - - describe azurerm_virtual_networks(resource_group: 'MyResourceGroup') do - ... - end - -## Examples - - # Exists if any virtual networks exist in the resource group - describe azurerm_virtual_networks(resource_group: 'MyResourceGroup') do - it { should exist } - end - -## Parameters - -- `resource_group` - -### Parameter Examples - -### resource_group (required) - - describe azurerm_virtual_networks(resource_group: 'MyResourceGroup') do - ... - end - -### name - -Filters the results to only those that match the given name. - - # Insist that MyVnetName exists - describe azurerm_virtual_networks(resource_group: 'MyResourceGroup') - .where(name: 'MyVnetName') do - it { should exist } - end - - # Insist that you have at least one virtual network that starts with 'prefix' - describe azurerm_virtual_networks(resource_group: 'MyResourceGroup').where { name.start_with?('prefix') } do - it { should exist } - end - -## Attributes - -- `names` - -### names - -Gives a list of all the virtual network names in the resource group. - - its('names') { should include('VnetName1', 'VnetName2') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - - # Should not exist if no virtual networks are in the resource group - describe azurerm_virtual_networks(resource_group: 'MyResourceGroup') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md deleted file mode 100644 index 2a25b99479..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md +++ /dev/null @@ -1,165 +0,0 @@ -+++ -title = "azurerm_webapp resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_webapp" - identifier = "inspec/resources/azure/azurerm_webapp.md azurerm_webapp resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_webapp" >}} - -Use the `azurerm_webapp` InSpec audit resource to test properties of an Azure Webapp. - -## Azure REST API version - -This resource interacts with version `2016-08-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/get). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_webapp` resource block identifies an AppService Webapp by name and Resource Group. - - describe azurerm_appservice_webapp(resource_group: 'example', name: 'webapp name') do - ... - end - -## Examples - -### Test and Verify That Resource Group Has Specified Webapp - -Test that an example Resource Group has the specified Webapp and verify it's -authentication settings are enabled. Verify HTTP 2.0 is enabled. - - describe azurerm_webapp(resource_group: 'example', name: 'webapp_name') do - it { should exist } - its('auth_settings.properties') { should have_attributes(enabled: false) } - its('configuration.properties') { should have_attributes(http20Enabled: true) } - end - -### Test Webapp to Ensure It's Using the Latest Supported Version Of .Net - - describe azurerm_webapp(resource_group: resource_group, name: wa_name) do - it { should be_using_latest('aspnet') } - end - -### Test Webapp to Ensure It's Using the Latest Supported Version of Python - - describe azurerm_webapp(resource_group: resource_group, name: wa_name) do - it { should be_using_latest('python') } - end - -## Parameters - -- `name` -- `resource_group` - -## Parameter Examples - -The Resource Group as well as the Webapp name. - - describe azurerm_webapp(resource_group: 'example', name: 'webapp_name') do - it { should exist } - end - - describe azurerm_webapp(resource_group: 'example', name: 'webapp_name').auth_settings do - its('properties') { should have_attributes(enabled: true) } - end - -## Attributes - -- `id` -- `name` -- `location` -- `properties` -- `identity` -- `auth_settings` -- `configuration` - -All of the attributes are available via dot notation. This is an example of the currently available attributes. - -```ruby -control 'azurerm_webapp' do - describe azurerm_webapp(resource_group: 'example', name: 'webapp_name') do - it { should exist } - its('properties.enabled') { should cmp true } - its('properties.clientCertEnabled') { should cmp true } - its('properties.enabledHostNames') { should cmp 'webapp_name.azurewebsites.net' } - its('properties.httpsOnly') { should cmp true } - end -end -``` - -### Other Attributes - -There are additional attributes that may be accessed that we have not -documented. Please take a look at the [Azure documentation](#azure-rest-api-version). -Any attribute in the response may be accessed with the key names separated by -dots (`.`). - -The API may not always return keys that do not have any associated data. There -may be cases where the deeply nested property may not have the desired -attribute along your call chain. If you find yourself writing tests against -properties that may be nil, fork this resource pack and add an accessor to the -resource. Within that accessor you'll be able to guard against nil keys. Pull -requests are always welcome. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### using_latest?(stack) - -Asserts whether the deployed Azure WebApp is using the latest supported version of the given language/stack. -Supported stacks (i.e. python, java, php, node) can be found in the `properties` -section of WebApp Configuration [documentation](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/getconfiguration#siteconfigresource). - -```ruby -it { should be_using_latest('php') } -it { should be_using_latest('java') } -it { should be_using_latest('python') } -it { should be_using_latest('aspnet') } -it { should be_using_latest('dotnetcore') } -``` - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'webapp_name' to have a Managed Service Identity - describe azurerm_webapp(resource_group: 'example', name: 'webapp_name') do - it { should have_identity } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md deleted file mode 100644 index 8731d1e36b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "azurerm_webapps resource" -draft = false -gh_repo = "inspec" -platform = "azure" - -[menu] - [menu.inspec] - title = "azurerm_webapps" - identifier = "inspec/resources/azure/azurerm_webapps.md azurerm_webapps resource" - parent = "inspec/resources/azure" -+++ - -{{< inspec/azurerm_deprecated resource="azure_webapps" >}} - -Use the `azurerm_webapps` InSpec audit resource to enumerate Webapps. - -## Azure REST API version - -This resource interacts with version `2016-08-01` of the Azure Management API. -For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/appservice/webapps/listbyresourcegroup). - -At the moment, there doesn't appear to be a way to select the version of the -Azure API docs. If you notice a newer version being referenced in the official -documentation please open an issue or submit a pull request using the updated -version. - -## Availability - -### Install - -This resource is available in the `inspec-azure` [resource -pack](/inspec/glossary/#resource-pack). To use it, add the -following to your `inspec.yml` in your top-level profile: - - depends: - inspec-azure: - git: https://github.com/inspec/inspec-azure.git - -You'll also need to setup your Azure credentials; see the resource pack -[README](https://github.com/inspec/inspec-azure#inspec-for-azure). - -## Syntax - -An `azurerm_webapps` resource block identifies Webapps by -Resource Group. - - describe azurerm_webapps(resource_group: 'ExampleGroup') do - ... - end - -## Examples - -### Test that an example Resource Group has the named Webapps - - describe azurerm_webapps(resource_group: 'ExampleGroup') do - its('names') { should include('webapp_name') } - end - -## Properties - -- `names` - -### names - -The name of the Webapp - - its('names') { should include('webapp_name') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exists - -The control will pass if the resource returns a result. Use `should_not` if you expect -zero matches. - - # If we expect 'ExampleGroup' Resource Group to have Webapps - describe azurerm_webapps(resource_group: 'ExampleGroup') do - it { should exist } - end - - # If we expect 'EmptyExampleGroup' Resource Group to not have Webapps - describe azurerm_webapps(resource_group: 'EmptyExampleGroup') do - it { should_not exist } - end - -## Azure Permissions - -Your [Service -Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) -must be setup with a `contributor` role on the subscription you wish to test. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md deleted file mode 100644 index 6e22c71365..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "bash resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "bash" - identifier = "inspec/resources/os/bash.md bash resource" - parent = "inspec/resources/os" -+++ - -Use the `bash` Chef InSpec audit resource to test an arbitrary command that is run on the system using a Bash script. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent: - - describe bash('command') do - it { should exist } - its('property') { should eq 'expected value' } - end - -where - -- `'command'` must specify a command to be run -- `'property'` is one of `exit_status`, `stderr`, or `stdout` -- `'expected value'` tests the output of the command run on the system versus the expected output stated in the test - -For example: - - describe bash('ls -al /') do - its('stdout') { should match /bin/ } - its('stderr') { should eq '' } - its('exit_status') { should eq 0 } - end - -## Properties - -### exit_status - -The `exit_status` property returns the exit status for the command. - - its('exit_status') { should eq 0 } - -### stderr - -The `stderr` property returns results of the command as returned in standard error (stderr). - - its('stderr') { should eq '' } - -### stdout - -The `stdout` property returns the results of the command as returned in standard output (stdout). - - its('stdout') { should match /bin/ } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -If an absolute path is provided, the `exist` matcher tests if the command exists on the filesystem at the specified location. Otherwise, the `exist` matcher tests if the command is found in the PATH. - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md deleted file mode 100644 index 1131c550db..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md +++ /dev/null @@ -1,100 +0,0 @@ -+++ -title = "bond resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "bond" - identifier = "inspec/resources/os/bond.md bond resource" - parent = "inspec/resources/os" -+++ - -Use the `bond` Chef InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the `/proc/net/bonding` directory may be tested. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `bond` resource block declares a bonded network interface, and then specifies the properties of that bonded network interface to be tested: - - describe bond('name') do - it { should exist } - end - -where - -- `'name'` is the name of the bonded network interface -- `{ should exist }` is a valid matcher for this resource - -## Properties - -### content - -The `content` property returns the contents in the file that defines the bonded network interface. The values of the `content` property are arbitrary. - - its('content') { should match('value') } - -### interfaces - -The `interfaces` property tests if the named secondary interfaces are available. - - its('interfaces') { should eq ['eth0', 'eth1', ...] } - -### mode - -The `mode` property returns the Bonding Mode. - - its('mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' } - -### params - -The `params` property returns arbitrary parameters for the bonded network interface. - - its('params') { should eq 'value' } - -## Examples - -### Test if eth0 is a secondary interface for bond0 - - describe bond('bond0') do - it { should exist } - it { should have_interface 'eth0' } - end - -### Test parameters for bond0 - - describe bond('bond0') do - its('mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' } - its('params') { should have_key 'Transmit Hash Policy' } - its('params') { should include 'Transmit Hash Policy' => 'layer3+4 (1)' } - its('params') { should have_key 'MII Status' } - its('params') { should include 'MII Status' => 'up' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the bonded network interface is available: - - it { should exist } - -### have_interface - -The `have_interface` matcher tests if the bonded network interface has one (or more) secondary interfaces: - - it { should have_interface } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md deleted file mode 100644 index 39e6562808..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "bridge resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "bridge" - identifier = "inspec/resources/os/bridge.md bridge resource" - parent = "inspec/resources/os" -+++ - -Use the `bridge` Chef InSpec audit resource to test basic network bridge properties, such as `name`, if an interface is defined, and the associations for any defined interface. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `bridge` resource block declares the bridge to be tested and what interface it should be associated with: - - describe bridge('br0') do - it { should exist } - it { should have_interface 'eth0' } - end - -- On Linux platforms, any value in the `/sys/class/net/{interface}/bridge` directory may be tested -- On the Windows platform, the `Get-NetAdapter` cmdlet is associated with the `Get-NetAdapterBinding` cmdlet and returns the `ComponentID ms_bridge` value as a JSON object - -## Properties - -### interfaces - -The `interfaces` property returns the named interfaces. - - its('interfaces') { should include('foo') } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the network bridge is available: - - it { should exist } - -### have_interface - -The `have_interface` matcher tests if the named interface is defined for the network bridge: - - it { should have_interface 'eth0' } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md deleted file mode 100644 index 6a42b084fe..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "bsd_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "bsd_service" - identifier = "inspec/resources/os/bsd_service.md bsd_service resource" - parent = "inspec/resources/os" -+++ - -Use the `bsd_service` Chef InSpec audit resource to test a service using a Berkeley OS-style `init` on the FreeBSD platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `bsd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service: - - describe bsd_service('service_name') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end - -where - -- `('service_name')` must specify a service name -- `be_installed`, `be_enabled`, and `be_running` are the different [matchers](#matchers) for this resource. - -## Parameters - -### Path - -The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example: - - describe bsd_service('service_name', '/path/to/control') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end - -## Properties - -All properties available to the [`service`](/inspec/resources/service/) resource may be used. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - - it { should be_enabled } - -### be_installed - -The `be_installed` matcher tests if the named service is installed: - - it { should be_installed } - -### be_running - -The `be_running` matcher tests if the named service is running: - - it { should be_running } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md deleted file mode 100644 index 08f3b28171..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md +++ /dev/null @@ -1,45 +0,0 @@ -+++ -title = "cassandradb_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "cassandradb_conf" - identifier = "inspec/resources/os/cassandradb_conf.md cassandradb_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `cassandradb_conf` Chef InSpec audit resource to test the configuration of a Cassandra database, which is typically located at `$CASSANDRA_HOME/cassandra.yaml` or `$CASSANDRA_HOME\conf\cassandra.yaml` depending upon the platform. - -## Installation - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Requirements - -- The value of the `CASSANDRA_HOME` environment variable must be set in the system. - -## Syntax - -A `cassandradb_conf` resource block fetches configurations in the `cassandra.yaml` file, and then compares them with the value stated in the test: - - describe cassandradb_conf do - its('config item') { should eq 'value' } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test parameters set within the configuration file - - describe cassandradb_conf do - its('listen_address') { should eq 'localhost' } - its('num_tokens') { should eq 16 } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md deleted file mode 100644 index 5ada3236f0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "cassandradb_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "cassandradb_session" - identifier = "inspec/resources/os/cassandradb_session.md cassandradb_session resource" - parent = "inspec/resources/os" -+++ - -Use the `cassandradb_session` Chef InSpec audit resource to test Cassandra Query Language (CQL) commands run against a Cassandra database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `cassandradb_session` resource block declares the username, password, host, and port to use for the session, and then the command to be run: - - describe cassandradb_session(user: 'USERNAME', password: 'PASSWORD', host: 'localhost', port: 9042).query('QUERY') do - its('value') { should eq('EXPECTED') } - end - -where - -- `cassandradb_session` declares a username, password, host and port to run the query. -- `query('QUERY')` contains the query to be run. -- `its('value') { should eq('expected') }` compares the results of the query against the expected result in the test. - -### Optional Parameters - -The `cassandradb_session` InSpec resource accepts `user`, `password`, `host`, and `port` parameters. - -In Particular: - -#### `user` - -Default value: `cassandra`. - -#### `password` - -Default value: `cassandra`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for matching values using a Cassandra query - -```ruby -cql = cassandradb_session(user: 'MY_USER', password: 'PASSWORD', host: 'localhost', port: 9042) - -describe cql.query("SELECT cluster_name FROM system.local") do - its('output') { should match /Test Cluster/ } -end -``` - -### Test for matching values using a Cassandra query from a sample database - -```ruby -cql = cassandradb_session(user: 'MY_USER', password: 'PASSWORD', host: 'localhost', port: 9042) - -describe cql.query("use SAMPLEDB; SELECT name FROM SAMPLETABLE") do - its('output') { should match /Test Name/ } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cgroup.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cgroup.md deleted file mode 100644 index 4029d0b984..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cgroup.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "cgroup resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "cgroup" - identifier = "inspec/resources/os/cgroup.md cgroup resource" - parent = "inspec/resources/os" -+++ - -Use the `cgroup` Chef InSpec audit resource to test the different parameters values of the control group (cgroup) resource controllers. A cgroup is a Linux kernel feature that limits, accounts, and isolates the resource usage (such as CPU, memory, disk I/O, network) of a collection of processes. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -## Syntax - - describe cgroup("CARROTKING") do - its("cpuset.cpus") { should eq 0 } - end -where - -- `cpuset.cpus` is a property of this resource and a parameter of the *cpuset* resource controller. -- `CARROTKING` is the name of cgroup directory. - -## Properties - -- All parameters of the cgroup resource controller are valid properties of this resource. Some of them are: `cpuset.cpus`, `memory.limit_in_bytes`, `memory.stat`, `freezer.state`, `cpu.stat`, `cpuacct.usage`, `pids.current`, `blkio.throttle.io_service_bytes`. - -## Matchers - -- For a full list of available matchers, refer [matchers page](https://docs.chef.io/inspec/matchers/). -- The matchers applicable for this resource are: `eq`, `cmp`, and `match`. - -### eq - -`eq` tests whether the two values are of same data type and includes configuration entries that are numbers. It fails if the types do not match. Use `cmp` for less restrictive comparisons that ignores data type while comparing. - -### cmp - -Unlike `eq`, `cmp` is a matcher for less-restrictive comparisons. This matcher attempts to fit the actual value to the comparing type and meant to relieve the user from having to write type-casts and resolutions. - -### match - -`match` checks if a string matches a regular expression. Use `match` when the output of `cgget -n -r [subsystem.parameters] [cgroup-name]` is a multi-line output. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Example 1 - -Use `eq` to test for parameters that have a single line integer value. The value considered is the output obtained on `cgget -n -r [subsystem.parameters] [cgroup-name]`. - - describe cgroup("CARROTKING") do - its("cpuset.cpus") { should eq 0 } - end - -### Example 2 - -Use `cmp` to test for parameters with less-restrictive comparisons and has a single line integer value. The value considered is the output obtained on `cgget -n -r [subsystem.parameters] [cgroup-name]`. - - describe cgroup("CARROTKING") do - its("memory.limit_in_bytes") { should cmp 9223372036854771712 } - end - -### Example 3 - -Use `match` to test for parameters that have multi-line values and can be passed as *regex*. The value considered is the output obtained on `cgget -n -r [subsystem.parameters] [cgroup-name]`. - - describe cgroup("CARROTKING") do - its("memory.stat") { should match /\bhierarchical_memory_limit 9223372036854771712\b/ } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md deleted file mode 100644 index 283d7648fb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md +++ /dev/null @@ -1,70 +0,0 @@ -+++ -title = "chocolatey_package resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "chocolatey_package" - identifier = "inspec/resources/os/chocolatey_package.md chocolatey_package resource" - parent = "inspec/resources/os" -+++ - -Use the `chocolatey_package` Chef InSpec audit resource to test if the named [Chocolatey](https://chocolatey.org/) package and/or package version is installed on the system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v2.1.30 of InSpec. - -## Syntax - -A `chocolatey_package` resource block declares the name of a Chocolatey package to be tested: - - describe chocolatey_package('name') do - it { should be_installed } - end - -where - -- `('name')` must specify the (case-sensitive) name of a package, such as `'nssm'` -- `be_installed` is a valid matcher for this resource - -## Examples - -The following examples show how to use this Chef InSpec audit resource - -### Test if NSSM version 2.1.0 is installed - - describe chocolatey_package('nssm') do - it { should be_installed } - its('version') { should eq '2.1.0' } - end - -## Matchers - -For a full list of available matchers, please visit our [matchers page](/inspec/matchers). - -### be_installed - -The `be_installed` matcher tests if the named package is installed at all. - - it { should be_installed } - -### version - -The `version` matcher tests if the named package version is on the system: - - its('version') { should eq '2.1.0' } - -You can also use the `cmp OPERATOR` matcher to perform comparisons using the version attribute: - - its('version') { should cmp >= '1.93.4-13debug84' } - -`cmp` understands version numbers using Gem::Version, and can use the operators `==, <, <=, >=, and >`. It will compare versions by each segment, not as a string - so '7.4' is smaller than '7.30', for example. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md deleted file mode 100644 index 1dd8575e3b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "chrony_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "chrony_conf" - identifier = "inspec/resources/os/chrony_conf.md chrony_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `chrony_conf` Chef InSpec audit resource to test the synchronization settings defined in the `chrony.conf` file. This file is typically located at `/etc/chrony.conf`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - - - - -## Syntax - -An `chrony_conf` resource block declares the synchronization settings that should be tested: - -```ruby -describe chrony_conf('PATH') do - its('setting_name') { should eq 'VALUE' } -end -``` - -where: - -- `'setting_name'` is a synchronization setting defined in the `chrony.conf` file. -- `('path')` is the non-default path to the `chrony.conf` file (default path is `/etc/chrony.conf`). -- `{ should eq 'value' }` is the value that is expected. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -This resource matches any service listed in the `chrony.conf` file. - -### Test for clock drift against named servers - -```ruby -describe chrony_conf do - its('driftfile') { should cmp '/var/lib/chrony/drift' } - its('server') do - should cmp [ - '0.ubuntu.pool.ntp.org', - '1.ubuntu.pool.ntp.org', - '2.ubuntu.pool.ntp.org' - ] - end -end -``` - -### Test that an NTP server exists and a specific subnet is specified from which NTP clients are accessible - -```ruby -describe chrony_conf do - its('server') { should_not eq nil } - its('allow') { should include '192.168.0.0/16'} -end -``` - -## Matchers - - {{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/command.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/command.md deleted file mode 100644 index 041a20d982..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/command.md +++ /dev/null @@ -1,200 +0,0 @@ -+++ -title = "command resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "command" - identifier = "inspec/resources/os/command.md command resource" - parent = "inspec/resources/os" -+++ - -Use the `command` Chef InSpec audit resource to test an arbitrary command that is run on the system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `command` resource block declares a command to be run, one (or more) expected values, and the location to which that output is sent: - - describe command('command') do - it { should exist } - its('property') { should eq 'value' } - end - -where - -- `'command'` must specify a command to be run -- `'property'` is one of `exit_status`, `stderr`, or `stdout` -- `'output'` tests the output of the command run on the system versus the output value stated in the test - -## Property Examples - -The following examples show how to use this Chef InSpec audit resource. - -### exit_status - -The `exit_status` property tests the exit status for the command: - - its('exit_status') { should eq 123 } - -### stderr - -The `stderr` property tests results of the command as returned in standard error (stderr): - - its('stderr') { should eq 'error' } - -### stdout - -The `stdout` property tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression: - - describe command('echo 1') do - its('stdout') { should match (/[0-9]/) } - end - -### Test standard output (stdout) - - describe command('echo hello') do - its('stdout') { should eq "hello\n" } - its('stderr') { should eq '' } - its('exit_status') { should eq 0 } - end - -### Test standard error (stderr) - - describe command('>&2 echo error') do - its('stdout') { should eq '' } - its('stderr') { should eq "error\n" } - its('exit_status') { should eq 0 } - end - -### Test an exit status code - - describe command('exit 123') do - its('stdout') { should eq '' } - its('stderr') { should eq '' } - its('exit_status') { should eq 123 } - end - -### Test if the command shell exists - - describe command('/bin/sh').exist? do - it { should eq true } - end - -### Test for a command that should not exist - - describe command('this is not existing').exist? do - it { should eq false } - end - -### Test for PostgreSQL database running a RC, development, or beta release - - describe command('psql -V') do - its('stdout') { should eq '/RC/' } - its('stdout') { should_not eq '/DEVEL/' } - its('stdout') { should_not eq '/BETA/' } - end - -### Verify NTP - -The following example shows how to use the `file` audit resource to verify if the `ntp.conf` and `leap-seconds` files are present, and then the `command` resource to verify if NTP is installed and running: - - describe file('/etc/ntp.conf') do - it { should be_file } - end - - describe file('/etc/ntp.leapseconds') do - it { should be_file } - end - - describe command('pgrep ntp') do - its('exit_status') { should eq 0 } - end - -### Verify WiX - -Wix includes several tools -- such as `candle` (preprocesses and compiles source files into object files), `light` (links and binds object files to an installer database), and `heat` (harvests files from various input formats). The following example uses a whitespace array and the `file` audit resource to verify if these three tools are present: - - %w( - candle.exe - heat.exe - light.exe - ).each do |utility| - describe file("C:/wix/##{utility}") do - it { should be_file } - end - end - -### Timing Out Long-Running Commands - -On target platforms that support the feature, the command resource takes an optional `timeout:` parameter which specifies how long the command may run in seconds before erroring out and failing the control. - -```ruby -describe command("find / -owner badguy", timeout: 300) do - its("stdout") { should be_empty } -end -``` - -This example would run the `find` command for up to 300 seconds, then give up and fail the control if it exceeded that time. - -Aside from setting the value on a per-resource basis, you may also use the `--command-timeout` CLI option to globally set a command timeout. The CLI option takes precedence over any per-resource `timeout:` options. - -Currently supported target platforms include: - * Local Unix-like OSes, including macOS - * SSH targets - * Windows targets via WinRM - -Any target platforms not listed are not supported at this time. - -On unsupported platforms, the timeout value is ignored and the command will run indefinitely. - -### Redacting Sensitive Commands - -By default the command that is ran is shown in the Chef InSpec output. This can be problematic if the command contains sensitive arguments such as a password. These sensitive parts can be redacted by passing in `redact_regex` and a regular expression to redact. Optionally, you can use 2 capture groups to fine tune what is redacted. - -The following examples show how to use `redact_regex`: - - # Example without capture groups - describe command('myapp -p secret_password -d no_redact', redact_regex: /-p .* -d/) do - its('exit_status') { should cmp 0 } - end - - # Result (no capture groups used) - Command: `myapp REDACTED no_redact` - ✔ exit_status should cmp == 0 - - # Example with capture groups - # Each set of parenthesis is a capture group. - # Anything in the two capture groups will not be 'REDACTED' - describe command('myapp -p secret_password -d no_redact', redact_regex: /(-p ).*( -d)/) do - its('exit_status') { should cmp 0 } - end - - # Result (capture groups used) - Command: `myapp -p REDACTED -d no_redact` - ✔ exit_status should cmp == 0 - -For more info/help on regular expressions, we recommend [RegExr](https://regexr.com/) - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if a command may be run on the system: - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cpan.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cpan.md deleted file mode 100644 index ae4465b201..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cpan.md +++ /dev/null @@ -1,87 +0,0 @@ -+++ -title = "cpan resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "cpan" - identifier = "inspec/resources/os/cpan.md cpan resource" - parent = "inspec/resources/os" -+++ - -Use the `cpan` Chef InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.43.5 of InSpec. - -## Syntax - -A `cpan` resource block declares a package and (optionally) a package version: - - describe cpan('package_name') do - it { should be_installed } - end - -where - -- `'package_name'` is the name of the package, such as `'DBD::Pg'` -- `be_installed` tests to see if the package described above is installed - -## Resource Parameters - -This resource uses package names and perl library paths as resource parameters. - -## Resource Parameter Examples - -### Test if DBD::Pg is installed on the system - - describe cpan('DBD:Pg') do - it { should be_installed } - end - -### Test if DBD::Pg 3.7.0 is installed on the system - - describe cpan('DBD::Pg') do - it { should be_installed } - its('version') { should eq '3.7.0' } - end - -### Test if DBD::Pg is installed within a custom PERL5LIB path on the system - -Hint: You can pass multiple paths separated with a colon -`/path/to/perl5/lib:/usr/share/perl5/vendor_perl/lib/perl5` - - describe cpan('DBD::Pg', '/home/username/perl5/lib/perl5') do - it { should be_installed } - end - -## Property Examples - -The following examples show how to use this Chef InSpec audit resource. - -### version - -The `version` property tests if the named package version is on the system: - - its('version') { should eq '1.2.3' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named package is installed on the system: - - it { should be_installed } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cran.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cran.md deleted file mode 100644 index 12f9ff097f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cran.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "cran resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "cran" - identifier = "inspec/resources/os/cran.md cran resource" - parent = "inspec/resources/os" -+++ - -Use the `cran` Chef InSpec audit resource to test R modules that are installed from CRAN package repository. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.43.5 of InSpec. - -## Syntax - -A `cran` resource block declares a package and (optionally) a package version: - - describe cran('package_name') do - it { should be_installed } - end - -where - -- `'package_name'` is the name of the package, such as `'DBI'` -- `be_installed` tests to see if the package described above is installed - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if DBI is installed on the system - - describe cran('DBI') do - it { should be_installed } - end - -### Test if DBI 0.5.1 is installed on the system - - describe cran('DBI') do - it { should be_installed } - its('version') { should eq '0.5.1' } - end - -## Property Examples - -### version - -The `version` property tests if the named package version is on the system: - - its('version') { should eq '1.2.3' } - -## Matchers - -This Chef InSpec audit resource has the following matchers: - -### be_installed - -The `be_installed` matcher tests if the named package is installed on the system: - - it { should be_installed } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cron.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cron.md deleted file mode 100644 index 878454d2e5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cron.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "cron resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "cron" - identifier = "inspec/resources/os/cron.md cron resource" - parent = "inspec/resources/os" -+++ - -Use the `cron` Chef InSpec audit resource to test the Crontab entries of a particular user on the system. You can also use this resource as an alias to the `crontab` resource. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -## Parameters - -### `user` - -_(optional)_ This parameter tests the cron entries of a particular user. By default, it refers to the current user. - -## Properties - -### Table - -The `table` property checks whether a particular cron entry matches the specific regex. - - its(:table) { should match /regex/ } - -## Syntax - -A `cron` resource block declares a user (which defaults to the current user). - - describe cron do - its(:table) { should match /regex/ } - end - - describe cron(user: "USER") do - it { should have_entry "5 * * * * /some/scheduled/task.sh" } - end - -## Examples - -The following examples show how to use this audit resource. - -### Test to ensure crontab has a particular cron entry for the current user - - describe cron do - it { should have_entry "5 * * * * /some/scheduled/task.sh" } - end - -### Test to ensure a user's crontab has a particular cron entry - - describe cron('MY_USER') do - it { should have_entry "5 * * * * /some/scheduled/task.sh" } - end - -### Test to verify if crontab has entries that run every 5 minutes - - describe cron do - its(:table) { should match /^5/ } - end - -## Matchers - -For a full list of the available matchers, please visit our [matchers page](/inspec/matchers/). - - it { should have_entry("5 * * * * /some/scheduled/task.sh") } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/crontab.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/crontab.md deleted file mode 100644 index f4e2d701be..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/crontab.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "crontab resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "crontab" - identifier = "inspec/resources/os/crontab.md crontab resource" - parent = "inspec/resources/os" -+++ - -Use the `crontab` Chef InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc). - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.15.0 of InSpec. - -## Syntax - -A `crontab` resource block declares a user (which defaults to the current user) and the details to be tested, such as the schedule elements for each crontab entry or the exact commands themselves: - - describe crontab do - its('commands') { should include '/some/scheduled/task.sh' } - end - -{{< note >}} - -The `include` matcher in this context specifies the entire list of commands that the crontab should include and not a particular substring that should be included by a command. The `include` matcher always matches a complete command invocation, including options and arguments. - -{{< /note >}} - -The path to the system crontab can also be supplied via: - - describe crontab(path: '/etc/cron.d/some_crontab') do - its('commands') { should include '/path/to/some/script' } - end - -Note that only the path or the user (and not both) should be supplied as arguments to the resource. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test that root's crontab has a particular command - - describe crontab('root') do - its('commands') { should include '/path/to/some/script -option arg' } - end - -### Test that username's crontab entry for command '/home/username/build.sh' runs every minute - - describe crontab('username').commands('/home/username/build.sh') do - its('hours') { should cmp '*' } - its('minutes') { should cmp '*' } - end - -### Test that the logged-in user's crontab has no tasks set to run on every hour and every minute - -```ruby -describe crontab.where({'hour' => '*', 'minute' => '*'}) do - its('entries.length') { should cmp '0' } -end -``` - -### Test that the logged-in user's crontab contains a single command that matches a pattern - -```ruby -describe crontab.where { command =~ /a partial command string/ } do - its('entries.length') { should cmp 1 } -end -``` - -### Test a special time string (i.e., @yearly /root/annual_report.sh) - - describe crontab.commands('/root/annual_report.sh') do - its('hours') { should cmp '0' } - its('minutes') { should cmp '0' } - its('days') { should cmp '1' } - its('months') { should cmp '1' } - end - -### Test @reboot case - - describe crontab.commands('/root/reboot.sh') do - its('hours') { should cmp '-1' } - its('minutes') { should cmp '-1' } - end - -## Property Examples - -### Test a special time string - - describe crontab do - its('minutes') { should cmp '0' } - its('hours') { should cmp '0' } - its('days') { should cmp '1' } - its('weekdays') { should cmp '1' } - its('user') { should include 'username'} - its('commands') { should include '/some/scheduled/task.sh' } - end - -Chef InSpec will automatically interpret crontab-supported special time strings. For example, a crontab entry set to run `@yearly` can be tested as if the entry was manually configured to run on January 1, 12 AM. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/csv.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/csv.md deleted file mode 100644 index a751d8c3b3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/csv.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "csv resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "csv" - identifier = "inspec/resources/os/csv.md csv resource" - parent = "inspec/resources/os" -+++ - -Use the `csv` Chef InSpec audit resource to test configuration data in a CSV file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `csv` resource block declares the configuration data to be tested: - - describe csv('file', true) do - its('name') { should cmp 'foo' } - end - -Test `csv` file without headers - - describe csv('file', false).params do - its([0]) { should cmp 'name' } - end - -where - -- `'file'` is the path to a CSV file -- `true` or `false` tests a CSV file with or without headers. Default value: `true`. -- `name` is a configuration setting in a CSV file -- `should eq 'foo'` tests a value of `name` as read from a CSV file versus the value declared in the test -- `params` is the method for fetching data from a CSV file without headers. -- `[0]` is the array element position. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a CSV file without headers - - describe csv('some_file.csv', false).params do - its([0]) { should eq ["name"] } - end - -### Test a CSV file - - describe csv('some_file.csv') do - its('setting') { should eq 1 } - end - -## Property Examples - -### name - -The `name` property tests the value of `name` as read from a CSV file compared to the value declared in the test. - - its('name') { should cmp 'foo' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/default_gateway.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/default_gateway.md deleted file mode 100644 index 3d672fd71a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/default_gateway.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "default_gateway resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "default_gateway" - identifier = "inspec/resources/os/default_gateway.md default_gateway resource" - parent = "inspec/resources/os" -+++ - -Use the **default_gateway** Chef InSpec audit resource to test the assigned IP address and interface for the default route. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -## Syntax - -A `default_gateway` Chef InSpec audit resource allows to test the assigned IP address and interface for the default route. - -```ruby - - describe default_gateway do - its("ipaddress") { should eq '172.26.0.1' } - its("interface") { should eq 'eth0' } - end -``` - -> where -> -> - `'ipaddress' and 'interface'` are properties of this resource -> - `172.26.0.1` is the expected value for `'ipaddress'` -> - `eth0` is the expected value for `'interface'` - -## Properties - -Properties of the resources: `ipaddress` and `interface`. - -### ipaddress - -The `ipaddress` property tests the assigned IP address for the default route. - -### interface - -The `interface` property tests the assigned network interface for the default route. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Ensure IP address matches default route - -`ipaddress` fetches the assigned IP address for the default route and by making an comparison using the `eq` matcher. - -```ruby - - describe default_gateway do - its("ipaddress") { should eq '172.26.0.1' } - end -``` - -### Ensure interface matches default route - -`interface` fetches the assigned network interface for the default route and by making an comparison using the `eq` matcher. - -```ruby - - describe default_gateway do - its("interface") { should eq 'eth0' } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/dh_params.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/dh_params.md deleted file mode 100644 index 1f55777d49..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/dh_params.md +++ /dev/null @@ -1,244 +0,0 @@ -+++ -title = "dh_params resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "dh_params" - identifier = "inspec/resources/os/dh_params.md dh_params resource" - parent = "inspec/resources/os" -+++ - -Use the `dh_params` Chef InSpec audit resource to test Diffie-Hellman (DH) parameters. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.19.0 of InSpec. - -## Syntax - -A `dh_params` resource block declares a parameter file to be tested. - - describe dh_params('/path/to/file.dh_pem') do - it { should be_dh_params } - it { should be_valid } - its('generator') { should eq 2 } - its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' } - its('prime_length') { should eq 2048 } - its('pem') { should eq '-----BEGIN DH PARAMETERS...' } - its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' } - end - -## Properties - -### generator (Integer) - -The `generator` property returns generator used for the Diffie-Hellman operation. - - its('generator') { should eq 2 } - -### modulus (String) - -The `modulus` property returns the prime modulus used for the Diffie-Hellman operation. - - its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' } - -### prime_length (Integer) - -The `prime_length` property returns the length of prime modulus used for the Diffie-Hellman operation. - - its('prime_length') { should eq 2048 } - -### pem (String) - -The `pem` property returns the pem formatted value of DH parameters. - - its('pem') { should eq '-----BEGIN DH PARAMETERS...' } - -### text (String) - -The `text` property returns the value of DH parameters in text format. - - its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' } - -## Examples - -### Test generator used for the Diffie-Hellman operation: - - describe dh_params('/path/to/file.dh_pem') do - its('generator') { should eq 2 } - end - -### Test prime modulus used for the Diffie-Hellman operation: - - describe dh_params('/path/to/file.dh_pem') do - its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' } - end - -### Test example using multi-line string: - -```ruby -describe dh_params('/path/to/file.dh_pem') do - its('modulus') do - # regex removes all whitespace - should eq <<-EOF.gsub(/[[:space:]]+/, '') - 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85: - f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0: - 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac: - 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b: - 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a: - ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67: - 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33: - 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e: - 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f: - 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b: - 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2: - e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2: - 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57: - 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7: - 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03: - 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96: - 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed: - cd:13 - EOF - end -end -``` - -### Test length of prime modulus used for the Diffie-Hellman operation: - - describe dh_params('/path/to/file.dh_pem') do - its('prime_length') { should eq 2048 } - end - - -### Test `pem` output of DH parameters: - - describe dh_params('/path/to/file.dh_pem') do - its('pem') { should eq '-----BEGIN DH PARAMETERS...' } - end - -### Test example using multi-line string: - -```ruby -describe dh_params('/path/to/file.dh_pem') do - its('pem') do - # regex removes all leading spaces - should eq <<-EOF.gsub(/^[[:blank:]]+/, '') - -----BEGIN DH PARAMETERS----- - MIIBCAKCAQEAkaAVieW8OJMSAvyRooX39yljLtNOeob37oT+QtBIvJyR1VT4eB3A - QXiixKwaJIudiFWYC6ynI+vCqisuqfmv1I5OEbx/NaKs2jrv8CVsmqT9ACh2hixX - h2cwXbHWWyKPcqHq3ovvnjMaQJJohQJUAgn6wGDBPE4oJtvtJY44IVZA3MDAZh8r - MsO0eKkmlOr3QSiy9VsBOAxGCYUmTWkSjZUPNeLmTkc6ht2Ksv5FFSfYWcI89GL/ - X3Tpd5JQRzYrBVdg7nuhYMwceit3GIo398cxPhXLFX97Zpb7xr591gNeDWB1K1ti - KqM3tjT5/pZM9sXjoVKvAcFPx0Kgvu3NEwIBAg== - -----END DH PARAMETERS----- - EOF - end -end -``` - -### Test via `openssl dhparam` command: - - $ openssl dhparam -in /path/to/file.dh_pem - -----BEGIN DH PARAMETERS----- - MIIBCAKCAQEAkaAVieW8OJMSAvyRooX39yljLtNOeob37oT+QtBIvJyR1VT4eB3A - QXiixKwaJIudiFWYC6ynI+vCqisuqfmv1I5OEbx/NaKs2jrv8CVsmqT9ACh2hixX - h2cwXbHWWyKPcqHq3ovvnjMaQJJohQJUAgn6wGDBPE4oJtvtJY44IVZA3MDAZh8r - MsO0eKkmlOr3QSiy9VsBOAxGCYUmTWkSjZUPNeLmTkc6ht2Ksv5FFSfYWcI89GL/ - X3Tpd5JQRzYrBVdg7nuhYMwceit3GIo398cxPhXLFX97Zpb7xr591gNeDWB1K1ti - KqM3tjT5/pZM9sXjoVKvAcFPx0Kgvu3NEwIBAg== - -----END DH PARAMETERS----- - - -### Test human-readable text output of DH parameters: - - describe dh_params('/path/to/file.dh_pem') do - its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' } - end - -### Test example using multi-line string: - -```ruby -describe dh_params('/path/to/file.dh_pem') do - its('text') do - # regex removes 2 leading spaces - should eq <<-EOF.gsub(/^[[:blank:]]{2}/, '') - PKCS#3 DH Parameters: (2048 bit) - prime: - 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85: - f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0: - 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac: - 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b: - 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a: - ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67: - 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33: - 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e: - 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f: - 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b: - 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2: - e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2: - 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57: - 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7: - 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03: - 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96: - 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed: - cd:13 - generator: 2 (0x2) - EOF - end -end -``` - -### Test via `openssl dhparam` command: - - $ openssl dhparam -in /path/to/file.dh_pem -noout -text - PKCS#3 DH Parameters: (2048 bit) - prime: - 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85: - f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0: - 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac: - 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b: - 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a: - ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67: - 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33: - 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e: - 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f: - 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b: - 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2: - e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2: - 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57: - 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7: - 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03: - 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96: - 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed: - cd:13 - generator: 2 (0x2) - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_valid - -Verify whether DH parameters are valid: - - describe dh_params('/path/to/file.dh_pem') do - it { should be_valid } - end - -### be_dh_params - - describe dh_params('/path/to/file.dh_pem') do - it { should be_dh_params} - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/directory.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/directory.md deleted file mode 100644 index f13e94650e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/directory.md +++ /dev/null @@ -1,40 +0,0 @@ -+++ -title = "directory resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "directory" - identifier = "inspec/resources/os/directory.md directory resource" - parent = "inspec/resources/os" -+++ - -Use the `directory` Chef InSpec audit resource to test if the file type is a directory. This is equivalent to using the [`file` resource](/inspec/resources/file/) and the `be_directory` matcher, but provides a simpler and more direct way to test directories. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `directory` resource block declares the location of the directory to be tested, and then one (or more) matchers. - - describe directory('path') do - its('property') { should cmp 'value' } - end - -## Properties - -All of the properties available to [`file`](/inspec/resources/file/) may be used with `directory`. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker.md deleted file mode 100644 index 931546c725..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker.md +++ /dev/null @@ -1,234 +0,0 @@ -+++ -title = "docker resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "docker" - identifier = "inspec/resources/os/docker.md docker resource" - parent = "inspec/resources/os" -+++ - -Use the `docker` Chef InSpec audit resource to test configuration data for the Docker daemon. It is a very comprehensive resource. See also: [docker_container](/inspec/resources/docker_container/) and [docker_image](/inspec/resources/docker_image/), too. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.21.0 of InSpec. - -## Syntax - -A `docker` resource block allows you to write tests for many containers: - - describe docker.containers do - its('images') { should_not include 'u12:latest' } - end - -or: - - describe docker.containers.where { names == 'flamboyant_allen' } do - it { should be_running } - end - -where - -- `.where()` may specify a specific item and value, to which the resource parameters are compared -- `commands`, `ids`, `images`, `labels`, `local_volumes`, `mounts`, `names`, `networks`, `ports`, `sizes` and `status` are valid parameters for `containers` - -The `docker` resource block also declares allows you to write test for many images: - - describe docker.images do - its('repositories') { should_not include 'insecure_image' } - end - -or if you want to query specific images: - - describe docker.images.where { repository == 'ubuntu' && tag == '12.04' } do - it { should_not exist } - end - -where - -- `.where()` may specify a specific filter and expected value, against which parameters are compared - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Return all running containers - - docker.containers.running?.ids.each do |id| - describe docker.object(id) do - its('State.Health.Status') { should eq 'healthy' } - end - end - -### Verify a Docker Server and Client version - - describe docker.version do - its('Server.Version') { should cmp >= '1.12'} - its('Client.Version') { should cmp >= '1.12'} - end - -### Iterate over all containers to verify host configuration - - docker.containers.ids.each do |id| - # call Docker inspect for a specific container id - describe docker.object(id) do - its(%w(HostConfig Privileged)) { should cmp false } - its(%w(HostConfig Privileged)) { should_not cmp true } - end - end - -### Iterate over all images to verify the container was built without ADD instruction - - docker.images.ids.each do |id| - describe command("docker history #{id}| grep 'ADD'") do - its('stdout') { should eq '' } - end - end - -### Verify that health-checks are enabled for a container - - describe docker.object('71b5df59442b') do - its(%w(Config Healthcheck)) { should_not eq nil } - end - -## How to run the DevSec Docker baseline profile - -There are two ways to run the `docker-baseline` profile to test Docker via the `docker` resource. - -Clone the profile: - - git clone https://github.com/dev-sec/cis-docker-benchmark.git - -and then run: - - inspec exec cis-docker-benchmark - -Or execute the profile directly via URL: - - inspec exec https://github.com/dev-sec/cis-docker-benchmark - -## Resource Parameters - -- `commands`, `ids`, `images`, `labels`, `local_volumes`, `mounts`, `names`, `networks`, `ports`, `sizes` and `status` are valid parameters for `containers` - -## Resource Parameter Examples - -### containers - -`containers` returns information about containers as returned by [docker ps -a](https://docs.docker.com/engine/reference/commandline/ps/). - - describe docker.containers do - its('ids') { should include 'sha:71b5df59...442b' } - its('commands') { should_not include '/bin/sh' } - its('images') { should_not include 'u12:latest' } - its('ports') { should include '0.0.0.0:1234->1234/tcp' } - its('labels') { should include 'License=GPLv2' } - end - -### object('id') - -`object` returns low-level information about Docker objects. It is calling [docker inspect](https://docs.docker.com/engine/reference/commandline/info/) under the hood. - - describe docker.object(id) do - its('Configuration.Path') { should eq 'value' } - end - -### images - -`images` returns information about a Docker image as returned by [docker images](https://docs.docker.com/engine/reference/commandline/images/). - - describe docker.images do - its('ids') { should include 'sha:12b5df59...442b' } - its('repositories') { should_not include 'my_image' } - its('tags') { should_not include 'unwanted_tag' } - its('sizes') { should_not include '1.41 GB' } - end - -### plugins - -`plugins` returns information about Docker plugins as returned by [docker plugin ls](https://docs.docker.com/engine/reference/commandline/plugin/). - - describe docker.plugins do - its('names') { should include ['store/weaveworks/net-plugin', 'docker4x/cloudstor'] } - its('ids') { should cmp ['6ea8176de74b', '771d3ee7c7ea'] } - its('versions') { should cmp ['2.3.0', '18.03.1-ce-aws1'] } - its('enabled') { should cmp [true, false] } - end - -### info - -`info` returns the parsed result of [docker info](https://docs.docker.com/engine/reference/commandline/info/) - - describe docker.info do - its('Configuration.Path') { should eq 'value' } - end - -### version - -`info` returns the parsed result of [docker version](https://docs.docker.com/engine/reference/commandline/version/) - - describe docker.version do - its('Server.Version') { should cmp >= '1.12'} - its('Client.Version') { should cmp >= '1.12'} - end - -## Properties - -- `id` -- `image` -- `repo` -- `tag` -- `ports` -- `command` - -## Property Examples - -### id - - describe docker_container(name: 'an-echo-server') do - its('id') { should_not eq '' } - end - -### image - - describe docker_container(name: 'an-echo-server') do - its('image') { should eq 'busybox:latest' } - end - -### repo - - describe docker_container(name: 'an-echo-server') do - its('repo') { should eq 'busybox' } - end - -### tag - - describe docker_container(name: 'an-echo-server') do - its('tag') { should eq 'latest' } - end - -### ports - - describe docker_container(name: 'an-echo-server') do - its('ports') { should eq '0.0.0.0:1234->1234/tcp' } - end - -### command - - describe docker_container(name: 'an-echo-server') do - its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_container.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_container.md deleted file mode 100644 index 3f1ceec4b7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_container.md +++ /dev/null @@ -1,157 +0,0 @@ -+++ -title = "docker_container resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "docker_container" - identifier = "inspec/resources/os/docker_container.md docker_container resource" - parent = "inspec/resources/os" -+++ - -Use the `docker_container` Chef InSpec audit resource to test a Docker container. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -### Version - -This resource is available from the InSpec version 1.21.0. - -## Syntax - -A `docker_container` resource block declares the configuration data to be tested: - - describe docker_container('container') do - it { should exist } - it { should be_running } - its('id') { should_not eq '' } - its('image') { should eq 'busybox:latest' } - its('repo') { should eq 'busybox' } - its('tag') { should eq 'latest' } - its('ports') { should eq [] } - its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' } - end - -## Resource Parameter Examples - -### name - -The container name can be provided with the `name` resource parameter. - - describe docker_container(name: 'an-echo-server') do - it { should exist } - it { should be_running } - end - -### container id - -Alternatively, you can pass in the container id. - - describe docker_container(id: '71b5df59442b') do - it { should exist } - it { should be_running } - end - -## Property Examples - -The following examples show how to use this Chef InSpec resource. - -### id - -The `id` property tests the container ID. - - its('id') { should eq 'sha:71b5df59...442b' } - -### Repo - -The `repo` property tests the value of the image repository. - - its('repo') { should eq 'REPO' } - -### tag - -The `tag` property tests the value of the image tag. - - its('tag') { should eq 'LATEST' } - -### ports - -The `ports` property tests the value of the Docker ports. - - its('ports') { should eq '0.0.0.0:1234->1234/tcp' } - -### command - -The `command` property tests the value of the container run command. - - its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' } - -### Verify a running container - - describe docker_container('an-echo-server') do - it { should exist } - it { should be_running } - its('id') { should_not eq '' } - its('image') { should eq 'busybox:latest' } - its('repo') { should eq 'busybox' } - its('tag') { should eq 'latest' } - its('ports') { should eq [] } - its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - The specific matchers of this resource are: `exist`, `be_running`, `have_volume?`. - -### exist - -The `exist` matcher specifies if the container exists. - - it { should exist } - -### be_running - -The `be_running` matcher checks if the container is running. - - it { should be_running } - -### have_volume? - -The `have_volume?` matcher checks if the container has mounted volumes. - - it { should have_volume?(destination_path_in_container, source_path_in_source) } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Ensures container exists - -The below test passes if the container `wonderful_wozniak` exists as part of the Docker instances. - - describe docker_container('wonderful_wozniak') do - it { should exist } - end - -### Ensures container is in running status - -The below test passes if the container `trusting_williams` exists as part of the Docker instances and the status is running. - - describe docker_container('trusting_williams') do - it { should be_running } - end - -### Ensures container has mounted volumes - -The below test passes if the container `quizzical_williamson` exists as part of the Docker instances, the status is running, and has mounted volume on `/app` in the container from the source path of `/var/lib/docker/volumes/myvol2/_data` - - describe docker_container('quizzical_williamson') do - it { should have_volume('/app', '/var/lib/docker/volumes/myvol2/_data') } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_image.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_image.md deleted file mode 100644 index 5e9e134a11..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_image.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "docker_image resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "docker_image" - identifier = "inspec/resources/os/docker_image.md docker_image resource" - parent = "inspec/resources/os" -+++ - -Use the `docker_image` Chef InSpec audit resource to verify a Docker image. A Docker Image is a template that contains the application and all the dependencies required to run an application on Docker. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -### Version - -This resource is available from the InSpec version, 1.21.0. - -## Syntax - -A `docker_image` resource block declares the image. - - describe docker_image('ALPINE:LATEST') do - it { should exist } - its('id') { should eq 'sha256:4a415e...a526' } - its('repo') { should eq 'ALPINE' } - its('tag') { should eq 'LATEST' } - end - -### Resource Parameter Examples - -The resource allows you to pass with an image ID. - - describe docker_image(id: ID) do - ... - end - -If the tag is missing for an image, `LATEST` is assumed as default. - - describe docker_image('ALPINE') do - ... - end - -You can also pass the repository and tag values as separate values. - - describe docker_image(repo: 'ALPINE', tag: 'LATEST') do - ... - end - -## Properties - -### id - -The `id` property returns the full image ID. - - its('id') { should eq 'sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526' } - -### image - -The `image` property tests the value of the image. It is a combination of `repository/tag`. - - its('image') { should eq 'ALPINE:LATEST' } - -### repo - -The `repo` property tests the value of the repository name. - - its('repo') { should eq 'ALPINE' } - -### tag - -The `tag` property tests the value of the image tag. - - its('tag') { should eq 'LATEST' } - -### Low-level information of docker image as docker_image's property - -#### inspection - -The property allows testing the low-level information of docker image returned by `docker inspect [docker_image]`. Use hash format `'key' => 'value` for testing the information. - - its(:inspection) { should include "Key" => "Value" } - its(:inspection) { should include "Key" => - { - "SubKey" => "Value1", - "SubKey" => "Value2" - } - } - -Additionally, all keys of the low-level information are valid properties and can be passed in three ways when writing the test. - -- Serverspec's syntax - - its(['key']) { should eq some_value } - its(['key1.key2.key3']) { should include some_value } - -- InSpec's syntax - - its(['key']) { should eq some_value } - its(['key1', 'key2', 'key3']) { should include some_value } - -- Combination of Serverspec and InSpec - - its(['key1.key2', 'key3']) { should include some_value } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the image is available on the node. - - it { should exist } - -## Examples - -### Test if a docker image exists and verifies the image properties: ID, image, repo, and tag - - describe docker_image('ALPINE:LATEST') do - it { should exist } - its('id') { should eq 'sha256:4a415e...a526' } - its('image') { should eq 'ALPINE:LATEST' } - its('repo') { should eq 'ALPINE' } - its('tag') { should eq 'LATEST' } - end - -### Test if a docker image exists and verifies the low-level information: Architecture, Config.Cmd, and GraphDriver - - describe docker_image('ubuntu:latest') do - it { should exist } - its(['Architecture']) { should eq 'ARM64' } - its(['Config.Cmd']) { should include 'BASH' } - its(['GraphDriver.Data.MergedDir']) { should include "/var/lib/docker/overlay2/4336ba2a87c8d82abaa9ee5afd3ac20ea275bf05502d74d8d8396f8f51a4736c/merged" } - its(:inspection) { should include 'Architecture' => 'ARM64' } - its(:inspection) { should_not include 'Architecture' => 'i386' } - its(:inspection) { should include "GraphDriver" => - { - "Data" => { - "MergedDir" => "/var/lib/docker/overlay2/4336ba2a87c8d82abaa9ee5afd3ac20ea275bf05502d74d8d8396f8f51a4736c/merged", - "UpperDir" => "/var/lib/docker/overlay2/4336ba2a87c8d82abaa9ee5afd3ac20ea275bf05502d74d8d8396f8f51a4736c/diff", - "WorkDir"=> "/var/lib/docker/overlay2/4336ba2a87c8d82abaa9ee5afd3ac20ea275bf05502d74d8d8396f8f51a4736c/work" - }, - "Name" => "overlay2" - } - } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_plugin.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_plugin.md deleted file mode 100644 index 55f439a2ba..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_plugin.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "docker_plugin resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "docker_plugin" - identifier = "inspec/resources/os/docker_plugin.md docker_plugin resource" - parent = "inspec/resources/os" -+++ - -Use the `docker_plugin` Chef InSpec audit resource to verify a Docker plugin. - -## Syntax - -A `docker_plugin` resource block declares the plugin: - - describe docker_plugin('rexray/ebs') do - it { should exist } - its('id') { should_not eq '0ac30b93ad40' } - its('version') { should eq '0.11.1' } - it { should be_enabled } - end - -## Resource Parameter Examples - -The resource allows you to pass in an plugin id: - - describe docker_plugin(id: plugin_id) do - it { should be_enabled } - end - -## Properties - -### id - -The `id` property returns the full plugin id: - - its('id') { should eq '0ac30b93ad40' } - -### version - -The `version` property tests the value of plugin version: - - its('version') { should eq '0.11.0' } - -## Examples - -### Test a Docker plugin - - describe docker_plugin('rexray/ebs') do - it { should exist } - its('id') { should_not eq '0ac30b93ad40' } - its('version') { should eq '0.11.1' } - it { should be_enabled } - end - -## Matchers - -For a full list of available matchers, please visit our [Universal Matchers](/inspec/matchers/). - -### exist - -The `exist` matcher tests if the plugin is available on the node: - - describe docker_plugin('rexray/ebs') do - it { should exist } - end - -### enabled - -The `be_enabled` matches tests if the plugin is enabled diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_service.md deleted file mode 100644 index b5e294cf72..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/docker_service.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "docker_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "docker_service" - identifier = "inspec/resources/os/docker_service.md docker_service resource" - parent = "inspec/resources/os" -+++ - -Use the `docker_service` Chef InSpec audit resource to verify a docker swarm service. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.51.0 of InSpec. - -## Syntax - -A `docker_service` resource block declares the service by name: - - describe docker_service('foo') do - it { should exist } - its('id') { should eq 'docker-service-id' } - its('repo') { should eq 'alpine' } - its('tag') { should eq 'latest' } - end - -## Resource Parameter Examples - -The resource allows you to pass in a service id: - - describe docker_service(id: 'docker-service-id') do - ... - end - -You can also pass in the fully-qualified image: - - describe docker_service(image: 'localhost:5000/alpine:latest') do - ... - end - -## Property Examples - -The following examples show how to use Chef InSpec `docker_service` resource. - -### id - -The `id` property returns the service id: - - its('id') { should eq 'docker-service-id' } - -### image - -The `image` property is a combination of `repository:tag` it tests the value of the image: - - its('image') { should eq 'alpine:latest' } - -### mode - -The `mode` property tests the value of the service mode: - - its('mode') { should eq 'replicated' } - -### name - -The `name` property tests the value of the service name: - - its('name') { should eq 'foo' } - -### ports - -The `ports` property tests the value of the service's published ports: - - its('ports') { should include '*:8000->8000/tcp' } - -### repo - -The `repo` property tests the value of the repository name: - - its('repo') { should eq 'alpine' } - -### replicas - -The `replicas` property tests the value of the service's replica count: - - its('replicas') { should eq '3/3' } - -### tag - -The `tag` property tests the value of image tag: - - its('tag') { should eq 'latest' } - -### Test a docker service - - describe docker_service('foo') do - it { should exist } - its('id') { should eq 'docker-service-id' } - its('repo') { should eq 'alpine' } - its('tag') { should eq 'latest' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the image is available on the node: - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/elasticsearch.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/elasticsearch.md deleted file mode 100644 index 27cf0941b9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/elasticsearch.md +++ /dev/null @@ -1,223 +0,0 @@ -+++ -title = "elasticsearch resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "elasticsearch" - identifier = "inspec/resources/os/elasticsearch.md elasticsearch resource" - parent = "inspec/resources/os" -+++ - -Use the `elasticsearch` resource to test the status of a node against a running -Elasticsearch cluster. Chef InSpec retrieves the node list from the cluster node URL -provided (defaults to `http://localhost:9200`) and provides the ability to query -a variety of settings and statuses. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.43.5 of InSpec. - -## Syntax - - describe elasticsearch do - its('property') { should cmp 'value' } - end - -## Supported Resource Parameters - -The `elasticsearch` resource accepts several optional resource parameters: - -`url` -: the top-level URL of an Elasticsearch node in the cluster. If your Elasticsearch installation is not served out of the top-level directory at the host, be sure to specify the full URL; for example: `http://my-load-balancer/elasticsearch`. Default: `http://localhost:9200` - -`username` -: a username to use to log in with HTTP-Basic authentication. If `username` is provided, a `password` must also be provided. - -`password` -: a password to use to log in with HTTP-Basic authentication. If `password` is provided, a `username` must also be provided. - -`ssl_verify` -: if `false`, SSL certificate validation will be disabled. Default: `true` - -In addition, the `elasticsearch` resource allows for filtering the nodes returned by property before executing the tests: - - describe elasticsearch.where { node_name == 'one-off-node' } do - its('version') { should eq '1.2.3' } - end - - describe elasticsearch.where { process.mlockall == false } do - its('count') { should cmp 0 } - end - -To simply check if nodes exist that match the criteria, use the `exist` matcher: - - describe elasticsearch.where { cluster_name == 'my_cluster' } do - it { should exist } - end - -## Properties - -The following are the different properties of the resource: - -Since the `elasticsearch` resource is meant for use on a cluster, each property will return an array of the values for each node that matches any provided search criteria. Using InSpec's `cmp` matcher helps avoid issues when comparing values when there is only a single match (i.e. when the cluster only contains a single node or the `where` filter criteria provided only returns a single node). - -### build_hash - -The `build hash` property returns the build hash for each of the nodes. - - its('build_hash') { should cmp 'b2f0c09' } - -### cluster_name - -The `cluster_name` property returns the cluster names of each of the nodes. - - its('cluster_name') { should cmp 'my_cluster' } - -### host - -The `host` property returns the hostname of each of the nodes. This may return an IP address if the node is improperly performing DNS resolution or has no hostname set. - - its('host') { should cmp 'my.hostname.mycompany.biz' } - -### http - -The `http` property returns a hash of HTTP-related settings for each of the nodes. In this example, the `first` method is used to grab only the first node's HTTP-related info and is a way of removing the item from the Array if only one node is being queried. - - its('http.first.max_content_length_in_bytes') { should cmp 123456 } - -### ingest - -The `ingest` property returns ingest-related settings and capabilities, such as available processors. - - its('ingest.first.processors.count') { should be >= 1 } - -### ip - -The `ip` property returns the IP address of each of the nodes. - - its('ip') { should cmp '192.168.1.100' } - -### jvm - -The `jvm` property returns Java Virtual Machine related parameters for each of the nodes. - - its('jvm.first.version') { should cmp '1.8.0_141' } - -### module_list - -The `module_list` property returns a list of enabled modules for each node in the cluster. - - its('module_list.first') { should include 'my_module' } - -### modules - -The `modules` property returns detailed information about each enabled module for each node in the cluster. - - its('modules.first') { should include 'lang-groovy' } - -### node_name - -The `node_name` property returns the node name for each node in the cluster. - - its('node_name') { should cmp 'node1' } - -### node_id - -The `node_id` property returns the node IDs of each of the nodes in the cluster. - - its('node_id') { should include 'my_node_id' } - -### os - -The `os` property returns OS-related information about each node in the cluster. - - its('os.first.arch') { should cmp 'amd64' } - -### plugin_list - -The `plugin_list` property returns a list of enabled plugins for each node in the cluster. For more additional information about each plugin, use the `plugins` property. - - its('plugin_list.first') { should include 'my_plugin' } - -### plugins - -The `plugins` property returns detailed information about each enabled plugin for each node in the cluster. - - its('plugins.first') { should include 'my_plugin' } - -### process - -The `process` property returns process information for each node in the cluster, such as the process ID. - - its('process.first.mlockall') { should cmp true } - -### roles - -The `roles` property returns the role for each of the nodes in the cluster. - - its('roles') { should include 'master' } - -### settings - -The `settings` property returns all the configuration settings for each node in the cluster. These settings usually include those set in the elasticsearch.yml as well as those set via `-Des.` or `-E` flags at startup. Use the `inspec shell` to explore the various setting keys that are available. - - its('settings.first.path.home') { should cmp '/usr/share/elasticsearch' } - -### total_indexing_buffer - -The `total_indexing_buffer` property returns the total indexing buffer for each node in the cluster. - - its('total_indexing_buffer') { should cmp 123456 } - -### transport - -The `transport` property returns transport-related settings for each node in the cluster, such as the bound and published addresses. - - its('transport.first.bound_address') { should cmp '1.2.3.4:9200' } - -### transport_address - -The `transport_address` property returns the bound transport address for each node in the cluster. - - its('transport_address') { should cmp '1.2.3.4:9200' } - -### version - -The `version` property returns the version of Elasticsearch running on each node of the cluster. - - its('version') { should cmp '5.5.2' } - -## Examples - -### Test to verify the specific module. Uses additional Ruby to find a specific module and assert a value. For a succinct list of the names of each of the modules enabled, use the `module_list` property. - - modules = elasticsearch.modules.first - lang_groovy_module = modules.find { |mod| mod.name == 'lang-groovy' } - - describe 'lang-groovy module version' do - subject { lang_groovy_module } - its('version') { should cmp '5.5.2' } - end - -### Tests to verify the specific plugin. Uses additional Ruby to find a specific plugin and assert a value. For a succinct list of the names of each of the plugins enabled, use the `plugin_list` property. - - plugins = elasticsearch.plugins.first - my_plugin = plugins.find { |plugin| plugin.name == 'my_plugin' } - - describe 'my_plugin plugin version' do - subject { my_plugin } - its('version') { should cmp '1.2.3' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_fstab.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_fstab.md deleted file mode 100644 index b32b9965bf..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_fstab.md +++ /dev/null @@ -1,126 +0,0 @@ -+++ -title = "etc_fstab resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "etc_fstab" - identifier = "inspec/resources/os/etc_fstab.md etc_fstab resource" - parent = "inspec/resources/os" -+++ - -Use the `etc_fstab` Chef InSpec audit resource to test information about all partitions and storage devices on a Linux system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.37.6 of InSpec. - -## Syntax - -An etc_fstab rule specifies a device name, its mount point, its mount type, the options it mounted with, -its dump options and the files system options should be checked. - -Use the where clause to match a property to one or more rules in the fstab file: - - describe etc_fstab.where { device_name == 'value' } do - its('mount_point') { should cmp 'hostname' } - its('file_system_type') { should cmp 'list' } - its('mount_options') { should cmp 'list' } - its('dump_options') { should cmp 'list' } - its('file_system_options') { should cmp 'list' } - end - -Use the optional constructor parameter to give an alternative path to fstab file: - - describe etc_fstab(hosts_path).where { device_name == 'value' } do - its('mount_point') { should cmp 'hostname' } - its('file_system_type') { should cmp 'list' } - its('mount_options') { should cmp 'list' } - its('dump_options') { should cmp 'list' } - its('file_system_options') { should cmp 'list ' } - end - -## Properties - -### device_name - -The `device_name` property returns a string array including the device names mounted on the system. - - describe etc_fstab.where { mount_point == '/mnt/sr0' } do - its('device_name') { should cmp '/dev/sr0' } - end - -### mount_point - -The `mount_point` property returns a string array including the path of directories at which filesystems are configured to be mounted. - - describe etc_fstab.where { device_name == '/dev/sr0' } do - its('mount_point') { should cmp '/mnt/sr0' } - end - -### file_system_type - -The `file_system_type` property returns a string array including each device or partitions file system type. - - describe etc_fstab.where { device_name == '/dev/sr0' } do - its('file_system_type') { should cmp 'iso9660' } - end - -### mount_options - -The `mount_options` property returns a two dimensional array of each partition's mount options. - - describe etc_fstab.where { mount_point == '/' } do - its('mount_options') { should eq [['defaults', 'x-systemd.device-timeout=0']] } - end - -### dump_options - -The `dump_options` property returns an integer array of each partitions dump option. This is a number used by dump to decide if a file system should be backed up. - - describe etc_fstab.where { device_name == '/dev/sr0' } do - its('dump_options') { should cmp 0 } - end - -### file_system_options - -The `file_system_options` property returns an integer array of each partitions file system option. This is a number that specifies the order in which the file system should be checked. - - describe etc_fstab.where { device_name == '/dev/sr0' } do - its('file_system_options') { should cmp 0 } - end - -## Examples - -### Check all partitions that have a type of 'nfs' - - nfs_systems = etc_fstab.nfs_file_systems.entries - nfs_systems.each do |partition| - describe partition do - its('mount_options') { should include 'nosuid' } - end - end - -### Check the partition mounted at /home contains 'nosuid' in its mount_options - - describe etc_fstab do - its('home_mount_options') { should include 'nosuid' } - end - -### Check if a partition is mounted at a point - - describe etc_fstab.where { mount_point == '/home' } do - it { should be_configured } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_group.md deleted file mode 100644 index 68ef34266a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_group.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "etc_group resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "etc_group" - identifier = "inspec/resources/os/etc_group.md etc_group resource" - parent = "inspec/resources/os" -+++ - -Use the `etc_group` Chef InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group: group name, password, group identifier, along with a comma-separated list of users that belong to the group. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `etc_group` resource block declares a collection of properties to be tested: - - describe etc_group('path') do - its('property') { should eq 'some_value' } - end - -or: - - describe etc_group.where(item: 'value', item: 'value') do - its('gids') { should_not contain_duplicates } - its('groups') { should include 'user_name' } - its('users') { should include 'user_name' } - end - -where - -- `('path')` is the non-default path to the `\etc\group` file -- `.where()` filters for a specific item and value, to which the parameter are compared -- `.where` filter may be one or more of: - - `name: 'name'`, `group_name: 'group_name'`, `password: 'password'`, `gid: 'gid'`, `group_id: 'gid'`, `users: 'user_name'`, `members: 'member_name'` - -## Properties - -### gids - -The `gids` property returns the list of gids from `/etc/group` file. - - its('gids') { should include 'gid' } - -### groups - -The `groups` property returns the list of groups from `/etc/group` file. - - its('groups') { should include 'my_group' } - -### users - -The `users` property returns the list of users from `/etc/group `file. - - its('users') { should include 'my_user' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test group identifiers (GIDs) for duplicates - - describe etc_group do - its('gids') { should_not contain_duplicates } - end - -### Test all groups to see if a specific user belongs to one (or more) groups - - describe etc_group do - its('groups') { should include 'my_group' } - end - -### Test all groups for a specific user name - - describe etc_group do - its('users') { should include 'my_user' } - end - -### Filter a list of groups for a specific user - - describe etc_group.where(name: 'my_group') do - its('users') { should include 'my_user' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts.md deleted file mode 100644 index 5fc8317282..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "etc_hosts resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "etc_hosts" - identifier = "inspec/resources/os/etc_hosts.md etc_hosts resource" - parent = "inspec/resources/os" -+++ - -Use the `etc_hosts` Chef InSpec audit resource to test rules set to match IP addresses with hostnames. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.37.6 of InSpec. - -## Syntax - -An etc/hosts rule specifies an IP address and what its hostname is along with optional aliases it can have. - -## Syntax - -Use the `.where` clause to match a property to one or more rules in the hosts file: - - describe etc_hosts.where { ip_address == 'value' } do - its('primary_name') { should cmp 'hostname' } - its('all_host_names') { should cmp 'list' } - end - -Use the optional resource parameter to give an alternative path to the hosts file: - - describe etc_hosts('path/to/hosts').where { ip_address == 'value' } do - its('primary_name') { should cmp 'hostname' } - its('all_host_names') { should cmp 'list' } - end - -where - -- `ip_address` is the IP address of the hostname in either ipv4 or ipv6 format. -- `primary_name` is the name associated with the IP address. -- `all_host_names` is a list including the primary_name as the first entry followed by any alias names the host has. - -## Properties - -### ip_address - -The `ip_address` property returns a string array of ip addresses specified in the etc/hosts file. - - its('ip_address') { should cmp '127.0.1.154' } - -### primary_name - -The `primary_name` property returns a string array of primary_names specified in the etc/hosts file. - - its('primary_name') { should cmp 'localhost' } - -### all_host_names - -The `all_host_names` property returns a two-dimensional string array where each entry has the primary_name first followed by any aliases. - - its('all_host_names') { should cmp 'list' } - -## Examples - -### Test the IP address of the given primary name 'localhost'. - - describe etc_hosts.where { primary_name == 'localhost' } do - its('ip_address') { should cmp '127.0.1.154' } - end - -### Test the primary name for where IP address is '::1' - - describe etc_hosts.where { ip_address == '::1' } do - its('primary_name') { should cmp 'localhost' } - end - -### Test the list of primary names and their aliases for the given IP address. - - describe etc_hosts.where { ip_address == '127.0.1.154' } do - its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4'], ['localhost', 'localhost.localdomain', 'localhost6', 'localhost6.localdomain6']] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts_allow.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts_allow.md deleted file mode 100644 index 6baca57a52..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts_allow.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "etc_hosts_allow resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "etc_hosts_allow" - identifier = "inspec/resources/os/etc_hosts_allow.md etc_hosts_allow resource" - parent = "inspec/resources/os" -+++ - -Use the `etc_hosts_allow` Chef InSpec audit resource to test rules defined for accepting daemon and client traffic in the `'/etc/hosts.allow'` file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.39.1 of InSpec. - -## Syntax - -An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients, with zero or more options for accepting traffic when found. - -Use the where clause to match a property to one or more rules in the `hosts.allow` file. - - describe etc_hosts_allow.where { daemon == 'value' } do - its ('client_list') { should include ['values'] } - its ('options') { should include ['values'] }p - end - -Use the optional constructor parameter to give an alternative path to `hosts.allow` file. - - describe etc_hosts_allow(hosts_path).where { daemon == 'value' } do - its ('client_list') { should include ['values'] } - its ('options') { should include ['values'] } - end - -where - -- `daemon` is a filter that will be allowed to pass traffic in. -- `client_list`, `options` are the valid resource properties that test the list of clients who will be allowed to pass traffic in, and a list of tasks that are to be done with the rule when traffic is found respectively. - -## Properties - -### daemon - -The `daemon` property returns a string containing the daemon that is allowed in the rule. - - describe etc_hosts_allow.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do - its('daemon') { should eq ['vsftpd', 'sshd'] } - end - -### client_list - -The `client_list` property returns a 2d string array where each entry contains the clients specified for the rule. - - describe etc_hosts_allow.where { daemon == 'sshd' } do - its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] } - end - -### options - -The `options` property returns a 2d string array where each entry contains any options specified for the rule. - - describe etc_hosts_allow.where { daemon == 'sshd' } do - its('options') { should include ['deny', 'echo "REJECTED"'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts_deny.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts_deny.md deleted file mode 100644 index edc1e7004f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/etc_hosts_deny.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "etc_hosts_deny resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "etc_hosts_deny" - identifier = "inspec/resources/os/etc_hosts_deny.md etc_hosts_deny resource" - parent = "inspec/resources/os" -+++ - -Use the `etc_hosts_deny` Chef InSpec audit resource to test rules for rejecting daemon and client traffic defined in /etc/hosts.deny. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.39.1 of InSpec. - -## Syntax - -An `etc_hosts_deny` rule specifies one or more daemons mapped to one or more clients, with zero or more options for rejecting traffic when found. - -Use the where clause to match a property to one or more rules in the hosts.deny file: - - describe etc_hosts_deny.where { daemon == 'value' } do - its ('client_list') { should include ['values'] } - its ('options') { should include ['values'] } - end - -Use the optional constructor parameter to give an alternative path to hosts.deny: - - describe etc_hosts_deny(hosts_path).where { daemon == 'value' } do - its ('client_list') { should include ['values'] } - its ('options') { should include ['values'] } - end - -where - -- `daemon` is a daemon that will be rejected to pass traffic in. -- `client_list` is a list of clients that will be rejected to pass traffic in. -- `options` is a list of tasks that are to be done with the rule when traffic is found. - -## Properties - -### daemon - -The `daemon` property returns a string containing the daemon that is allowed in the rule. - - describe etc_hosts_deny.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do - its('daemon') { should eq ['vsftpd', 'sshd'] } - end - -### client_list - -The `client_list` property returns a 2d string array where each entry contains the clients specified for the rule. - - describe etc_hosts_deny.where { daemon == 'sshd' } do - its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] } - end - -### options - -The `options` property returns a 2d string array where each entry contains any options specified for the rule. - - describe etc_hosts_deny.where { daemon == 'sshd' } do - its('options') { should include ['deny', 'echo "REJECTED"'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/file.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/file.md deleted file mode 100644 index 6b40101c32..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/file.md +++ /dev/null @@ -1,843 +0,0 @@ -+++ -title = "file resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "file" - identifier = "inspec/resources/os/file.md file resource" - parent = "inspec/resources/os" -+++ - -Use the `file` Chef InSpec audit resource to test system file types, including directories, symbolic links, named pipes, sockets, character devices, block devices, and doors. - -## Availability - -### Install - -The Chef InSpec resource distributes this resource. - -### Version - -This resource is available from InSpec 1.0.0. - -## Syntax - -A `file` resource block declares the location of the file type to be tested, the expected file type (if required), and one or more resource properties. - -```ruby - describe file('path') do - it { should PROPERTY 'value' } - end -``` - -> where -> -> - `('path')` is the name of the file and the path to the file. -> - `PROPERTY` is a valid resource property for this resource. -> - `'value'` is the value to be tested. - -## Properties - -### General Properties - -- `content` -- `content_as_json` -- `content_as_yaml` -- `size` -- `basename` -- `path` -- `owner` -- `group` -- `type` - -### Unix/Linux Properties - -- `symlink` -- `mode` -- `link_path` -- `shallow_link_path` -- `mtime` -- `size` -- `selinux_label` -- `md5sum` -- `sha256sum` -- `path` -- `source` -- `source_path` -- `uid` -- `gid` - -### Windows Properties - -- `file_version` -- `product_version` -- `user_permissions` - -## Resource Property Examples - -### content - -The `content` property tests if contents in the file match the value specified in a regular expression. The values of the `content` property are arbitrary and depend on the file type tested and also the expected type of information to be present in that file. - -```ruby - its('content') { should match REGEX } -``` - -The following complete example tests the `pg_hba.conf` file in PostgreSQL for MD5 requirements. The tests look at all `host` and `local` settings in that file, and then compare the MD5 checksums against the values in the test: - -```ruby - describe file('/etc/postgresql/9.1/main/pg_hba.conf') do - its('content') { should match(%r{local\s+.*?all\s+.*?all\s+.*?md5}) } - its('content') { should match(%r{host\s+.*?all\s+.*?all\s+.*?127.0.0.1\/32\s+.*?md5}) } - its('content') { should match(%r{host\s+.*?all\s+.*?all\s+.*?::1\/128\s+.*?md5}) } - end -``` - -### content_as_json - -The `content_as_json` property tests if contents in the specified json file matches the value specified in hash format. The value can be either key or key-value pair of the hash. - -```ruby - its('content_as_json') { should include('key') } - its('content_as_json') { should include('key' => 'value') } -``` - -Assuming the file helloworld.json has the following content - -```ruby - { - "name" : "InSpec", - "technology" : { - "language" : "Ruby" - } - } -``` - -The syntax to test for the content is as follows: - -```ruby - describe file('/home/helloworld.json') do - its('content_as_json') { should include('name') } - its('content_as_json') { should include('name' => 'InSpec') } - its('content_as_json') { should include('technology' => { 'language' => 'Ruby' }) } - end -``` - -### content_as_yaml - -The `content_as_yaml` property tests if contents in the specified **YAML** file matches the value specified in **hash** format. The value can be either key of the hash or key-value pair of hash. - -```ruby - its('content_as_yaml') { should include('key') } - its('content_as_yaml') { should include('key' => 'value') } -``` - -Assuming the file helloworld.yml has the following content - -```ruby - name: "InSpec" - technology: - language: "Ruby" -``` - -The syntax to test for the content is as follows: - -```ruby - describe file('/home/helloworld.yml') do - its('content_as_yaml') { should include('name') } - its('content_as_yaml') { should include('name' => 'InSpec') } - its('content_as_yaml') { should include('technology' => { 'language' => 'Ruby' }) } - end -``` - -### file_version - -The `file_version` property tests if a Windows file's version matches the specified value. The difference between a file's, 'file version' and 'product version' is that the file version is the version number of the file itself, whereas the product version is the version number associated with the application from which that file originates: - -```ruby - its('file_version') { should eq '1.2.3' } -``` - -### group - -The `group` property tests if the group to which a file belongs matches the specified value. - -```ruby - its('group') { should eq 'admins' } -``` - -The following examples show how to use this Chef InSpec audit resource. - -### link_path - -The `link_path` property tests if the file exists at the specified path. If the file is a symlink, the Chef InSpec resolves the symlink recursively and return the ultimate linked file. - -```ruby - its('link_path') { should eq '/some/path/to/file' } -``` - -### shallow_link_path - -The `shallow_link_path` property returns the path that the file refers to, only resolving it once (that is, it performs a readlink operation). If the file is not a symlink, **nil** is returned. - -```ruby - its('shallow_link_path') { should eq '/some/path/to/file' } -``` - -### md5sum - -The `md5sum` property tests if the MD5 checksum for a file matches the specified value. - -```ruby - its('md5sum') { should eq '3329x3hf9130gjs9jlasf2305mx91s4j' } -``` - -### mode - -The `mode` property tests if the mode assigned to the file matches the specified value. - -```ruby - its('mode') { should cmp '0644' } -``` - -The Chef InSpec [octal](https://en.wikipedia.org/wiki/Leading_zero#0_as_a_prefix) values begin the numeric mode specification with zero. - -For example, write: - -```ruby - { should cmp '0644' } -``` - -not - -```ruby - { should cmp '644' } -``` - -or write: - -```ruby - { should cmp '01775' } -``` - -not - -```ruby - { should cmp '1775' } -``` - -Without the zero prefix for the octal value, the Chef InSpec interprets it as the _decimal_ value 644, which is octal 1024 or `-----w-r-T`, and any test for a file that is `-rw-r--r--` will fail. - -{{< note >}} -See the [`be_more_permissive_than(mode)`](<#be_more_permissive_than?(mode)>) matcher for upper and lower bounds on file mode. -{{< /note >}} - -### mtime - -The `mtime` property tests if the file modification time for the file matches the specified value. The mtime, where supported, is returned as the number of seconds since the epoch. - -```ruby - describe file('/') do - its('mtime') { should <= Time.now.to_i } - its('mtime') { should >= Time.now.to_i - 1000 } - end -``` - -### owner - -The `owner` property tests if the owner of the file matches the specified value. - -```ruby - its('owner') { should eq 'root' } -``` - -### product_version - -The `product_version` property tests if a Windows file's product version matches the specified value. The difference between a file's 'file version' and 'product version' is that the file version is the version number of the file itself, whereas the product version is the version number associated with the application from which that file originates. - -```ruby - its('product_version') { should eq '2.3.4' } -``` - -### user_permissions - -The `user_permissions` property returns a hash containing a list of users or groups and their file permissions on Windows. For example: - -```ruby - its('user_permissions') { should cmp { "NT AUTHORITY\\SYSTEM" => "FullControl", "NT AUTHORITY\\Authenticated Users" => "ReadAndExecute", "BUILTIN\\Administrators" => "FullControl" } } - - its('user_permissions') { should include "NT AUTHORITY\\SYSTEM"=>"FullControl" } -``` - -### selinux_label - -The `selinux_label` property tests if the SELinux label for a file matches the specified value. - -```ruby - its('selinux_label') { should eq 'system_u:system_r:httpd_t:s0' } -``` - -### sha256sum - -The `sha256sum` property tests if the SHA-256 checksum for a file matches the specified value. - -```ruby - its('sha256sum') { should eq 'b837ch38lh19bb8eaopl8jvxwd2e4g58jn9lkho1w3ed9jbkeicalplaad9k0pjn' } -``` - -### size - -The `size` property tests if a file's size matches, is greater than, or is less than the specified value. For example, equal: - -```ruby - its('size') { should eq 32375 } -``` - -Greater than: - -```ruby - its('size') { should be > 64 } -``` - -Less than: - -```ruby - its('size') { should be < 10240 } -``` - -### type - -The `type` property tests for the file type. The available types are: - -`file` -: the object is a file - -`directory` -: the object is a directory - -`link` -: the object is a symbolic link - -`pipe` -: the object is a named pipe - -`socket` -: the object is a socket - -`character_device` -: the object is a character device - -`block_device` -: the object is a block device - -`door` -: the object is a door device - -The `type` method usually returns the type as a Ruby "symbol". We recommend using the `cmp` matcher to match either by symbol or string. - -For example: - -```ruby - its('type') { should eq :file } - its('type') { should cmp 'file' } -``` - -or, - -```ruby - its('type') { should eq :socket } - its('type') { should cmp 'socket' } -``` - -### Test the contents of a file for MD5 requirements - -```ruby - describe file('/etc/postgresql/9.1/main/pg_hba.conf') do - its('content') { should match /local\s+.*?all\s+.*?all\s+.*?md5/ } - its('content') { should match %r{host\s+.*?all\s+.*?all\s+.*?127.0.0.1\/32\s+.*?md5} } - its('content') { should match %r{host\s+.*?all\s+.*?all\s+.*?::1\/128\s+.*?md5} } - end -``` - -### Test if a file exists - -```ruby - describe file('/tmp') do - it { should exist } - end -``` - -### Test that a file does not exist - -```ruby - describe file('/tmpest') do - it { should_not exist } - end -``` - -### Test if a path is a directory - -```ruby - describe file('/tmp') do - its('type') { should eq :directory } - it { should be_directory } - end -``` - -### Test if a path is a file and not a directory - -```ruby - describe file('/proc/version') do - its('type') { should cmp 'file' } - it { should be_file } - it { should_not be_directory } - end -``` - -### Test if a file is a symbolic link - -```ruby - describe file('/dev/stdout') do - its('type') { should cmp 'symlink' } - it { should be_symlink } - it { should_not be_file } - it { should_not be_directory } - end -``` - -### Test if a file is a character device - -```ruby - describe file('/dev/zero') do - its('type') { should cmp 'character' } - it { should be_character_device } - it { should_not be_file } - it { should_not be_directory } - end -``` - -### Test if a file is a block device - -```ruby - describe file('/dev/zero') do - its('type') { should cmp 'block' } - it { should be_character_device } - it { should_not be_file } - it { should_not be_directory } - end -``` - -### Test the mode for a file - -```ruby - describe file('/dev') do - its('mode') { should cmp '00755' } - end -``` - -### Test the owner of a file - -```ruby - describe file('/root') do - its('owner') { should eq 'root' } - end -``` - -### Test if a file is owned by the root user - -```ruby - describe file('/dev') do - it { should be_owned_by 'root' } - end -``` - -### Test the mtime for a file - -```ruby - describe file('/') do - its('mtime') { should <= Time.now.to_i } - its('mtime') { should >= Time.now.to_i - 1000 } - end -``` - -### Test that a file's size is between 64 and 10240 - -```ruby - describe file('/') do - its('size') { should be > 64 } - its('size') { should be < 10240 } - end -``` - -### Test that a file's size is zero - -```ruby - describe file('/proc/cpuinfo') do - its('size') { should be 0 } - end -``` - -### Test an MD5 checksum - -```ruby - require 'digest' - cpuinfo = file('/proc/cpuinfo').content - - md5sum = Digest::MD5.hexdigest(cpuinfo) - - describe file('/proc/cpuinfo') do - its('md5sum') { should eq md5sum } - end -``` - -### Test an SHA-256 checksum - -```ruby - require 'digest' - cpuinfo = file('/proc/cpuinfo').content - - sha256sum = Digest::SHA256.hexdigest(cpuinfo) - - describe file('/proc/cpuinfo') do - its('sha256sum') { should eq sha256sum } - end -``` - -### Verify NTP - -The following example shows how to use the `file` audit resource to verify if the `ntp.conf` and `leap-seconds` files are present, and then the `command` resource to verify if NTP is installed and running. - -```ruby - describe file('/etc/ntp.conf') do - it { should be_file } - end - - describe file('/etc/ntp.leapseconds') do - it { should be_file } - end - - describe command('pgrep ntp') do - its('exit_status') { should eq 0 } - end -``` - -### Test parameters of symlinked file - -If you need to test the parameters of the target file for a symlink, you can use the `link_path` (recursive resolution) or `shallow_link_path` (direct link) method for the `file` resource. - -For example, for the following symlink: - -```ruby - lrwxrwxrwx. 1 root root 11 03-10 17:56 /dev/virtio-ports/com.redhat.rhevm.vdsm -> ../vport2p1 -``` - -You can write controls for both the link and the target. - -```ruby - describe file('/dev/virtio-ports/com.redhat.rhevm.vdsm') do - it { should be_symlink } - end - - virito_port_vdsm = file('/dev/virtio-ports/com.redhat.rhevm.vdsm').link_path - describe file(virito_port_vdsm) do - it { should exist } - it { should be_character_device } - it { should be_owned_by 'ovirtagent' } - it { should be_grouped_into 'ovirtagent' } - end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_allowed - -The `be_allowed` matcher tests if the file contains a certain permission set, such as `execute` or `write` in Unix and [`full-control` or `modify` in Windows](https://www.codeproject.com/Reference/871338/AccessControl-FileSystemRights-Permissions-Table). - -```ruby - it { should be_allowed('read') } -``` - -Just like with `be_executable` and other permissions, you can check for the permission to the specific user or group. - -```ruby - it { should be_allowed('full-control', by_user: 'MyComputerName\Administrator') } -``` - -Or, - -```ruby - it { should be_allowed('write', by: 'root') } -``` - -### be_block_device - -The `be_block_device` matcher tests if the file exists as a block device, such as `/dev/disk0` or `/dev/disk0s9`. - -```ruby - it { should be_block_device } -``` - -### be_character_device - -The `be_character_device` matcher tests if the file exists as a character device (that corresponds to a block device), such as `/dev/rdisk0` or `/dev/rdisk0s9`. - -```ruby - it { should be_character_device } -``` - -### be_directory - -The `be_directory` matcher tests if the file exists as a directory, such as `/etc/passwd`, `/etc/shadow`, or `/var/log/httpd`. - -```ruby - it { should be_directory } -``` - -### be_executable - -The `be_executable` matcher tests if the file exists as an executable. - -```ruby - it { should be_executable } -``` - -The `be_executable` matcher may also test if the file is executable by a specific owner, group, or user. For example, a group. - -```ruby - it { should be_executable.by('group') } -``` - -an owner: - -```ruby - it { should be_executable.by('owner') } -``` - -any user other than the owner or members of the file's group: - -```ruby - it { should be_executable.by('others') } -``` - -a user: - -```ruby - it { should be_executable.by_user('user') } -``` - -### be_file - -The `be_file` matcher tests if the file exists as a file. This can be useful with configuration files like `/etc/passwd` where there typically is not an associated file extension---`passwd.txt`. - -```ruby - it { should be_file } -``` - -### be_grouped_into - -The `be_grouped_into` matcher tests if the file exists as part of the named group. - -```ruby - it { should be_grouped_into 'group' } -``` - -### be_linked_to - -The `be_linked_to` matcher tests if the file is linked to the named target. - -```ruby - it { should be_linked_to '/etc/target-file' } -``` - -### be_owned_by - -The `be_owned_by` matcher tests if the file is owned by the named user, such as `root`. - -```ruby - it { should be_owned_by 'root' } -``` - -### be_pipe - -The `be_pipe` matcher tests if the file exists as first-in, first-out special file (`.fifo`) that is typically used to define a named pipe, such as `/var/log/nginx/access.log.fifo`. - -```ruby - it { should be_pipe } -``` - -### be_readable - -The `be_readable` matcher tests if the file is readable. - -```ruby - it { should be_readable } -``` - -The `be_readable` matcher may also test if the file is readable by a specific owner, group, or user. For example, a group. - -```ruby - it { should be_readable.by('group') } -``` - -an owner: - -```ruby - it { should be_readable.by('owner') } -``` - -any user other than the owner or members of the file's group: - -```ruby - it { should be_readable.by('others') } -``` - -a user: - -```ruby - it { should be_readable.by_user('user') } -``` - -### be_setgid - -The `be_setgid` matcher tests if the 'setgid' permission is set on the file or directory. On executable files, this causes the process to be started owned by the group that owns the file, rather than the primary group of the invocating user. This can result in escalation of privilege. On Linux, when setgid is set on directories, setgid causes newly created files and directories to be owned by the group that owns the setgid parent directory; additionally, newly created subdirectories will have the setgid bit set. - -```ruby - it { should be_setgid } -``` - -### be_socket - -The `be_socket` matcher tests if the file exists as socket (`.sock`), such as `/var/run/php-fpm.sock`. - -```ruby - it { should be_socket } -``` - -### be_sticky - -The `be_sticky` matcher tests if the 'sticky bit' permission is set on the directory. On directories, this restricts file deletion to the owner of the file, even if the permission of the parent directory would normally permit deletion by others. This is commonly used on /tmp filesystems. - -```ruby - it { should be_sticky } -``` - -### be_setuid - -The `be_setuid` matcher tests if the 'setuid' permission is set on the file. On executable files, this causes the process to be started owned by the user that owns the file, rather than invocating user. This can result in escalation of privilege. - -```ruby - it { should be_setuid } -``` - -### be_symlink - -The `be_symlink` matcher tests if the file exists as a symbolic, or soft link that contains an absolute or relative path reference to another file. - -```ruby - it { should be_symlink } -``` - -### be_version - -The `be_version` matcher tests the version of the file. - -```ruby - it { should be_version '1.2.3' } -``` - -### be_writable - -The `be_writable` matcher tests if the file is writable. - -```ruby - it { should be_writable } -``` - -The `be_writable` matcher may also test if the file is writable by a specific owner, group, or user. For example, a group. - -```ruby - it { should be_writable.by('group') } -``` - -an owner: - -```ruby - it { should be_writable.by('owner') } -``` - -any user other than the owner or members of the file's group. - -```ruby - it { should be_writable.by('others') } -``` - -a user: - -```ruby - it { should be_writable.by_user('user') } -``` - -### exist - -The `exist` matcher tests if the named file exists. - -```ruby - it { should exist } -``` - -### have_mode - -The `have_mode` matcher tests if a file has a mode assigned to it. - -```ruby - it { should have_mode } -``` - -### be_more_permissive_than(mode) - -`be_more_permissive_than(mode)` takes the maximum desired mode - in `octal format` ('0644' or '0777') - of your file as a `String` and returns a `Boolean`. It returns `true` if your file has a mode with greater permissions than specified. - -```ruby - describe file('/etc/passwd') do - it { should_not be_more_permissive_than('0644') } - it { should be_more_permissive_than('0000') } - end -``` - -### be_inherited - -`be_inherited` is a boolean matcher which returns `true` if a file or folder has inheritance enabled, otherwise `false`. This matcher works on Windows systems only. - -```ruby - describe file('C://Example') do - it { should be_inherited } - end -``` - -### be_immutable - -`be_immutable` is a boolean matcher which returns `true` if the specified file has the immutable flag set, otherwise `false`. This matcher is supported on UNIX systems only. - -```ruby - describe file("/home/example") do - it { should be_readable } - it { should be_immutable } - end -``` - -### be_mounted - -`be_mounted` is a boolean matcher which returns `true` if the specified directory is mounted on the system. Else `false`. In addition, to test the attributes of the mounted directory, use the `mount` resource. - -```ruby - describe file("/") do - it { should be_mounted } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/filesystem.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/filesystem.md deleted file mode 100644 index 8ef5654d6d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/filesystem.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "filesystem resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "filesystem" - identifier = "inspec/resources/os/filesystem.md filesystem resource" - parent = "inspec/resources/os" -+++ - -Use the `filesystem` Chef InSpec resource to audit filesystem disk space usage. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.51.0 of InSpec. - -The `free_kb`, `size_kb`, and `type` properties became available in v3.6 of InSpec. - -### Note - -Versions of this resource in Chef InSpec prior to 3.5.x offered a property `size`, which returned a value in GB when on Windows and a value in KB on Linux, though it was documented to always return KB. All new code should use `size_kb` which is unit-stable. The property `size` will remain available in Chef InSpec v3 and 4, but will be deprecated in the future. - -## Syntax - -A `filesystem` resource block declares tests for disk space in a partition: - - describe filesystem('/') do - its('size_kb') { should be >= 32 * 1024 * 1024} - its('free_kb') { should be >= 50 * 1024 } - its('percent_free') { should be >= 20 } - its('type') { should cmp 'ext4' } - end - -where - -- `filesystem('/')` states that the resource will look at the root (/) partition. -- `size_kb` is the total partition size and is measured in kilobytes (KB). -- `free_kb` is the available space on the partition and is measured in kilobytes (KB). -- `percent_free` is the percentage of available free space, and ranges from 0 to 100. - -## Properties - -## size_kb (Integer) - -The `size_kb` property returns the total partition size in kb. - - its('size_kb') { should be >= 32000 } - -## free_kb (Integer) - -The `free_kb` property returns the size of available space on the partition in kb. - - its('size_kb') { should be >= 32000 } - -## percent_free (Integer) - -The `percent_free` property returns the available free space on the partition, ranges from 0 to 100. - - its('percent_free') { should be >= 20 } - -## type (String) - -The `type` property returns the type of the file system. - - its('type') { should cmp 'NTFS' } - -## Examples - -### Test if the root partition is greater than 32000 KB - - describe filesystem('/') do - its('size_kb') { should be >= 32000 } - end - -### Test that the root partition has more than 5GB free - - describe filesystem('/') do - its('free_kb') { should be >= 5000000 } - end - -### Test if the C:\ partition is NTFS - -Note that Windows filesystems (drives) are referred to without any slashes: - - describe filesystem('c:') do - its('type') { should cmp 'NTFS' } - end - -### Test if the /var partition has sufficient free space - - describe filesystem('/var') do - its('percent_free') { should be >= 20 } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/firewalld.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/firewalld.md deleted file mode 100644 index 00f7b63ec4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/firewalld.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "firewalld resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "firewalld" - identifier = "inspec/resources/os/firewalld.md firewalld resource" - parent = "inspec/resources/os" -+++ - -Use the `firewalld` Chef InSpec audit resource to test that firewalld is configured to allow and deny access to specific hosts, services and ports on a system. - -A firewalld has a number of zones that can be configured to allow and deny access to specific hosts, services, and ports. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.40.0 of InSpec. - -## Syntax - - describe firewalld do - it { should be_running } - its('default_zone') { should eq 'public' } - it { should have_service_enabled_in_zone('ssh', 'public') } - it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') } - end - -Use the where clause to test open interfaces, sources, and services that are in active zones. - - describe firewalld.where { zone == 'public' } do - its('interfaces') { should cmp ['enp0s3', 'eno2'] } - its('sources') { should cmp ['192.168.1.0/24', '192.168.1.2'] } - its('services') { should cmp ['ssh', 'icmp'] } - its('target') { should cmp ['default'] } - end - -## Properties - -### `interfaces` - -The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone. - - describe firewalld.where { zone == 'public' } do - its('interfaces') { should cmp ['enp0s3', 'eno2'] } - end - -### `sources` - -The `sources` property is used in conjunction with the where class to display open sources in an active zone. - - describe firewalld.where { zone == 'public' } do - its('sources') { should cmp ['192.168.1.0/24', '192.168.1.2'] } - end - -### `services` - -The `services` property is used in conjunction with the where class to display open services in an active zone. - - describe firewalld.where { zone == 'public' } do - its('services') { should cmp ['ssh', 'icmp'] } - end - -### target - -The `target` property is used in conjunction with the where class to display the target action in an active zone. - - describe firewalld.where { zone == 'public' } do - its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc. - end - -### ports - -The `ports` property is used in conjunction with the where class to display the ports used by an active zone. - - describe firewalld.where { zone == 'public' } do - its('ports') { should cmp ["80/tcp", "443/tcp"] } - end - -### protocols - -The `protocols` property is used in conjunction with the where class to display the protocols used by an active zone. - - describe firewalld.where { zone == 'public' } do - its('protocols') { should cmp ["icmp", "ipv4"] } - end - -### default_zone - -The `default_zone` property displays the default active zone to be used. - - its('default_zone') { should eq 'public' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### `be_installed` - -The `be_installed` matcher tests if the firewalld service is installed: - - it { should be_installed } - -### `be_running` - -The `be_running` matcher tests if the firewalld service is running: - - it { should be_running } - -### `have_zone` - -`have_zone` returns true or false if the zone is set on firewalld. It does not mean the zone is active. - - it { should have_zone('public') } - -### `have_service_enabled_in_zone` - -`have_service_enabled_in_zone` returns true or false if the service is allowed in the specified zone. - - it { should have_service_enabled_in_zone('ssh', 'public') } - -### `have_port_enabled_in_zone` - -`have_port_enabled_in_zone` returns true or false if the port is allowed in the specified zone. - - it { should have_port_enabled_in_zone('22/tcp', 'public') } - -### `have_rule_enabled` - -`have_rule_enabled` returns true or false if the rich-rule has been specified in the zone. - - it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') } - -It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action. - -### `have_icmp_block_inversion_enabled` - -`have_icmp_block_inversion_enabled` returns true or false if ICMP block inversion flag is set for the indicated zone. - - it { should have_icmp_block_inversion_enabled } - -### `have_masquerade_enabled` - -`have_masquerade_enabled` returns true or false if the masquerade flag is set for the indicated zone. - - it { should have_masquerade_enabled } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/gem.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/gem.md deleted file mode 100644 index c7b8e77f26..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/gem.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "gem resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "gem" - identifier = "inspec/resources/os/gem.md gem resource" - parent = "inspec/resources/os" -+++ - -Use the `gem` Chef InSpec audit resource to test if a global Gem package is installed. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `gem` resource block declares a package and (optionally) a package version: - - describe gem('gem_package_name', 'gem_binary') do - it { should be_installed } - end - -where - -- `('gem_package_name')` must specify a Gem package, such as `'rubocop'` -- `('gem_binary')` can specify the path to a non-default gem binary, defaults to `'gem'` -- `be_installed` is a valid matcher for this resource - -## Properties - -### `version (String)` - -The `version` property returns a string of the default version on the system: - - its('version') { should eq '0.33.0' } - -### `versions` - -The `versions` property returns an array of strings of all the versions of the gem installed on the system: - - its('versions') { should include /0.33/ } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Verify that a gem package is installed, with a specific version - - describe gem('rubocop') do - it { should be_installed } - its('version') { should eq '1.22.0' } - end - -### Verify that a particular version is installed when there are multiple versions installed - - describe gem('rubocop') do - it { should be_installed } - its('versions') { should include /1.21.0/ } - its('versions.count') { should_not be > 3 } - end - -### Verify that a gem package is not installed - - describe gem('rubocop') do - it { should_not be_installed } - end - -### Verify that a gem package is installed in an omnibus environment - - describe gem('pry', '/opt/ruby-3.0.2/embedded/bin/gem') do - it { should be_installed } - end - -### Verify that a gem package is installed in a chef omnibus environment - - describe gem('chef-sugar', :chef) do - it { should be_installed } - end - -### Verify that a gem package is installed in a chef-server omnibus environment - - describe gem('knife-backup', :chef_server) do - it { should be_installed } - end - -## Properties - -### version (String) - -The `version` property returns a string of the default version on the system: - - its('version') { should eq '1.22.0' } - -### versions - -The `versions` property returns an array of strings of all the versions of the gem installed on the system: - - its('versions') { should include /1.22/ } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named Gem package is installed: - - it { should be_installed } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_access_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_access_policies.md deleted file mode 100644 index 330e7db849..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_access_policies.md +++ /dev/null @@ -1,53 +0,0 @@ -+++ -title = "google_access_context_manager_access_policies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_access_context_manager_access_policies" - identifier = "inspec/resources/gcp/google_access_context_manager_access_policies.md google_access_context_manager_access_policies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_access_context_manager_access_policies` is used to test a Google AccessPolicy resource - -## Examples - -```ruby -describe google_access_context_manager_access_policies(org_id: '190694428152') do - its('count') { should be >= 1 } - its('titles') { should include 'policytitle' } -end -``` - -## Properties - -Properties that can be accessed from the `google_access_context_manager_access_policies` resource: - -See the [google_access_context_manager_access_policy](/inspec/resources/google_access_context_manager_access_policy/#properties) resource for more information. - -`names` -: an array of `google_access_context_manager_access_policy` name - -`create_times` -: an array of `google_access_context_manager_access_policy` create_time - -`update_times` -: an array of `google_access_context_manager_access_policy` update_time - -`parents` -: an array of `google_access_context_manager_access_policy` parent - -`titles` -: an array of `google_access_context_manager_access_policy` title - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_access_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_access_policy.md deleted file mode 100644 index 8664d795b0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_access_policy.md +++ /dev/null @@ -1,51 +0,0 @@ -+++ -title = "google_access_context_manager_access_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_access_context_manager_access_policy" - identifier = "inspec/resources/gcp/google_access_context_manager_access_policy.md google_access_context_manager_access_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_access_context_manager_access_policy` is used to test a Google AccessPolicy resource - -## Examples - -```ruby -describe.one do - google_access_context_manager_access_policies(org_id: '190694428152').names.each do |policy_name| - describe google_access_context_manager_access_policy(name: policy_name) do - it { should exist } - its('title') { should cmp 'policytitle' } - its('parent') { should match '190694428152' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_access_context_manager_access_policy` resource: - -`name` -: Resource name of the AccessPolicy. Format: accessPolicies/{policy_id} - -`create_time` -: Time the AccessPolicy was created in UTC. - -`update_time` -: Time the AccessPolicy was updated in UTC. - -`parent` -: The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} - -`title` -: Human readable title. Does not affect behavior. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_service_perimeter.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_service_perimeter.md deleted file mode 100644 index fca51383d1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_service_perimeter.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "google_access_context_manager_service_perimeter resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_access_context_manager_service_perimeter" - identifier = "inspec/resources/gcp/google_access_context_manager_service_perimeter.md google_access_context_manager_service_perimeter resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_access_context_manager_service_perimeter` is used to test a Google ServicePerimeter resource - -## Examples - -```ruby -describe.one do - google_access_context_manager_access_policies(org_id: '190694428152').names.each do |policy_name| - describe google_access_context_manager_service_perimeter(policy_name: policy_name, name: 'restrict_all') do - it { should exist } - its('title') { should cmp 'restrict_all' } - its('status.restricted_services') { should include 'storage.googleapis.com' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_access_context_manager_service_perimeter` resource: - -`title` -: Human readable title. Must be unique within the Policy. - -`description` -: Description of the ServicePerimeter and its use. Does not affect behavior. - -`create_time` -: Time the AccessPolicy was created in UTC. - -`update_time` -: Time the AccessPolicy was updated in UTC. - -`perimeter_type` -: Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most ONE regular Service Perimeter. In addition to being in a regular service perimeter, a resource can also be in zero or more perimeter bridges. A perimeter bridge only contains resources. Cross project operations are permitted if all effected resources share some perimeter (whether bridge or regular). Perimeter Bridge does not contain access levels or services: those are governed entirely by the regular perimeter that resource is in. Perimeter Bridges are typically useful when building more complex topologies with many independent perimeters that need to share some data with a common perimeter, but should not be able to share data among themselves. - - Possible values: - - - PERIMETER_TYPE_REGULAR - - PERIMETER_TYPE_BRIDGE - -`status` -: ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries. - -`resources` -: A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number} - -`access_levels` -: A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via GCP calls with request origins within the perimeter. For Service Perimeter Bridge, must be empty. Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} - -`restricted_services` -: GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - -`vpc_accessible_services` -: Specifies how APIs are allowed to communicate within the Service Perimeter. - - `enable_restriction` - : Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'. - - `allowed_services` - : The list of APIs usable within the Service Perimeter. Must be empty unless `enableRestriction` is True. - -`spec` -: Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the `useExplicitDryRunSpec` flag is set. - -`resources` -: A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number} - -`access_levels` -: A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via GCP calls with request origins within the perimeter. For Service Perimeter Bridge, must be empty. Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} - -`restricted_services` -: GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - -`vpc_accessible_services` -: Specifies how APIs are allowed to communicate within the Service Perimeter. - - `enable_restriction` - : Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'. - - `allowed_services` - : The list of APIs usable within the Service Perimeter. Must be empty unless `enableRestriction` is True. - -`use_explicit_dry_run_spec` -: Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. useExplicitDryRunSpec must bet set to True if any of the fields in the spec are set to non-default values. - -`parent` -: The AccessPolicy this ServicePerimeter lives in. Format: accessPolicies/{policy_id} - -`name` -: Resource name for the ServicePerimeter. The short*name component must begin with a letter and only include alphanumeric and '*'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_service_perimeters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_service_perimeters.md deleted file mode 100644 index a0893bba5c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_access_context_manager_service_perimeters.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_access_context_manager_service_perimeters resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_access_context_manager_service_perimeters" - identifier = "inspec/resources/gcp/google_access_context_manager_service_perimeters.md google_access_context_manager_service_perimeters resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_access_context_manager_service_perimeters` is used to test a Google ServicePerimeter resource - -## Examples - -```ruby -describe.one do - google_access_context_manager_access_policies(org_id: '190694428152').names.each do |policy_name| - describe google_access_context_manager_service_perimeters(policy_name: policy_name) do - its('names') { should include 'restrict_all' } - its('titles') { should include 'restrict_all' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_access_context_manager_service_perimeters` resource: - -See the [google_access_context_manager_service_perimeter](/inspec/resources/google_access_context_manager_service_perimeter/#properties) resource for more information. - -`titles` -: an array of `google_access_context_manager_service_perimeter` title - -`descriptions` -: an array of `google_access_context_manager_service_perimeter` description - -`create_times` -: an array of `google_access_context_manager_service_perimeter` create_time - -`update_times` -: an array of `google_access_context_manager_service_perimeter` update_time - -`perimeter_types` -: an array of `google_access_context_manager_service_perimeter` perimeter_type - -`statuses` -: an array of `google_access_context_manager_service_perimeter` status - -`specs` -: an array of `google_access_context_manager_service_perimeter` spec - -`use_explicit_dry_run_specs` -: an array of `google_access_context_manager_service_perimeter` use_explicit_dry_run_spec - -`parents` -: an array of `google_access_context_manager_service_perimeter` parent - -`names` -: an array of `google_access_context_manager_service_perimeter` name - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_appengine_standard_app_version.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_appengine_standard_app_version.md deleted file mode 100644 index 6d95042ffb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_appengine_standard_app_version.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "google_appengine_standard_app_version resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_appengine_standard_app_version" - identifier = "inspec/resources/gcp/google_appengine_standard_app_version.md google_appengine_standard_app_version resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_appengine_standard_app_version` is used to test a Google StandardAppVersion resource - -## Examples - -```ruby -describe google_appengine_standard_app_version(project: 'chef-gcp-inspec', location: 'europe-west2', version_id: 'v2', service: 'default') do - it { should exist } - its('version_id') { should eq 'v2' } - its('runtime') { should eq 'nodejs10' } -end -``` - -## Properties - -Properties that can be accessed from the `google_appengine_standard_app_version` resource: - -`name` -: Full path to the Version resource in the API. Example, "v1". - -`version_id` -: Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,"default", "latest", and any name with the prefix "ah-". - -`runtime` -: Desired runtime. Example python27. - -`threadsafe` -: Whether multiple requests can be dispatched to this version at once. - -`instance_class` -: Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. - -`automatic_scaling` -: Automatic scaling is based on request rate, response latencies, and other application metrics. - -`max_concurrent_requests` -: Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. Defaults to a runtime-specific value. - -`max_idle_instances` -: Maximum number of idle instances that should be maintained for this version. - -`max_pending_latency` -: Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - -`min_idle_instances` -: Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. - -`min_pending_latency` -: Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - -`standard_scheduler_settings` -: Scheduler settings for standard environment. - - `target_cpu_utilization` - : Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. - - `target_throughput_utilization` - : Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. - - `min_instances` - : Minimum number of instances to run for this version. Set to zero to disable minInstances configuration. - - `max_instances` - : Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration. - -`basic_scaling` -: Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity. - -`idle_timeout` -: Duration of time after the last request that an instance must wait before the instance is shut down. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. - -`max_instances` -: Maximum number of instances to create for this version. Must be in the range [1.0, 200.0]. - -`manual_scaling` -: A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. - -`instances` -: Number of instances to assign to the service at the start. **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 Modules API set_num_instances() you must use `lifecycle.ignore_changes = ["manual_scaling"[0].instances]` to prevent drift detection. - -## GCP Permissions - -Ensure the [App Engine Admin API](https://console.cloud.google.com/apis/library/appengine.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_appengine_standard_app_versions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_appengine_standard_app_versions.md deleted file mode 100644 index e469419191..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_appengine_standard_app_versions.md +++ /dev/null @@ -1,63 +0,0 @@ -+++ -title = "google_appengine_standard_app_versions resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_appengine_standard_app_versions" - identifier = "inspec/resources/gcp/google_appengine_standard_app_versions.md google_appengine_standard_app_versions resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_appengine_standard_app_versions` is used to test a Google StandardAppVersion resource - -## Examples - -```ruby -describe google_appengine_standard_app_versions(project: 'chef-gcp-inspec', location: 'europe-west2',service: 'default') do - its('runtimes') { should include 'nodejs10' } -end -``` - -## Properties - -Properties that can be accessed from the `google_appengine_standard_app_versions` resource: - -See the [google_appengine_standard_app_version](/inspec/resources/google_appengine_standard_app_version/#properties) resource for more information. - -`names` -: an array of `google_appengine_standard_app_version` name - -`version_ids` -: an array of `google_appengine_standard_app_version` version_id - -`runtimes` -: an array of `google_appengine_standard_app_version` runtime - -`threadsaves` -: an array of `google_appengine_standard_app_version` threadsafe - -`instance_classes` -: an array of `google_appengine_standard_app_version` instance_class - -`automatic_scalings` -: an array of `google_appengine_standard_app_version` automatic_scaling - -`basic_scalings` -: an array of `google_appengine_standard_app_version` basic_scaling - -`manual_scalings` -: an array of `google_appengine_standard_app_version` manual_scaling - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [App Engine Admin API](https://console.cloud.google.com/apis/library/appengine.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_dataset.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_dataset.md deleted file mode 100644 index 9498f9fd2a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_dataset.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "google_bigquery_dataset resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_bigquery_dataset" - identifier = "inspec/resources/gcp/google_bigquery_dataset.md google_bigquery_dataset resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_bigquery_dataset` is used to test a Google Dataset resource - -## Examples - -```ruby -describe google_bigquery_dataset(project: 'chef-gcp-inspec', name: 'inspec_gcp_dataset') do - it { should exist } - - its('friendly_name') { should eq 'A BigQuery dataset test' } - its('location') { should eq 'EU' } - its('description') { should eq 'Test BigQuery dataset description' } - its('name') { should eq 'inspec_gcp_dataset' } - its('default_table_expiration_ms') { should cmp '3600000' } -end - -describe.one do - google_bigquery_dataset(project: 'chef-gcp-inspec', name: 'inspec_gcp_dataset').access.each do |dataset_access| - describe dataset_access do - its('role') { should eq 'WRITER' } - its('special_group') { should eq 'projectWriters' } - end - end -end - -describe google_bigquery_dataset(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_bigquery_dataset` resource: - -`access` -: An array of objects that define dataset access for one or more entities. - -`domain` -: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access - -`group_by_email` -: An email address of a Google Group to grant access to. - -`role` -: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts. See [official docs](https://cloud.google.com/bigquery/docs/access-control). - -`special_group` -: A special group to grant access to. - - Possible values include: - - `projectOwners`: Owners of the enclosing project. - - `projectReaders`: Readers of the enclosing project. - - `projectWriters`: Writers of the enclosing project. - - `allAuthenticatedUsers`: All authenticated BigQuery users. - -`user_by_email` -: An email address of a user to grant access to. For example: fred@example.com - -`iam_member` -: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. For example: `allUsers` - -`view` -: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. - - `dataset_id` - : The ID of the dataset containing this table. - - `project_id` - : The ID of the project containing this table. - - `table_id` - : The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. - -`creation_time` -: The time when this dataset was created, in milliseconds since the epoch. - -`dataset_reference` -: A reference that identifies the dataset. - -`dataset_id` -: A unique ID for this dataset, without the project name. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. - -`project_id` -: The ID of the project containing this dataset. - -`default_table_expiration_ms` -: The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an `expirationTime` property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the `expirationTime` for a given table is reached, that table will be deleted automatically. If a table's `expirationTime` is modified or removed before the table expires, or if you provide an explicit `expirationTime` when creating a table, that value takes precedence over the default expiration time indicated by this property. - -`default_partition_expiration_ms` -: The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an `expirationMs` property in the `timePartitioning` settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value. Setting this property overrides the use of `defaultTableExpirationMs` for partitioned tables: only one of `defaultTableExpirationMs` and `defaultPartitionExpirationMs` will be used for any new partitioned table. If you provide an explicit `timePartitioning.expirationMs` when creating or updating a partitioned table, that value takes precedence over the default partition expiration time indicated by this property. - -`description` -: A user-friendly description of the dataset - -`etag` -: A hash of the resource. - -`friendly_name` -: A descriptive name for the dataset - -`id` -: The fully-qualified unique name of the dataset in the format projectId:datasetId. The dataset name without the project name is given in the datasetId field - -`labels` -: The labels associated with this dataset. You can use these to organize and group your datasets - -`last_modified_time` -: The date when this dataset or any of its tables was last modified, in milliseconds since the epoch. - -`location` -: The geographic location where the dataset should reside. See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). There are two types of locations, regional or multi-regional. A regional location is a specific geographic place, such as Tokyo, and a multi-regional location is a large geographic area, such as the United States, that contains at least two geographic places. Possible regional values include: `asia-east1`, `asia-northeast1`, `asia-southeast1`, `australia-southeast1`, `europe-north1`, `europe-west2` and `us-east4`. Possible multi-regional values: `EU` and `US`. The default value is multi-regional location `US`. Changing this forces a new resource to be created. - -`default_encryption_configuration` -: The default encryption key for all tables in the dataset. Once this property is set, all newly-created partitioned tables in the dataset will have encryption key set to this value, unless table creation request (or query) overrides the key. - -`kms_key_name` -: Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. - -## GCP Permissions - -Ensure the [BigQuery API](https://console.cloud.google.com/apis/library/bigquery-json.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_datasets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_datasets.md deleted file mode 100644 index f8c882b90f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_datasets.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "google_bigquery_datasets resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_bigquery_datasets" - identifier = "inspec/resources/gcp/google_bigquery_datasets.md google_bigquery_datasets resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_bigquery_datasets` is used to test a Google Dataset resource - -## Examples - -```ruby -describe google_bigquery_datasets(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('friendly_names') { should include 'A BigQuery dataset test' } - its('locations') { should include 'EU' } -end - -google_bigquery_datasets(project: 'chef-gcp-inspec').ids.each do |name| - google_bigquery_dataset(project: 'chef-gcp-inspec', name: name.split(':').last).access.each do |access| - describe access do - # No bigquery dataset should allow access to allUsers - its('iam_member') { should_not cmp 'allUsers' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_bigquery_datasets` resource: - -See the [google_bigquery_dataset](/inspec/resources/google_bigquery_dataset/#properties) resource for more information. - -`dataset_references` -: an array of `google_bigquery_dataset` dataset_reference - -`default_partition_expiration_ms` -: an array of `google_bigquery_dataset` default_partition_expiration_ms - -`etags` -: an array of `google_bigquery_dataset` etag - -`friendly_names` -: an array of `google_bigquery_dataset` friendly_name - -`ids` -: an array of `google_bigquery_dataset` id - -`labels` -: an array of `google_bigquery_dataset` labels - -`locations` -: an array of `google_bigquery_dataset` location - -`default_encryption_configurations` -: an array of `google_bigquery_dataset` default_encryption_configuration - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [BigQuery API](https://console.cloud.google.com/apis/library/bigquery-json.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_table.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_table.md deleted file mode 100644 index b393200939..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_table.md +++ /dev/null @@ -1,363 +0,0 @@ -+++ -title = "google_bigquery_table resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_bigquery_table" - identifier = "inspec/resources/gcp/google_bigquery_table.md google_bigquery_table resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_bigquery_table` is used to test a Google Table resource - -## Examples - -```ruby -describe google_bigquery_table(project: 'chef-gcp-inspec', dataset: 'inspec_gcp_dataset', name: 'inspec_gcp_bigquery_table') do - it { should exist } - - its('expiration_time') { should cmp '1738882264000' } - its('time_partitioning.type') { should eq 'DAY' } - its('description') { should eq 'A BigQuery table' } -end - -describe google_bigquery_table(project: 'chef-gcp-inspec', dataset: 'inspec_gcp_dataset', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_bigquery_table` resource: - -`table_reference` -: Reference describing the ID of this table - -`dataset_id` -: The ID of the dataset containing this table - -`project_id` -: The ID of the project containing this table - -`table_id` -: The ID of the the table - -`clustering` -: One or more fields on which data should be clustered. Only top-level, non-repeated, simple-type fields are supported. When you cluster a table using multiple columns, the order of columns you specify is important. The order of the specified columns determines the sort order of the data. - -`creation_time` -: The time when this dataset was created, in milliseconds since the epoch. - -`description` -: A user-friendly description of the dataset - -`friendly_name` -: A descriptive name for this table - -`id` -: An opaque ID uniquely identifying the table. - -`labels` -: The labels associated with this dataset. You can use these to organize and group your datasets - -`last_modified_time` -: The time when this table was last modified, in milliseconds since the epoch. - -`location` -: The geographic location where the table resides. This value is inherited from the dataset. - -`name` -: Name of the table - -`num_bytes` -: The size of this table in bytes, excluding any data in the streaming buffer. - -`num_long_term_bytes` -: The number of bytes in the table that are considered "long-term storage". - -`num_rows` -: The number of rows of data in this table, excluding any data in the streaming buffer. - -`require_partition_filter` -: If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified. - -`type` -: Describes the table type - - Possible values: - - - TABLE - - VIEW - - EXTERNAL - -`view` -: The view definition. - -`use_legacy_sql` -: Specifies whether to use BigQuery's legacy SQL for this view - -`user_defined_function_resources` -: Describes user-defined function resources used in the query. - - `inline_code` - : An inline resource that contains code for a user-defined function (UDF). Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - - `resource_uri` - : A code resource to load from a Google Cloud Storage URI (gs://bucket/path). - -`time_partitioning` -: If specified, configures time-based partitioning for this table. - -`expiration_ms` -: Number of milliseconds for which to keep the storage for a partition. - -`field` -: If not set, the table is partitioned by pseudo column, referenced via either '\_PARTITIONTIME' as TIMESTAMP type, or '\_PARTITIONDATE' as DATE type. If field is specified, the table is instead partitioned by this field. The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - -`type` -: The only type supported is DAY, which will generate one partition per day. - - Possible values: - - - DAY - -`streaming_buffer` -: Contains information regarding this table's streaming buffer, if one is present. This field will be absent if the table is not being streamed to or if there is no data in the streaming buffer. - -`estimated_bytes` -: A lower-bound estimate of the number of bytes currently in the streaming buffer. - -`estimated_rows` -: A lower-bound estimate of the number of rows currently in the streaming buffer. - -`oldest_entry_time` -: Contains the timestamp of the oldest entry in the streaming buffer, in milliseconds since the epoch, if the streaming buffer is available. - -`schema` -: Describes the schema of this table - -`fields` -: Describes the fields in a table. - - `description` - : The field description. The maximum length is 1,024 characters. - - `fields` - : Describes the nested schema fields if the type property is set to RECORD. - - `mode` - : The field mode - - Possible values: - - - NULLABLE - - REQUIRED - - REPEATED - - `name` - : The field name - - `type` - : The field data type - - Possible values: - - STRING - - BYTES - - INTEGER - - FLOAT - - TIMESTAMP - - DATE - - TIME - - DATETIME - - RECORD - -`encryption_configuration` -: Custom encryption configuration - -`kms_key_name` -: Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. - -`expiration_time` -: The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. - -`external_data_configuration` -: Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table. - -`autodetect` -: Try to detect schema and format options automatically. Any option specified explicitly will be honored. - -`compression` -: The compression type of the data source - - Possible values: - - - GZIP - - NONE - -`ignore_unknown_values` -: Indicates if BigQuery should allow extra values that are not represented in the table schema - -`max_bad_records` -: The maximum number of bad records that BigQuery can ignore when reading data - -`source_format` -: The data format - - Possible values: - - - CSV - - GOOGLE_SHEETS - - NEWLINE_DELIMITED_JSON - - AVRO - - DATASTORE_BACKUP - - BIGTABLE - -`source_uris` -: The fully-qualified URIs that point to your data in Google Cloud. For Google Cloud Storage URIs: Each URI can contain one '_' wildcard character and it must come after the 'bucket' name. Size limits related to load jobs apply to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. For Google Cloud Datastore backups, exactly one URI can be specified. Also, the '_' wildcard character is not allowed. - -`schema` -: The schema for the data. Schema is required for CSV and JSON formats - - `fields` - : Describes the fields in a table. - - `description` - : The field description - - `fields` - : Describes the nested schema fields if the type property is set to RECORD - - `mode` - : Field mode. - Possible values: - - - NULLABLE - - REQUIRED - - REPEATED - - `name` - : Field name - - `type` - : Field data type - - Possible values: - - STRING - - BYTES - - INTEGER - - FLOAT - - TIMESTAMP - - DATE - - TIME - - DATETIME - - RECORD - -`google_sheets_options` -: Additional options if sourceFormat is set to GOOGLE_SHEETS. - - `skip_leading_rows` - : The number of rows at the top of a Google Sheet that BigQuery will skip when reading the data. - -`csv_options` -: Additional properties to set if sourceFormat is set to CSV. - - `allow_jagged_rows` - : Indicates if BigQuery should accept rows that are missing trailing optional columns - - `allow_quoted_newlines` - : Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file - - `encoding` - : The character encoding of the data - - Possible values: - - - UTF-8 - - ISO-8859-1 - - `field_delimiter` - : The separator for fields in a CSV file - - `quote` - : The value that is used to quote data sections in a CSV file - - `skip_leading_rows` - : The number of rows at the top of a CSV file that BigQuery will skip when reading the data. - -`bigtable_options` -: Additional options if sourceFormat is set to BIGTABLE. - - `ignore_unspecified_column_families` - : If field is true, then the column families that are not specified in columnFamilies list are not exposed in the table schema - - `read_rowkey_as_string` - : If field is true, then the rowkey column families will be read and converted to string. - - `column_families` - : List of column families to expose in the table schema along with their types. - - `columns` - : Lists of columns that should be exposed as individual fields as opposed to a list of (column name, value) pairs. - - `encoding` - : The encoding of the values when the type is not STRING - - Possible values: - - - TEXT - - BINARY - - `field_name` - : If the qualifier is not a valid BigQuery field identifier, a valid identifier must be provided as the column field name and is used as field name in queries. - - `only_read_latest` - : If this is set, only the latest version of value in this column are exposed - - `qualifier_string` - : Qualifier of the column - - `type` - : The type to convert the value in cells of this column - - Possible values: - - BYTES - - STRING - - INTEGER - - FLOAT - - BOOLEAN - - `encoding` - : The encoding of the values when the type is not STRING - - Possible values: - - - TEXT - - BINARY - - `family_id` - : Identifier of the column family. - - `only_read_latest` - : If this is set only the latest version of value are exposed for all columns in this column family - - `type` - : The type to convert the value in cells of this column family - - Possible values: - - BYTES - - STRING - - INTEGER - - FLOAT - - BOOLEAN - -`dataset` -: Name of the dataset - -## GCP Permissions - -Ensure the [BigQuery API](https://console.cloud.google.com/apis/library/bigquery-json.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_tables.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_tables.md deleted file mode 100644 index 3d38094aa6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_bigquery_tables.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "google_bigquery_tables resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_bigquery_tables" - identifier = "inspec/resources/gcp/google_bigquery_tables.md google_bigquery_tables resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_bigquery_tables` is used to test a Google Table resource - -## Examples - -```ruby -describe.one do - google_bigquery_tables(project: 'chef-gcp-inspec', dataset: 'inspec_gcp_dataset').table_references.each do |table_reference| - describe google_bigquery_table(project: 'chef-gcp-inspec', dataset: 'inspec_gcp_dataset', name: table_reference.table_id) do - its('expiration_time') { should cmp '1738882264000' } - its('description') { should eq 'A BigQuery table' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_bigquery_tables` resource: - -See the [google_bigquery_table](/inspec/resources/google_bigquery_table/#properties) resource for more information. - -`table_references` -: an array of `google_bigquery_table` table_reference - -`clusterings` -: an array of `google_bigquery_table` clustering - -`creation_times` -: an array of `google_bigquery_table` creation_time - -`friendly_names` -: an array of `google_bigquery_table` friendly_name - -`ids` -: an array of `google_bigquery_table` id - -`labels` -: an array of `google_bigquery_table` labels - -`last_modified_times` -: an array of `google_bigquery_table` last_modified_time - -`locations` -: an array of `google_bigquery_table` location - -`num_bytes` -: an array of `google_bigquery_table` num_bytes - -`num_long_term_bytes` -: an array of `google_bigquery_table` num_long_term_bytes - -`num_rows` -: an array of `google_bigquery_table` num_rows - -`require_partition_filters` -: an array of `google_bigquery_table` require_partition_filter - -`types` -: an array of `google_bigquery_table` type - -`views` -: an array of `google_bigquery_table` view - -`time_partitionings` -: an array of `google_bigquery_table` time_partitioning - -`streaming_buffers` -: an array of `google_bigquery_table` streaming_buffer - -`schemas` -: an array of `google_bigquery_table` schema - -`encryption_configurations` -: an array of `google_bigquery_table` encryption_configuration - -`expiration_times` -: an array of `google_bigquery_table` expiration_time - -`external_data_configurations` -: an array of `google_bigquery_table` external_data_configuration - -`datasets` -: an array of `google_bigquery_table` dataset - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [BigQuery API](https://console.cloud.google.com/apis/library/bigquery-json.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_billing_project_billing_info.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_billing_project_billing_info.md deleted file mode 100644 index b14c789c5b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_billing_project_billing_info.md +++ /dev/null @@ -1,43 +0,0 @@ -+++ -title = "google_billing_project_billing_info resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_billing_project_billing_info" - identifier = "inspec/resources/gcp/google_billing_project_billing_info.md google_billing_project_billing_info resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_billing_project_billing_info` is used to test a Google ProjectBillingInfo resource - -## Examples - -```ruby -describe google_billing_project_billing_info(project_id: 'chef-gcp-inspec') do - it { should exist } - - its('billing_account_name') { should eq 'billingAccounts/012345-567890-ABCDEF' } - its('billing_enabled') { should eq true } -end -``` - -## Properties - -Properties that can be accessed from the `google_billing_project_billing_info` resource: - -`project_id` -: The project id to retrieve billing info for. - -`billing_account_name` -: The resource name of the billing account associated with the project, if any. For example, `billingAccounts/ 012345-567890-ABCDEF`. - -`billing_enabled` -: True if the project is associated with an open billing account, to which usage on the project is charged. False if the project -is associated with a closed billing account, or no billing account at all, and therefore cannot use paid services. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloud_scheduler_job.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloud_scheduler_job.md deleted file mode 100644 index d5cd912f27..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloud_scheduler_job.md +++ /dev/null @@ -1,148 +0,0 @@ -+++ -title = "google_cloud_scheduler_job resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_cloud_scheduler_job" - identifier = "inspec/resources/gcp/google_cloud_scheduler_job.md google_cloud_scheduler_job resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_cloud_scheduler_job` is used to test a Google Job resource - -## Examples - -```ruby -describe google_cloud_scheduler_job(project: 'chef-gcp-inspec', region: us-central1, name: 'job-name') do - it { should exist } - - its('description') { should cmp 'A description' } - its('schedule') { should cmp '*/8 * * * *' } - its('time_zone') { should cmp 'America/New_York' } - its('http_target.http_method') { should cmp 'POST' } - its('http_target.uri') { should cmp 'https://example.com/ping' } -end -``` - -## Properties - -Properties that can be accessed from the `google_cloud_scheduler_job` resource: - -`name` -: The name of the job. - -`description` -: A human-readable description for the job. This string must not contain more than 500 characters. - -`schedule` -: Describes the schedule on which the job will be executed. - -`time_zone` -: Specifies the time zone to be used in interpreting schedule. The value of this field must be a time zone name from the tz database. - -`attempt_deadline` -: The deadline for job attempts. If the request handler does not respond by this deadline then the request is cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in execution logs. Cloud Scheduler will retry the job according to the RetryConfig. The allowed duration for this deadline is: For HTTP targets, between 15 seconds and 30 minutes, for App Engine HTTP targets, between 15 seconds and 24 hours. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s" - -`retry_config` -: By default, if a job does not complete successfully, meaning that an acknowledgement is not received from the handler, then it will be retried with exponential backoff according to the settings - -`retry_count` -: The number of attempts that the system will make to run a job using the exponential backoff procedure described by maxDoublings. Values greater than 5 and negative values are not allowed. - -`max_retry_duration` -: The time limit for retrying a failed job, measured from time when an execution was first attempted. If specified with retryCount, the job will be retried until both limits are reached. A duration in seconds with up to nine fractional digits, terminated by 's'. - -`min_backoff_duration` -: The minimum amount of time to wait before retrying a job after it fails. A duration in seconds with up to nine fractional digits, terminated by 's'. - -`max_backoff_duration` -: The maximum amount of time to wait before retrying a job after it fails. A duration in seconds with up to nine fractional digits, terminated by 's'. - -`max_doublings` -: The time between retries will double maxDoublings times. A job's retry interval starts at minBackoffDuration, then doubles maxDoublings times, then increases linearly, and finally retries retries at intervals of maxBackoffDuration up to retryCount times. - -`pubsub_target` -: Pub/Sub target If the job providers a Pub/Sub target the cron will publish a message to the provided topic - -`topic_name` -: The full resource name for the Cloud Pub/Sub topic to which messages will be published when a job is delivered. - - {{< note spaces=2 >}} - The topic name must be in the same format as required by PubSub's PublishRequest.name, e.g. `projects/my-project/topics/my-topic`. - {{< /note >}} - -`data` -: The message payload for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute. - -`attributes` -: Attributes for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute. - -`app_engine_http_target` -: App Engine HTTP target. If the job providers a App Engine HTTP target the cron will send a request to the service instance - -`http_method` -: Which HTTP method to use for the request. - -`app_engine_routing` -: App Engine Routing setting for the job. - - `service` - : App service. By default, the job is sent to the service which is the default service when the job is attempted. - - `version` - : App version. By default, the job is sent to the version which is the default version when the job is attempted. - - `instance` - : App instance. By default, the job is sent to an instance which is available when the job is attempted. - -`relative_uri` -: The relative URI. The relative URL must begin with "/" and must be a valid HTTP relative URL. It can contain a path, query string arguments, and \# fragments. If the relative URL is empty, then the root path "/" will be used. No spaces are allowed, and the maximum length allowed is 2083 characters - -`body` -: HTTP request body. A request body is allowed only if the HTTP method is POST or PUT. It will result in invalid argument error to set a body on a job with an incompatible HttpMethod. - -`headers` -: HTTP request headers. This map contains the header field names and values. Headers can be set when the job is created. - -`http_target` -: HTTP target. If the job providers a http_target the cron will send a request to the targeted url - -`uri` -: The full URI path that the request will be sent to. - -`http_method` -: Which HTTP method to use for the request. - -`body` -: HTTP request body. A request body is allowed only if the HTTP method is POST, PUT, or PATCH. It is an error to set body on a job with an incompatible HttpMethod. - -`headers` -: This map contains the header field names and values. Repeated headers are not supported, but a header value can contain commas. - -`oauth_token` -: Contains information needed for generating an OAuth token. This type of authorization should be used when sending requests to a GCP endpoint. - - `service_account_email` - : Service account email to be used for generating OAuth token. The service account must be within the same project as the job. - - `scope` - : OAuth scope to be used for generating OAuth access token. If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. - -`oidc_token` -: Contains information needed for generating an OpenID Connect token. This type of authorization should be used when sending requests to third party endpoints or Cloud Run. - -`service_account_email` -: Service account email to be used for generating OAuth token. The service account must be within the same project as the job. - - `audience` - : Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used. - -`region` -: Region where the scheduler job resides - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloud_scheduler_jobs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloud_scheduler_jobs.md deleted file mode 100644 index d4f85045d4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloud_scheduler_jobs.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "google_cloud_scheduler_jobs resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_cloud_scheduler_jobs" - identifier = "inspec/resources/gcp/google_cloud_scheduler_jobs.md google_cloud_scheduler_jobs resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_cloud_scheduler_jobs` is used to test a Google Job resource - -## Examples - -```ruby -google_cloud_scheduler_jobs(project: 'chef-gcp-inspec', region: ).names.each do |name| - describe google_cloud_scheduler_job(project: 'chef-gcp-inspec', region: us-central1, name: name) do - it { should exist } - - its('description') { should cmp 'A description' } - its('schedule') { should cmp '*/8 * * * *' } - its('time_zone') { should cmp 'America/New_York' } - its('http_target.http_method') { should cmp 'POST' } - its('http_target.uri') { should cmp 'https://example.com/ping' } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_cloud_scheduler_jobs` resource: - -See the [google_cloud_scheduler_job](/inspec/resources/google_cloud_scheduler_job/#properties) resource for more information. - -`names` -: an array of `google_cloud_scheduler_job` name - -`descriptions` -: an array of `google_cloud_scheduler_job` description - -`schedules` -: an array of `google_cloud_scheduler_job` schedule - -`time_zones` -: an array of `google_cloud_scheduler_job` time_zone - -`attempt_deadlines` -: an array of `google_cloud_scheduler_job` attempt_deadline - -`retry_configs` -: an array of `google_cloud_scheduler_job` retry_config - -`pubsub_targets` -: an array of `google_cloud_scheduler_job` pubsub_target - -`app_engine_http_targets` -: an array of `google_cloud_scheduler_job` app_engine_http_target - -`http_targets` -: an array of `google_cloud_scheduler_job` http_target - -`regions` -: an array of `google_cloud_scheduler_job` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudbuild_trigger.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudbuild_trigger.md deleted file mode 100644 index 5c462d1e06..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudbuild_trigger.md +++ /dev/null @@ -1,175 +0,0 @@ -+++ -title = "google_cloudbuild_trigger resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_cloudbuild_trigger" - identifier = "inspec/resources/gcp/google_cloudbuild_trigger.md google_cloudbuild_trigger resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_cloudbuild_trigger` is used to test a Google Trigger resource - -## Examples - -```ruby -describe google_cloudbuild_triggers(project: 'chef-gcp-inspec') do - its('count') { should eq 1 } -end - -google_cloudbuild_triggers(project: 'chef-gcp-inspec').ids.each do |id| - describe google_cloudbuild_trigger(project: 'chef-gcp-inspec', id: id) do - its('filename') { should eq 'cloudbuild.yaml' } - its('trigger_template.branch_name') { should eq 'trigger-branch' } - its('trigger_template.repo_name') { should eq 'trigger-repo' } - its('trigger_template.project_id') { should eq 'trigger-project' } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_cloudbuild_trigger` resource: - -`id` -: The unique identifier for the trigger. - -`name` -: Name of the trigger. Must be unique within the project. - -`description` -: Human-readable description of the trigger. - -`disabled` -: Whether the trigger is disabled or not. If true, the trigger will never result in a build. - -`create_time` -: Time when the trigger was created. - -`substitutions` -: Substitutions data for Build resource. - -`filename` -: Path, from the source root, to a file whose contents is used for the template. Either a filename or build template must be provided. - -`ignored_files` -: ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for `**`. If ignoredFiles and changed files are both empty, then they are not used to determine whether or not to trigger a build. If ignoredFiles is not empty, then we ignore any files that match any of the ignored_file globs. If the change has no files that are outside of the ignoredFiles globs, then we do not trigger a build. - -`included_files` -: ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for `**`. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is empty, then as far as this filter is concerned, we should trigger the build. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is not empty, then we make sure that at least one of those files matches a includedFiles glob. If not, then we do not trigger a build. - -`trigger_template` -: Template describing the types of source changes to trigger a build. Branch and tag names in trigger templates are interpreted as regular expressions. Any branch or tag change that matches that regular expression will trigger a build. - - `project_id` - : ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed. - - `repo_name` - : Name of the Cloud Source Repository. If omitted, the name "default" is assumed. - - `dir` - : Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution. - - `branch_name` - : Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. This field is a regular expression. - - `tag_name` - : Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. This field is a regular expression. - - `commit_sha` - : Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided. - -`github` -: (Beta only) Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - `owner` - : Owner of the repository. For example: The owner for https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - - `name` - : Name of the repository. For example: The name for https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". - - `pull_request` - : filter to match changes in pull requests. Specify only one of pullRequest or push. - - `branch` - : Regex of branches to match. - - `comment_control` - : Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. - - Possible values: - - - COMMENTS_DISABLED - - COMMENTS_ENABLED - - `push` - : filter to match changes in refs, like branches or tags. Specify only one of pullRequest or push. - - `branch` - : Regex of branches to match. Specify only one of branch or tag. - - `tag` - : Regex of tags to match. Specify only one of branch or tag. - -`build` -: Contents of the build template. Either a filename or build template must be provided. - - `tags` - : Tags for annotation of a Build. These are not docker tags. - - `images` - : A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build status is marked FAILURE. - - `timeout` - : Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s). - - `steps` - : The operations to be performed on the workspace. - - `name` - : The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps shown [here](https://github.com/GoogleCloudPlatform/cloud-builders). The Docker daemon will also have cached many of the layers for some popular images, like "ubuntu", "debian", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step. - - `args` - : A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the args are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments. - - `env` - : A list of environment variable definitions to be used when running a step. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - - `id` - : Unique identifier for this build step, used in `wait_for` to reference this build step as a dependency. - - `entrypoint` - : Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used - - `dir` - : Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a `volume` for that path is specified. If the build specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies an absolute path, the `RepoSource` `dir` is ignored for the step's execution. - - `secret_env` - : A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`. - - `timeout` - : Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out. - - `timing` - : Output only. Stores timing information for executing this build step. - - `volumes` - : List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration. - - `name` - : Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps. - - `path` - : Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths. - - `wait_for` - : The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in `wait_for` have completed successfully. If `wait_for` is empty, this build step will start when all previous build steps in the `Build.Steps` list have completed successfully. - -## GCP Permissions - -Ensure the [Cloud Build API](https://console.cloud.google.com/apis/library/cloudbuild.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudbuild_triggers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudbuild_triggers.md deleted file mode 100644 index 2b03fa4d5d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudbuild_triggers.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "google_cloudbuild_triggers resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_cloudbuild_triggers" - identifier = "inspec/resources/gcp/google_cloudbuild_triggers.md google_cloudbuild_triggers resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_cloudbuild_triggers` is used to test a Google Trigger resource - -## Examples - -```ruby -describe google_cloudbuild_triggers(project: 'chef-gcp-inspec') do - its('count') { should eq 1 } -end - -google_cloudbuild_triggers(project: 'chef-gcp-inspec').ids.each do |id| - describe google_cloudbuild_trigger(project: 'chef-gcp-inspec', id: id) do - its('filename') { should eq 'cloudbuild.yaml' } - its('trigger_template.branch_name') { should eq 'trigger-branch' } - its('trigger_template.repo_name') { should eq 'trigger-repo' } - its('trigger_template.project_id') { should eq 'trigger-project' } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_cloudbuild_triggers` resource: - -See the [google_cloudbuild_trigger](/inspec/resources/google_cloudbuild_trigger/#properties) resource for more information. - -`ids` -: an array of `google_cloudbuild_trigger` id - -`names` -: an array of `google_cloudbuild_trigger` name - -`descriptions` -: an array of `google_cloudbuild_trigger` description - -`disableds` -: an array of `google_cloudbuild_trigger` disabled - -`create_times` -: an array of `google_cloudbuild_trigger` create_time - -`substitutions` -: an array of `google_cloudbuild_trigger` substitutions - -`filenames` -: an array of `google_cloudbuild_trigger` filename - -`ignored_files` -: an array of `google_cloudbuild_trigger` ignored_files - -`included_files` -: an array of `google_cloudbuild_trigger` included_files - -`trigger_templates` -: an array of `google_cloudbuild_trigger` trigger_template - -`githubs` -: (Beta only) an array of `google_cloudbuild_trigger` github - -`builds` -: an array of `google_cloudbuild_trigger` build - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Build API](https://console.cloud.google.com/apis/library/cloudbuild.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudfunctions_cloud_function.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudfunctions_cloud_function.md deleted file mode 100644 index 8e6fd5888c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudfunctions_cloud_function.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "google_cloudfunctions_cloud_function resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_cloudfunctions_cloud_function" - identifier = "inspec/resources/gcp/google_cloudfunctions_cloud_function.md google_cloudfunctions_cloud_function resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_cloudfunctions_cloud_function` is used to test a Google CloudFunction resource - -## Examples - -```ruby -describe google_cloudfunctions_cloud_function(project: 'chef-gcp-inspec', location: 'europe-west1', name: 'inspec-gcp-function') do - it { should exist } - its('description') { should eq 'A description of the function' } - its('available_memory_mb') { should eq '128' } - its('https_trigger.url') { should match /\/inspec-gcp-function$/ } - its('entry_point') { should eq 'hello' } - its('environment_variables') { should include('MY_ENV_VAR' => 'val1') } -end - -describe google_cloudfunctions_cloud_function(project: 'chef-gcp-inspec', location: 'europe-west1', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_cloudfunctions_cloud_function` resource: - -`name` -: A user-defined name of the function. Function names must be unique globally and match pattern `projects/*/locations/*/functions/*`. - -`description` -: User-provided description of a function. - -`status` -: Status of the function deployment. - - Possible values: - - - CLOUD_FUNCTION_STATUS_UNSPECIFIED - - ACTIVE - - OFFLINE - - DEPLOY_IN_PROGRESS - - DELETE_IN_PROGRESS - - UNKNOWN - -`entry_point` -: The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location. - -`runtime` -: The runtime in which the function is going to run. If empty, defaults to Node.js 6. - -`timeout` -: The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds. - -`available_memory_mb` -: The amount of memory in MB available for a function. - -`service_account_email` -: The email of the service account for this function. - -`update_time` -: The last update timestamp of a Cloud Function - -`version_id` -: The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created. - -`labels` -: A set of key/value label pairs associated with this Cloud Function. - -`environment_variables` -: Environment variables that shall be available during function execution. - -`source_archive_url` -: The Google Cloud Storage URL, starting with gs://, pointing to the zip archive which contains the function. - -`source_upload_url` -: The Google Cloud Storage signed URL used for source uploading. - -`source_repository` -: The source repository where a function is hosted. - - `url` - : The URL pointing to the hosted repository where the function is defined - - `deployed_url` - : The URL pointing to the hosted repository where the function were defined at the time of deployment. - -`https_trigger` -: An HTTPS endpoint type of source that can be triggered via URL. - - `url` - : The deployed url for the function. - -`event_trigger` -: An HTTPS endpoint type of source that can be triggered via URL. - - `event_type` - : The type of event to observe. For example: `providers/cloud.storage/eventTypes/object.change` and `providers/cloud.pubsub/eventTypes/topic.publish`. - - `resource` - : The resource(s) from which to observe events, for example, `projects/_/buckets/myBucket.` - - `service` - : The hostname of the service that should be observed. - -`location` -: The location of this cloud function. - -## GCP Permissions - -Ensure the [Cloud Functions API](https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudfunctions_cloud_functions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudfunctions_cloud_functions.md deleted file mode 100644 index dc7d3cb500..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_cloudfunctions_cloud_functions.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "google_cloudfunctions_cloud_functions resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_cloudfunctions_cloud_functions" - identifier = "inspec/resources/gcp/google_cloudfunctions_cloud_functions.md google_cloudfunctions_cloud_functions resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_cloudfunctions_cloud_functions` is used to test a Google CloudFunction resource - -## Examples - -```ruby -describe google_cloudfunctions_cloud_functions(project: 'chef-gcp-inspec', location: 'europe-west1') do - its('descriptions') { should include 'A description of the function' } - its('entry_points') { should include 'hello' } -end -``` - -## Properties - -Properties that can be accessed from the `google_cloudfunctions_cloud_functions` resource: - -See the [google_cloudfunctions_cloud_function](/inspec/resources/google_cloudfunctions_cloud_function/#properties) resource for more information. - -`names` -: an array of `google_cloudfunctions_cloud_function` name - -`descriptions` -: an array of `google_cloudfunctions_cloud_function` description - -`statuses` -: an array of `google_cloudfunctions_cloud_function` status - -`entry_points` -: an array of `google_cloudfunctions_cloud_function` entry_point - -`runtimes` -: an array of `google_cloudfunctions_cloud_function` runtime - -`timeouts` -: an array of `google_cloudfunctions_cloud_function` timeout - -`available_memory_mbs` -: an array of `google_cloudfunctions_cloud_function` available_memory_mb - -`service_account_emails` -: an array of `google_cloudfunctions_cloud_function` service_account_email - -`update_times` -: an array of `google_cloudfunctions_cloud_function` update_time - -`version_ids` -: an array of `google_cloudfunctions_cloud_function` version_id - -`labels` -: an array of `google_cloudfunctions_cloud_function` labels - -`environment_variables` -: an array of `google_cloudfunctions_cloud_function` environment_variables - -`source_archive_urls` -: an array of `google_cloudfunctions_cloud_function` source_archive_url - -`source_upload_urls` -: an array of `google_cloudfunctions_cloud_function` source_upload_url - -`source_repositories` -: an array of `google_cloudfunctions_cloud_function` source_repository - -`https_triggers` -: an array of `google_cloudfunctions_cloud_function` https_trigger - -`event_triggers` -: an array of `google_cloudfunctions_cloud_function` event_trigger - -`locations` -: an array of `google_cloudfunctions_cloud_function` location - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Functions API](https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_address.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_address.md deleted file mode 100644 index bf58cedfb6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_address.md +++ /dev/null @@ -1,129 +0,0 @@ -+++ -title = "google_compute_address resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_address" - identifier = "inspec/resources/gcp/google_compute_address.md google_compute_address resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_address` is used to test a Google Address resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_address(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'inspec-gcp-global-address') do - it { should exist } - its('address') { should eq '10.2.0.3' } - its('address_type') { should eq 'INTERNAL' } - its('user_count') { should eq 0 } -end - -describe google_compute_address(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute address IP exists - - describe google_compute_address(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do - its('address_ip_exists') { should be true } - end - -### Test that a GCP compute address is in a particular status - - describe google_compute_address(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do - its('status') { should eq "IN_USE" } - end - -### Test that a GCP compute address IP has the expected number of users - - describe google_compute_address(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do - its('user_count') { should eq 1 } - end - -### Test that the first user of a GCP compute address has the expected resource name - - describe google_compute_address(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do - its('user_resource_name') { should eq "gcp_ext_vm_name" } - end - -## Properties - -Properties that can be accessed from the `google_compute_address` resource: - -`address` -: The static external IP address represented by this resource. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any. - -`address_type` -: The type of address to reserve. - - Possible values: - - - INTERNAL - - EXTERNAL - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`purpose` -: The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. This should only be set when using an Internal address. - - Possible values: - - - GCE_ENDPOINT - -`network_tier` -: The networking tier used for configuring this address. If this field is not specified, it is assumed to be PREMIUM. - - Possible values: - - - PREMIUM - - STANDARD - -`subnetwork` -: The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes. - -`users` -: The URLs of the resources that are using this address. - -`labels` -: (Beta only) Labels to apply to this address. A list of key->value pairs. - -`label_fingerprint` -: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`status` -: The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available. - - Possible values: - - - RESERVING - - RESERVED - - IN_USE - -`region` -: URL of the region where the regional address resides. This field is not applicable to global addresses. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_addresses.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_addresses.md deleted file mode 100644 index 0311a425de..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_addresses.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "google_compute_addresses resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_addresses" - identifier = "inspec/resources/gcp/google_compute_addresses.md google_compute_addresses resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_addresses` is used to test a Google Address resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_addresses(project: 'chef-gcp-inspec', location: 'europe-west2') do - its('addresses') { should include '10.2.0.3' } - its('names') { should include 'inspec-gcp-global-address' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_addresses` resource: - -See the [google_compute_address](/inspec/resources/google_compute_address/#properties) resource for more information. - -`addresses` -: an array of `google_compute_address` address - -`address_types` -: an array of `google_compute_address` address_type - -`creation_timestamps` -: an array of `google_compute_address` creation_timestamp - -`descriptions` -: an array of `google_compute_address` description - -`ids` -: an array of `google_compute_address` id - -`names` -: an array of `google_compute_address` name - -`purposes` -: an array of `google_compute_address` purpose - -`network_tiers` -: an array of `google_compute_address` network_tier - -`subnetworks` -: an array of `google_compute_address` subnetwork - -`users` -: an array of `google_compute_address` users - -`labels` -: (Beta only) an array of `google_compute_address` labels - -`label_fingerprints` -: (Beta only) an array of `google_compute_address` label_fingerprint - -`statuses` -: an array of `google_compute_address` status - -`regions` -: an array of `google_compute_address` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_autoscaler.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_autoscaler.md deleted file mode 100644 index b9f2b6291f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_autoscaler.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "google_compute_autoscaler resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_autoscaler" - identifier = "inspec/resources/gcp/google_compute_autoscaler.md google_compute_autoscaler resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_autoscaler` is used to test a Google Autoscaler resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_autoscaler(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-gcp-autoscaler') do - it { should exist } - - its('target') { should match /\/inspec-gcp-igm$/ } - its('autoscaling_policy.max_num_replicas') { should eq '5' } - its('autoscaling_policy.min_num_replicas') { should eq '1' } - its('autoscaling_policy.cool_down_period_sec') { should eq '60' } - its('autoscaling_policy.cpu_utilization.utilization_target') { should eq '0.5' } -end - -describe google_compute_autoscaler(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_autoscaler` resource: - -`id` -: Unique identifier for the resource. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`name` -: Name of the resource. The name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`description` -: An optional description of this resource. - -`autoscaling_policy` -: The configuration parameters for the autoscaling algorithm. You can define one or more of the policies for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization. If none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%. - - `min_num_replicas` - : The minimum number of replicas that the autoscaler can scale down to. This cannot be less than 0. If not provided, autoscaler will choose a default value depending on maximum number of instances allowed. - - `max_num_replicas` - : The maximum number of instances that the autoscaler can scale up to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas. - - `cool_down_period_sec` - : The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds. Virtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process. - - `cpu_utilization` - : Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group. - - `utilization_target` - : The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization. - - `custom_metric_utilizations` - : Configuration parameters of autoscaling based on a custom metric. - - `metric` - : The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values. The metric must have a value type of INT64 or DOUBLE. - - `single_instance_assignment` - : (Beta only) If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. The autoscaler will keep the number of instances proportional to the value of this metric, the metric itself should not change value due to group resizing. For example, a good metric to use with the target is `pubsub.googleapis.com/subscription/num_undelivered_messages` or a custom metric exporting the total number of requests coming to your instances. A bad example would be a metric exporting an average or median latency, since this value can't include a chunk assignable to a single instance, it could be better used with utilization_target instead. - - `utilization_target` - : The target value of the metric that autoscaler should maintain. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric. For example, a good metric to use as a utilizationTarget is www.googleapis.com/compute/instance/network/received_bytes_count. The autoscaler will work to keep this value constant for each of the instances. - - `utilization_target_type` - : Defines how target utilization value is expressed for a Stackdriver Monitoring metric. - - Possible values: - - - GAUGE - - DELTA_PER_SECOND - - DELTA_PER_MINUTE - - `filter` - : (Beta only) A filter string to be used as the filter string for a Stackdriver Monitoring TimeSeries.list API call. This filter is used to select a specific TimeSeries for the purpose of autoscaling and to determine whether the metric is exporting per-instance or per-group data. You can only use the AND operator for joining selectors. You can only use direct equality comparison operator (=) without any functions for each selector. You can specify the metric in both the filter string and in the metric field. However, if specified in both places, the metric must be identical. The monitored resource type determines what kind of values are expected for the metric. If it is a gce_instance, the autoscaler expects the metric to include a separate TimeSeries for each instance in a group. In such a case, you cannot filter on resource labels. If the resource type is any other value, the autoscaler expects this metric to contain values that apply to the entire autoscaled instance group and resource label filtering can be performed to point autoscaler at the correct TimeSeries to scale upon. This is called a per-group metric for the purpose of autoscaling. If not specified, the type defaults to gce_instance. You should provide a filter that is selective enough to pick just one TimeSeries for the autoscaled group or for each of the instances (if you are using gce_instance resource type). If multiple TimeSeries are returned upon the query execution, the autoscaler will sum their respective values to obtain its scaling value. - - `load_balancing_utilization` - : Configuration parameters of autoscaling based on a load balancer. - - `utilization_target` - : Fraction of backend capacity utilization (set in HTTP(s) load balancing configuration) that autoscaler should maintain. Must be a positive float value. If not defined, the default is 0.8. - -`target` -: URL of the managed instance group that this autoscaler will scale. - -`zone` -: URL of the zone where the instance group resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_autoscalers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_autoscalers.md deleted file mode 100644 index fdde9c0c58..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_autoscalers.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_compute_autoscalers resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_autoscalers" - identifier = "inspec/resources/gcp/google_compute_autoscalers.md google_compute_autoscalers resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_autoscalers` is used to test a Google Autoscaler resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -autoscalers = google_compute_autoscalers(project: 'chef-gcp-inspec', zone: 'zone') -describe.one do - autoscalers.autoscaling_policies.each do |autoscaling_policy| - describe autoscaling_policy do - its('max_num_replicas') { should eq '5' } - its('min_num_replicas') { should eq '1' } - its('cool_down_period_sec') { should eq '60' } - its('cpu_utilization.utilization_target') { should eq '0.5' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_autoscalers` resource: - -See the [google_compute_autoscaler](/inspec/resources/google_compute_autoscaler/#properties) resource for more information. - -`ids` -: an array of `google_compute_autoscaler` id - -`creation_timestamps` -: an array of `google_compute_autoscaler` creation_timestamp - -`names` -: an array of `google_compute_autoscaler` name - -`descriptions` -: an array of `google_compute_autoscaler` description - -`autoscaling_policies` -: an array of `google_compute_autoscaler` autoscaling_policy - -`targets` -: an array of `google_compute_autoscaler` target - -`zones` -: an array of `google_compute_autoscaler` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_bucket.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_bucket.md deleted file mode 100644 index a7c4a79067..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_bucket.md +++ /dev/null @@ -1,67 +0,0 @@ -+++ -title = "google_compute_backend_bucket resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_backend_bucket" - identifier = "inspec/resources/gcp/google_compute_backend_bucket.md google_compute_backend_bucket resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_backend_bucket` is used to test a Google BackendBucket resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_backend_bucket(project: 'chef-gcp-inspec', name: 'inspec-gcp-backend-bucket') do - it { should exist } - its('description') { should eq 'Backend bucket example' } - its('enable_cdn') { should be 'true' } - its('bucket_name') { should eq 'gcp-inspec-storage-bucket' } -end - -describe google_compute_backend_bucket(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_backend_bucket` resource: - -`bucket_name` -: Cloud Storage bucket name. - -`cdn_policy` -: Cloud CDN configuration for this Backend Bucket. - - `signed_url_cache_max_age_sec` - : Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional textual description of the resource; provided by the client when the resource is created. - -`enable_cdn` -: If true, enable Cloud CDN for this BackendBucket. - -`id` -: Unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_buckets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_buckets.md deleted file mode 100644 index 50127fedd4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_buckets.md +++ /dev/null @@ -1,65 +0,0 @@ -+++ -title = "google_compute_backend_buckets resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_backend_buckets" - identifier = "inspec/resources/gcp/google_compute_backend_buckets.md google_compute_backend_buckets resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_backend_buckets` is used to test a Google BackendBucket resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_backend_buckets(project: 'chef-gcp-inspec', name: 'inspec-gcp-backend-bucket') do - its('descriptions') { should include 'Backend bucket example' } - its('bucket_names') { should include 'gcp-inspec-storage-bucket' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_backend_buckets` resource: - -See the [google_compute_backend_bucket](/inspec/resources/google_compute_backend_bucket/#properties) resource for more information. - -`bucket_names` -: an array of `google_compute_backend_bucket` bucket_name - -`cdn_policies` -: an array of `google_compute_backend_bucket` cdn_policy - -`creation_timestamps` -: an array of `google_compute_backend_bucket` creation_timestamp - -`descriptions` -: an array of `google_compute_backend_bucket` description - -`enable_cdns` -: an array of `google_compute_backend_bucket` enable_cdn - -`ids` -: an array of `google_compute_backend_bucket` id - -`names` -: an array of `google_compute_backend_bucket` name - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_service.md deleted file mode 100644 index c4953d3ada..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_service.md +++ /dev/null @@ -1,324 +0,0 @@ -+++ -title = "google_compute_backend_service resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_backend_service" - identifier = "inspec/resources/gcp/google_compute_backend_service.md google_compute_backend_service resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_backend_service` is used to test a Google BackendService resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_backend_service(project: 'chef-gcp-inspec', name: 'inspec-gcp-backend-service') do - it { should exist } - its('description') { should eq 'A description' } - its('port_name') { should eq 'http' } - its('protocol') { should eq 'HTTP' } - its('timeout_sec') { should eq '10' } - its('enable_cdn') { should eq 'true' } -end - -describe google_compute_backend_service(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_backend_service` resource: - -`affinity_cookie_ttl_sec` -: Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used. - -`backends` -: The set of backends that serve this BackendService. - - `balancing_mode` - : Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL). - - Possible values: - - - UTILIZATION - - RATE - - CONNECTION - - `capacity_scaler` - : A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0]. - - `description` - : An optional description of this resource. Provide this property when you create the resource. - - `group` - : The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL. - - `max_connections` - : The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set. - - `max_connections_per_instance` - : The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set. - - `max_connections_per_endpoint` - : The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set. - - `max_rate` - : The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set. - - `max_rate_per_instance` - : The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set. - - `max_rate_per_endpoint` - : The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set. - - `max_utilization` - : Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0]. - -`circuit_breakers` -: Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - - `connect_timeout` - : (Beta only) The timeout for new network connections to hosts. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - `max_requests_per_connection` - : Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive. - - `max_connections` - : The maximum number of connections to the backend cluster. Defaults to 1024. - - `max_pending_requests` - : The maximum number of pending requests to the backend cluster. Defaults to 1024. - - `max_requests` - : The maximum number of parallel requests to the backend cluster. Defaults to 1024. - - `max_retries` - : The maximum number of parallel retries to the backend cluster. Defaults to 3. - -`consistent_hash` -: Consistent Hash --based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. - - `http_cookie` - : Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - - `ttl` - : Lifetime of the cookie. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - `name` - : Name of the cookie. - - `path` - : Path to set for the cookie. - - `http_header_name` - : The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD. - - `minimum_ring_size` - : The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024. - -`cdn_policy` -: Cloud CDN configuration for this BackendService. - - `cache_key_policy` - : The CacheKeyPolicy for this CdnPolicy. - - `include_host` - : If true requests to different hosts will be cached separately. - - `include_protocol` - : If true, http and https requests will be cached separately. - - `include_query_string` - : If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely. - - `query_string_blacklist` - : Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters. - - `query_string_whitelist` - : Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters. - - `signed_url_cache_max_age_sec` - : Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered. - -`connection_draining` -: Settings for connection draining - - `draining_timeout_sec` - : Time for which instance will be drained (not accept new connections, but still work to finish started). - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`custom_request_headers` -: Headers that the HTTP/S load balancer should add to proxied requests. - -`fingerprint` -: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. - -`description` -: An optional description of this resource. - -`enable_cdn` -: If true, enable Cloud CDN for this BackendService. - -`health_checks` -: The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified, and a health check is required. For internal load balancing, a URL to a HealthCheck resource must be specified instead. - -`id` -: The unique identifier for the resource. - -`iap` -: Settings for enabling Cloud Identity Aware Proxy - - `enabled` - : Enables IAP. - - `oauth2_client_id` - : OAuth2 Client ID for IAP - - `oauth2_client_secret` - : OAuth2 Client Secret for IAP - - `oauth2_client_secret_sha256` - : OAuth2 Client Secret SHA-256 for IAP - -`load_balancing_scheme` -: Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. - - Possible values: - - - EXTERNAL - - INTERNAL_SELF_MANAGED - -`locality_lb_policy` -: The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - - Possible values: - - - ROUND_ROBIN - - LEAST_REQUEST - - RING_HASH - - RANDOM - - ORIGINAL_DESTINATION - - MAGLEV - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`outlier_detection` -: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - - `base_ejection_time` - : The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - - `consecutive_errors` - : Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5. - - `consecutive_gateway_failure` - : The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5. - - `enforcing_consecutive_errors` - : The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. - - `enforcing_consecutive_gateway_failure` - : The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0. - - `enforcing_success_rate` - : The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. - - `interval` - : Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - - `max_ejection_percent` - : Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%. - - `success_rate_minimum_hosts` - : The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5. - - `success_rate_request_volume` - : The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100. - - `success_rate_stdev_factor` - : This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. - -`port_name` -: Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL. - -`protocol` -: The protocol this BackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. - - Possible values: - - - HTTP - - HTTPS - - HTTP2 - - TCP - - SSL - -`security_policy` -: The security policy associated with this backend service. - -`session_affinity` -: Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - - Possible values: - - - NONE - - CLIENT_IP - - CLIENT_IP_PORT_PROTO - - CLIENT_IP_PROTO - - GENERATED_COOKIE - - HEADER_FIELD - - HTTP_COOKIE - -`timeout_sec` -: How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400]. - -`log_config` -: This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. - - `enable` - : Whether to enable logging for the load balancer traffic served by this backend service. - - `sample_rate` - : This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_services.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_services.md deleted file mode 100644 index d89b990c8c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_backend_services.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "google_compute_backend_services resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_backend_services" - identifier = "inspec/resources/gcp/google_compute_backend_services.md google_compute_backend_services resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_backend_services` is used to test a Google BackendService resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_backend_services(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('names') { should include 'inspec-gcp-backend-service' } - its('port_names') { should include 'http' } - its('protocols') { should include 'HTTP' } - its('timeout_secs') { should include '10' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_backend_services` resource: - -See the [google_compute_backend_service](/inspec/resources/google_compute_backend_service/#properties) resource for more information. - -`affinity_cookie_ttl_secs` -: an array of `google_compute_backend_service` affinity_cookie_ttl_sec - -`backends` -: an array of `google_compute_backend_service` backends - -`circuit_breakers` -: an array of `google_compute_backend_service` circuit_breakers - -`consistent_hashes` -: an array of `google_compute_backend_service` consistent_hash - -`cdn_policies` -: an array of `google_compute_backend_service` cdn_policy - -`connection_drainings` -: an array of `google_compute_backend_service` connection_draining - -`creation_timestamps` -: an array of `google_compute_backend_service` creation_timestamp - -`custom_request_headers` -: an array of `google_compute_backend_service` custom_request_headers - -`fingerprints` -: an array of `google_compute_backend_service` fingerprint - -`descriptions` -: an array of `google_compute_backend_service` description - -`enable_cdns` -: an array of `google_compute_backend_service` enable_cdn - -`health_checks` -: an array of `google_compute_backend_service` health_checks - -`ids` -: an array of `google_compute_backend_service` id - -`iaps` -: an array of `google_compute_backend_service` iap - -`load_balancing_schemes` -: an array of `google_compute_backend_service` load_balancing_scheme - -`locality_lb_policies` -: an array of `google_compute_backend_service` locality_lb_policy - -`names` -: an array of `google_compute_backend_service` name - -`outlier_detections` -: an array of `google_compute_backend_service` outlier_detection - -`port_names` -: an array of `google_compute_backend_service` port_name - -`protocols` -: an array of `google_compute_backend_service` protocol - -`security_policies` -: an array of `google_compute_backend_service` security_policy - -`session_affinities` -: an array of `google_compute_backend_service` session_affinity - -`timeout_secs` -: an array of `google_compute_backend_service` timeout_sec - -`log_configs` -: an array of `google_compute_backend_service` log_config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_disk.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_disk.md deleted file mode 100644 index 68617e0c6b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_disk.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "google_compute_disk resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_disk" - identifier = "inspec/resources/gcp/google_compute_disk.md google_compute_disk resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_disk` is used to test a Google Disk resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -most_recent_image = google_compute_image(project: 'debian-cloud', name: 'debian-10-buster-v20191014') - -describe google_compute_disk(project: 'chef-gcp-inspec', name: 'inspec-snapshot-disk', zone: 'zone') do - it { should exist } - # Test that the image is the most recent image for the family - its('source_image') { should match most_recent_image.self_link } - its('type') { should match 'pd-standard' } -end - -describe.one do - google_compute_disk(project: 'chef-gcp-inspec', name: 'inspec-snapshot-disk', zone: 'zone').labels.each_pair do |key, value| - describe key do - it { should cmp "environment" } - end - end -end - -describe google_compute_disk(project: 'chef-gcp-inspec', name: 'nonexistent', zone: 'zone') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_disk` resource: - -`label_fingerprint` -: The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: The unique identifier for the resource. - -`last_attach_timestamp` -: Last attach timestamp in RFC3339 text format. - -`last_detach_timestamp` -: Last detach timestamp in RFC3339 text format. - -`labels` -: Labels to apply to this disk. A list of key->value pairs. - -`licenses` -: Any applicable publicly visible licenses. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`size_gb` -: Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the sourceImage or sourceSnapshot parameter, or specify it alone to create an empty persistent disk. If you specify this field along with sourceImage or sourceSnapshot, the value of sizeGb must not be less than the size of the sourceImage or the size of the snapshot. - -`users` -: Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance - -`physical_block_size_bytes` -: Physical block size of the persistent disk, in bytes. If not present in a request, a default value is used. Currently supported sizes are 4096 and 16384, other sizes may be added in the future. If an unsupported value is requested, the error message will list the supported values for the caller's project. - -`type` -: URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk. - -`source_image` -: The source image used to create this disk. If the source image is deleted, this field will not be set. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image: projects/debian-cloud/global/images/family/debian-8 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD To create a disk with a private image that you created, specify the image name in the following format: global/images/my-private-image You can also specify a private image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-private-family - -`resource_policies` -: (Beta only) Resource policies applied to this disk for automatic snapshot creations. - -`zone` -: A reference to the zone where the disk resides. - -`source_image_encryption_key` -: The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `kms_key_name` - : The name of the encryption key that is stored in Google Cloud KMS. - -`source_image_id` -: The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used. - -`disk_encryption_key` -: Encrypts the disk using a customer-supplied encryption key. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of the disk. If you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `kms_key_name` - : The name of the encryption key that is stored in Google Cloud KMS. Your project's Compute Engine System service account (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. - -`source_snapshot` -: The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. If the snapshot is in another project than this disk, you must supply a full URL. For example, the following are valid values: - - `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` - - `projects/project/global/snapshots/snapshot` - - `global/snapshots/snapshot` - -`source_snapshot_encryption_key` -: The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `kms_key_name` - : The name of the encryption key that is stored in Google Cloud KMS. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - -`source_snapshot_id` -: The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_disks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_disks.md deleted file mode 100644 index 842c948d88..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_disks.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "google_compute_disks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_disks" - identifier = "inspec/resources/gcp/google_compute_disks.md google_compute_disks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_disks` is used to test a Google Disk resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -most_recent_image = google_compute_image(project: 'debian-cloud', name: 'debian-10-buster-v20191014') -describe google_compute_disks(project: 'chef-gcp-inspec', zone: 'zone') do - it { should exist } - its('names') { should include 'inspec-snapshot-disk' } - its('source_images') { should include most_recent_image.self_link } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_disks` resource: - -See the [google_compute_disk](/inspec/resources/google_compute_disk/#properties) resource for more information. - -`label_fingerprints` -: an array of `google_compute_disk` label_fingerprint - -`creation_timestamps` -: an array of `google_compute_disk` creation_timestamp - -`descriptions` -: an array of `google_compute_disk` description - -`ids` -: an array of `google_compute_disk` id - -`last_attach_timestamps` -: an array of `google_compute_disk` last_attach_timestamp - -`last_detach_timestamps` -: an array of `google_compute_disk` last_detach_timestamp - -`labels` -: an array of `google_compute_disk` labels - -`licenses` -: an array of `google_compute_disk` licenses - -`names` -: an array of `google_compute_disk` name - -`size_gbs` -: an array of `google_compute_disk` size_gb - -`users` -: an array of `google_compute_disk` users - -`physical_block_size_bytes` -: an array of `google_compute_disk` physical_block_size_bytes - -`types` -: an array of `google_compute_disk` type - -`source_images` -: an array of `google_compute_disk` source_image - -`resource_policies` -: (Beta only) an array of `google_compute_disk` resource_policies - -`zones` -: an array of `google_compute_disk` zone - -`source_image_encryption_keys` -: an array of `google_compute_disk` source_image_encryption_key - -`source_image_ids` -: an array of `google_compute_disk` source_image_id - -`disk_encryption_keys` -: an array of `google_compute_disk` disk_encryption_key - -`source_snapshots` -: an array of `google_compute_disk` source_snapshot - -`source_snapshot_encryption_keys` -: an array of `google_compute_disk` source_snapshot_encryption_key - -`source_snapshot_ids` -: an array of `google_compute_disk` source_snapshot_id - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_firewall.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_firewall.md deleted file mode 100644 index 44423b5558..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_firewall.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "google_compute_firewall resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_firewall" - identifier = "inspec/resources/gcp/google_compute_firewall.md google_compute_firewall resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_firewall` is used to test a Google Firewall resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_firewall(project: 'chef-gcp-inspec', name: 'inspec-gcp-firewall') do - its('direction') { should cmp 'INGRESS' } - its('log_config_enabled?') { should be true } - its('source_tags') { should include 'some-tag' } -end -``` - -### Test that a GCP compute firewall allows SSH access on port 22 - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - its('allowed_ssh?') { should be true } - end - -### Test that a GCP compute firewall does not allow HTTP access on port 80 - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - its('allowed_http?') { should be false } - end - -### Test that a GCP compute firewall allows HTTPS access on port 443 - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - its('allowed_https?') { should be true } - end - -### Test the direction of a GCP compute firewall e.g. "INGRESS" or "EGRESS" - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - its('direction') { should eq "INGRESS" } - end - -### Test the source IP range list for the GCP compute firewall is not open to the world - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - its('source_ranges') { should_not eq ["0.0.0.0/0"] } - # or using helpers - its('direction') { should eq "INGRESS" } - it { should_not allow_ip_ranges ["0.0.0.0/0"] } - end - -### Test whether or not a port/protocol is defined for a given firewall rule - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - # similar to the http / ssh helpers above - it { should_not allow_port_protocol("22", "tcp") } - it { should allow_port_protocol("80", "tcp") } - end - -### Test whether firewall rule allows ingress/egress for specified tags - - describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do - its('direction') { should eq "INGRESS" } - it { should allow_source_tags ["allow-gcp-tag"] } - it { should allow_target_tags ["allow-gcp-other-tag"] } - # stricter - it { should allow_source_tags_only ["allow-gcp-tag"] } - it { should allow_target_tags_only ["allow-gcp-other-tag"] } - end - -## Properties - -Properties that can be accessed from the `google_compute_firewall` resource: - -`allowed` -: The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection. - - `ip_protocol` - : The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip), or the IP protocol number. - - `ports` - : An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`denied` -: The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection. - - `ip_protocol` - : The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip), or the IP protocol number. - - `ports` - : An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`destination_ranges` -: If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported. - -`direction` -: Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, it is NOT supported to specify destinationRanges; For EGRESS traffic, it is NOT supported to specify sourceRanges OR sourceTags. - - Possible values: - - - INGRESS - - EGRESS - -`disabled` -: Denotes whether the firewall rule is disabled, i.e not applied to the network it is associated with. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled. - -`log_config` -: This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver. - - `enable_logging` - : This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`network` -: URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: https://www.googleapis.com/compute/v1/projects/myproject/global/ networks/my-network projects/myproject/global/networks/my-network global/networks/default - -`priority` -: Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority. - -`source_ranges` -: If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. Only IPv4 is supported. - -`source_service_accounts` -: If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags. - -`source_tags` -: If source tags are specified, the firewall will apply only to traffic with source IP that belongs to a tag listed in source tags. Source tags cannot be used to control traffic to an instance's external IP address. Because tags are associated with an instance, not an IP address. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. - -`target_service_accounts` -: A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network. - -`target_tags` -: A list of instance tags indicating sets of instances located in the network that may make network connections as specified in allowed. If no targetTags are specified, the firewall rule applies to all instances on the specified network. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_firewalls.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_firewalls.md deleted file mode 100644 index ed5986f0ff..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_firewalls.md +++ /dev/null @@ -1,120 +0,0 @@ -+++ -title = "google_compute_firewalls resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_firewalls" - identifier = "inspec/resources/gcp/google_compute_firewalls.md google_compute_firewalls resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_firewalls` is used to test a Google Firewall resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_firewalls(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('firewall_names') { should include 'inspec-gcp-firewall' } - its('firewall_directions') { should include 'INGRESS' } -end -``` - -### Test that there are no more than a specified number of firewalls available for the project - - describe google_compute_firewalls(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected firewall is available for the project - - describe google_compute_firewalls(project: 'chef-inspec-gcp') do - its('firewall_names') { should include "my-app-firewall-rule" } - end - -### Test that a particular named rule does not exist - - describe google_compute_firewalls(project: 'chef-inspec-gcp') do - its('firewall_names') { should_not include "default-allow-ssh" } - end - -### Test there are no firewalls for the "INGRESS" direction - - describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS') do - it { should_not exist } - end - -## Properties - -Properties that can be accessed from the `google_compute_firewalls` resource: - -See the [google_compute_firewall](/inspec/resources/google_compute_firewall/#properties) resource for more information. - -`alloweds` -: an array of `google_compute_firewall` allowed - -`creation_timestamps` -: an array of `google_compute_firewall` creation_timestamp - -`denieds` -: an array of `google_compute_firewall` denied - -`descriptions` -: an array of `google_compute_firewall` description - -`destination_ranges` -: an array of `google_compute_firewall` destination_ranges - -`firewall_directions` -: an array of `google_compute_firewall` direction - -`disableds` -: an array of `google_compute_firewall` disabled - -`log_configs` -: an array of `google_compute_firewall` log_config - -`firewall_ids` -: an array of `google_compute_firewall` id - -`firewall_names` -: an array of `google_compute_firewall` name - -`networks` -: an array of `google_compute_firewall` network - -`priorities` -: an array of `google_compute_firewall` priority - -`source_ranges` -: an array of `google_compute_firewall` source_ranges - -`source_service_accounts` -: an array of `google_compute_firewall` source_service_accounts - -`source_tags` -: an array of `google_compute_firewall` source_tags - -`target_service_accounts` -: an array of `google_compute_firewall` target_service_accounts - -`target_tags` -: an array of `google_compute_firewall` target_tags - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_forwarding_rule.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_forwarding_rule.md deleted file mode 100644 index 59e61deda2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_forwarding_rule.md +++ /dev/null @@ -1,181 +0,0 @@ -+++ -title = "google_compute_forwarding_rule resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_forwarding_rule" - identifier = "inspec/resources/gcp/google_compute_forwarding_rule.md google_compute_forwarding_rule resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_forwarding_rule` is used to test a Google ForwardingRule resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_forwarding_rule(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'udp-forwarding-rule') do - it { should exist } - its('region') { should match 'europe-west2' } - its('creation_timestamp') { should be > Time.now - 365*60*60*24*10 } - its('load_balancing_scheme') { should match 'EXTERNAL' } - its('port_range') { should match "500-500" } - its('ip_protocol') { should match "UDP" } -end - -describe google_compute_forwarding_rule(project: 'chef-gcp-inspec', region: 'europe-west2', name: "nonexistent") do - it { should_not exist } -end -``` - -### Test that a GCP compute forwarding_rule exists - - describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do - it { should exist } - end - -### Test when a GCP compute forwarding_rule was created - - describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do - its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 } - end - -### Test for an expected forwarding_rule identifier - - describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do - its('id') { should eq 12345567789 } - end - -### Test that a forwarding_rule load_balancing_scheme is as expected - - describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do - its('load_balancing_scheme') { should eq "INTERNAL" } - end - -### Test that a forwarding_rule IP address is as expected - - describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do - its('ip_address') { should eq "10.0.0.1" } - end - -### Test that a forwarding_rule is associated with the expected network - - describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do - its('network') { should match "gcp_network_name" } - end - -## Properties - -Properties that can be accessed from the `google_compute_forwarding_rule` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`is_mirroring_collector` -: (Beta only) Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: The unique identifier for the resource. - -`ip_address` -: The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule. An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: - - - 100.1.2.3 - - https://www.googleapis.com/compute/v1/projects/project/regions/ - - region/addresses/address - - projects/project/regions/region/addresses/address - - regions/region/addresses/address - - global/addresses/address - - address - -`ip_protocol` -: The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL, only TCP and UDP are valid. - - Possible values: - - - TCP - - UDP - - ESP - - AH - - SCTP - - ICMP - -`backend_service` -: A BackendService to receive the matched traffic. This is used only for INTERNAL load balancing. - -`load_balancing_scheme` -: This signifies what the ForwardingRule will be used for and can be EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic Cloud VPN gateways, protocol forwarding to VMs from an external IP address, and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. INTERNAL is used for protocol forwarding to VMs from an internal IP address, and internal TCP/UDP load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers. - - Possible values: - - - EXTERNAL - - INTERNAL - - INTERNAL_MANAGED - -`name` -: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`network` -: For internal load balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. This field is only used for INTERNAL load balancing. - -`port_range` -: This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - TargetHttpProxy: 80, 8080 - - TargetHttpsProxy: 443 - - TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 - - TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 - - TargetVpnGateway: 500, 4500 - -`ports` -: This field is used along with the backend_service field for internal load balancing. When the load balancing scheme is INTERNAL, a single port or a comma separated list of ports can be configured. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. You may specify a maximum of up to 5 ports. - -`subnetwork` -: The subnetwork that the load balanced IP should belong to for this Forwarding Rule. This field is only used for INTERNAL load balancing. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified. - -`target` -: The URL of the target resource to receive the matched traffic. The target must live in the same region as the forwarding rule. The forwarded traffic must be of a type appropriate to the target object. - -`allow_global_access` -: If true, clients can access ILB from all regions. Otherwise only allows from the local region the ILB is located at. - -`labels` -: (Beta only) Labels to apply to this forwarding rule. A list of key->value pairs. - -`label_fingerprint` -: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`all_ports` -: For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL and protocol is TCP/UDP), set this to true to allow packets addressed to any ports to be forwarded to the backends configured with this forwarding rule. Used with backend service. Cannot be set if port or portRange are set. - -`network_tier` -: The networking tier used for configuring this address. If this field is not specified, it is assumed to be PREMIUM. - - Possible values: - - - PREMIUM - - STANDARD - -`service_label` -: An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - -`service_name` -: The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing. - -`region` -: A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_forwarding_rules.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_forwarding_rules.md deleted file mode 100644 index c4466098e6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_forwarding_rules.md +++ /dev/null @@ -1,133 +0,0 @@ -+++ -title = "google_compute_forwarding_rules resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_forwarding_rules" - identifier = "inspec/resources/gcp/google_compute_forwarding_rules.md google_compute_forwarding_rules resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_forwarding_rules` is used to test a Google ForwardingRule resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_forwarding_rules(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('forwarding_rule_names') { should include 'udp-forwarding-rule' } -end -``` - -### Test that there are no more than a specified number of forwarding_rules available for the project and region - - describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('count') { should be <= 100} - end - -### Test that an expected forwarding_rule identifier is present in the project and region - - describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('forwarding_rule_ids') { should include 12345678975432 } - end - -### Test that an expected forwarding_rule name is available for the project and region - - describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('forwarding_rule_names') { should include "forwarding_rule-name" } - end - -### Test that an expected forwarding_rule network name is not present for the project and region - - describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('forwarding_rule_networks') { should not include "network-name" } - end - -## Properties - -Properties that can be accessed from the `google_compute_forwarding_rules` resource: - -See the [google_compute_forwarding_rule](/inspec/resources/google_compute_forwarding_rule/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_forwarding_rule` creation_timestamp - -`is_mirroring_collectors` -: (Beta only) an array of `google_compute_forwarding_rule` is_mirroring_collector - -`descriptions` -: an array of `google_compute_forwarding_rule` description - -`forwarding_rule_ids` -: an array of `google_compute_forwarding_rule` id - -`ip_addresses` -: an array of `google_compute_forwarding_rule` ip_address - -`ip_protocols` -: an array of `google_compute_forwarding_rule` ip_protocol - -`backend_services` -: an array of `google_compute_forwarding_rule` backend_service - -`forwarding_rule_load_balancing_schemes` -: an array of `google_compute_forwarding_rule` load_balancing_scheme - -`forwarding_rule_names` -: an array of `google_compute_forwarding_rule` name - -`forwarding_rule_networks` -: an array of `google_compute_forwarding_rule` network - -`port_ranges` -: an array of `google_compute_forwarding_rule` port_range - -`ports` -: an array of `google_compute_forwarding_rule` ports - -`subnetworks` -: an array of `google_compute_forwarding_rule` subnetwork - -`targets` -: an array of `google_compute_forwarding_rule` target - -`allow_global_accesses` -: an array of `google_compute_forwarding_rule` allow_global_access - -`labels` -: (Beta only) an array of `google_compute_forwarding_rule` labels - -`label_fingerprints` -: (Beta only) an array of `google_compute_forwarding_rule` label_fingerprint - -`all_ports` -: an array of `google_compute_forwarding_rule` all_ports - -`network_tiers` -: an array of `google_compute_forwarding_rule` network_tier - -`service_labels` -: an array of `google_compute_forwarding_rule` service_label - -`service_names` -: an array of `google_compute_forwarding_rule` service_name - -`regions` -: an array of `google_compute_forwarding_rule` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_address.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_address.md deleted file mode 100644 index 7f4b8789da..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_address.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "google_compute_global_address resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_global_address" - identifier = "inspec/resources/gcp/google_compute_global_address.md google_compute_global_address resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_global_address` is used to test a Google GlobalAddress resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_global_address(project: 'chef-gcp-inspec', name: 'inspec-gcp-global-address') do - it { should exist } - its('ip_version') { should eq 'IPV6' } -end - -describe google_compute_global_address(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_global_address` resource: - -`address` -: The static external IP address represented by this resource. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`labels` -: (Beta only) Labels to apply to this address. A list of key->value pairs. - -`label_fingerprint` -: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`ip_version` -: The IP Version that will be used by this address. The default value is `IPV4`. - - Possible values: - - - IPV4 - - IPV6 - -`region` -: A reference to the region where the regional address resides. - -`prefix_length` -: The prefix length of the IP range. If not present, it means the address field is a single IP address. This field is not applicable to addresses with addressType=EXTERNAL. - -`address_type` -: The type of the address to reserve. _ EXTERNAL indicates public/external single IP address. _ INTERNAL indicates internal IP ranges belonging to some network. - - Possible values: - - - EXTERNAL - - INTERNAL - -`purpose` -: The purpose of the resource. For global internal addresses it can be _ VPC_PEERING - for peer networks This should only be set when using an Internal address. - - Possible values: - - - VPC_PEERING - -`network` -: The URL of the network in which to reserve the IP range. The IP range must be in RFC1918 space. The network cannot be deleted if there are any reserved IP ranges referring to it. This should only be set when using an Internal address. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_addresses.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_addresses.md deleted file mode 100644 index 5fc6c24f3f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_addresses.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "google_compute_global_addresses resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_global_addresses" - identifier = "inspec/resources/gcp/google_compute_global_addresses.md google_compute_global_addresses resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_global_addresses` is used to test a Google GlobalAddress resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_global_addresses(project: 'chef-gcp-inspec', name: 'inspec-gcp-global-address') do - its('count') { should be >= 1 } - its('names') { should include 'inspec-gcp-global-address' } - its('ip_versions') { should include 'IPV6' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_global_addresses` resource: - -See the [google_compute_global_address](/inspec/resources/google_compute_global_address/#properties) resource for more information. - -`addresses` -: an array of `google_compute_global_address` address - -`creation_timestamps` -: an array of `google_compute_global_address` creation_timestamp - -`descriptions` -: an array of `google_compute_global_address` description - -`ids` -: an array of `google_compute_global_address` id - -`names` -: an array of `google_compute_global_address` name - -`labels` -: (Beta only) an array of `google_compute_global_address` labels - -`label_fingerprints` -: (Beta only) an array of `google_compute_global_address` label_fingerprint - -`ip_versions` -: an array of `google_compute_global_address` ip_version - -`regions` -: an array of `google_compute_global_address` region - -`prefix_lengths` -: an array of `google_compute_global_address` prefix_length - -`address_types` -: an array of `google_compute_global_address` address_type - -`purposes` -: an array of `google_compute_global_address` purpose - -`networks` -: an array of `google_compute_global_address` network - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_forwarding_rule.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_forwarding_rule.md deleted file mode 100644 index 5359e3d96a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_forwarding_rule.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "google_compute_global_forwarding_rule resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_global_forwarding_rule" - identifier = "inspec/resources/gcp/google_compute_global_forwarding_rule.md google_compute_global_forwarding_rule resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_global_forwarding_rule` is used to test a Google GlobalForwardingRule resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_global_forwarding_rule(project: 'chef-gcp-inspec', name: 'inspec-gcp-global-forwarding-rule') do - it { should exist } - its('port_range') { should eq '80-80' } - its('target') { should match /\/inspec-gcp-http-proxy$/ } -end - -describe google_compute_global_forwarding_rule(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_global_forwarding_rule` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: The unique identifier for the resource. - -`ip_address` -: The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (external or internal) and scope (global or regional). The address must be a global IP for external global forwarding rules. If this field is empty, an ephemeral IPv4 address from the same scope (global) is chosen. Global forwarding rules supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL_SELF_MANAGED, this must be a URL reference to an existing Address resource (internal regional static IP address), with a purpose of GCE_END_POINT and addressType of INTERNAL. An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: - - 100.1.2.3 - - https://www.googleapis.com/compute/v1/projects/project/regions/ - - region/addresses/address - - projects/project/regions/region/addresses/address - - regions/region/addresses/address - - global/addresses/address - - address - -`ip_protocol` -: The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL_SELF_MANAGED, only TCP is valid. - - Possible values: - - - TCP - - UDP - - ESP - - AH - - SCTP - - ICMP - - -`ip_version` -: The IP Version that will be used by this global forwarding rule. - - Possible values: - - - IPV4 - - IPV6 - - -`labels` -: (Beta only) Labels to apply to this forwarding rule. A list of key->value pairs. - -`label_fingerprint` -: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`load_balancing_scheme` -: This signifies what the GlobalForwardingRule will be used for. The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy) NOTE: Currently global forwarding rules cannot be used for INTERNAL load balancing. - - Possible values: - - - EXTERNAL - - INTERNAL_SELF_MANAGED - - -`metadata_filters` -: Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. - - `filter_match_criteria` - : Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. - - Possible values: - - - MATCH_ANY - - MATCH_ALL - - `filter_labels` - : The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. - - `name` - : Name of the metadata label. The length must be between 1 and 1024 characters, inclusive. - - `value` - : The value that the label must match. The value has a maximum length of 1024 characters. - -`name` -: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`network` -: This field is not used for external load balancing. For INTERNAL_SELF_MANAGED load balancing, this field identifies the network that the load balanced IP should belong to for this global forwarding rule. If this field is not specified, the default network will be used. - -`port_range` -: This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - TargetHttpProxy: 80, 8080 - - TargetHttpsProxy: 443 - - TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 - - TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 - - TargetVpnGateway: 500, 4500 - -`target` -: The URL of the target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_forwarding_rules.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_forwarding_rules.md deleted file mode 100644 index 105641bc02..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_global_forwarding_rules.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "google_compute_global_forwarding_rules resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_global_forwarding_rules" - identifier = "inspec/resources/gcp/google_compute_global_forwarding_rules.md google_compute_global_forwarding_rules resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_global_forwarding_rules` is used to test a Google GlobalForwardingRule resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_global_forwarding_rules(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('port_ranges') { should include '80-80' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_global_forwarding_rules` resource: - -See the [google_compute_global_forwarding_rule](/inspec/resources/google_compute_global_forwarding_rule/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_global_forwarding_rule` creation_timestamp - -`descriptions` -: an array of `google_compute_global_forwarding_rule` description - -`ids` -: an array of `google_compute_global_forwarding_rule` id - -`ip_addresses` -: an array of `google_compute_global_forwarding_rule` ip_address - -`ip_protocols` -: an array of `google_compute_global_forwarding_rule` ip_protocol - -`ip_versions` -: an array of `google_compute_global_forwarding_rule` ip_version - -`labels` -: (Beta only) an array of `google_compute_global_forwarding_rule` labels - -`label_fingerprints` -: (Beta only) an array of `google_compute_global_forwarding_rule` label_fingerprint - -`load_balancing_schemes` -: an array of `google_compute_global_forwarding_rule` load_balancing_scheme - -`metadata_filters` -: an array of `google_compute_global_forwarding_rule` metadata_filters - -`names` -: an array of `google_compute_global_forwarding_rule` name - -`networks` -: an array of `google_compute_global_forwarding_rule` network - -`port_ranges` -: an array of `google_compute_global_forwarding_rule` port_range - -`targets` -: an array of `google_compute_global_forwarding_rule` target - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_health_check.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_health_check.md deleted file mode 100644 index a2c8829c34..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_health_check.md +++ /dev/null @@ -1,268 +0,0 @@ -+++ -title = "google_compute_health_check resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_health_check" - identifier = "inspec/resources/gcp/google_compute_health_check.md google_compute_health_check resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_health_check` is used to test a Google HealthCheck resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_health_check(project: 'chef-gcp-inspec', name: 'inspec-gcp-health-check') do - it { should exist } - its('timeout_sec') { should eq '10' } - its('tcp_health_check.port') { should eq '80' } -end - -describe google_compute_health_check(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_health_check` resource: - -`check_interval_sec` -: How often (in seconds) to send a health check. The default value is 5 seconds. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`healthy_threshold` -: A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2. - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`timeout_sec` -: How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. - -`unhealthy_threshold` -: A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2. - -`type` -: Specifies the type of the healthCheck, either TCP, SSL, HTTP or HTTPS. If not specified, the default is TCP. Exactly one of the protocol-specific health check field must be specified, which must match type field. - - Possible values: - - - TCP - - SSL - - HTTP - - HTTPS - - HTTP2 - -`http_health_check` -: A nested object resource - - `host` - : The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. - - `request_path` - : The request path of the HTTP health check request. The default value is /. - - `response` - : The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. - - `port` - : The TCP port number for the HTTP health check request. The default value is 80. - - `port_name` - : Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. - - `proxy_header` - : Specifies the type of proxy header to append before sending data to the backend. - - Possible values: - - - NONE - - PROXY_V1 - - `port_specification` - : Specifies how port is selected for health checking, can be one of the following values: - - `USE_FIXED_PORT` - : The port number in `port` is used for health checking. - - `USE_NAMED_PORT` - : The `portName` is used for health checking. - - `USE_SERVING_PORT` - : For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTP health check follows behavior specified in `port` and `portName` fields. - -`https_health_check` -: A nested object resource - - `host` - : The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. - - `request_path` - : The request path of the HTTPS health check request. The default value is /. - - `response` - : The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. - - `port` - : The TCP port number for the HTTPS health check request. The default value is 443. - - `port_name` - : Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. - - `proxy_header` - : Specifies the type of proxy header to append before sending data to the backend. - - Possible values: - - - NONE - - PROXY_V1 - - `port_specification` - : Specifies how port is selected for health checking, can be one of the following values: - - `USE_FIXED_PORT` - : The port number in `port` is used for health checking. - - `USE_NAMED_PORT` - : The `portName` is used for health checking. - - `USE_SERVING_PORT` - : For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTPS health check follows behavior specified in `port` and `portName` fields. - -`tcp_health_check` -: A nested object resource - - `request` - : The application data to send once the TCP connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII. - - `response` - : The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. - - `port` - : The TCP port number for the TCP health check request. The default value is 443. - - `port_name` - : Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. - - `proxy_header` - : Specifies the type of proxy header to append before sending data to the backend. - - Possible values: - - - NONE - - PROXY_V1 - - `port_specification` - : Specifies how port is selected for health checking, can be one of the following values: - - `USE_FIXED_PORT` - : The port number in `port` is used for health checking. - - `USE_NAMED_PORT` - : The `portName` is used for health checking. - - `USE_SERVING_PORT` - : For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, TCP health check follows behavior specified in `port` and `portName` fields. - -`ssl_health_check` -: A nested object resource - - `request` - : The application data to send once the SSL connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII. - - `response` - : The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. - - `port` - : The TCP port number for the SSL health check request. The default value is 443. - - `port_name` - : Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. - - `proxy_header` - : Specifies the type of proxy header to append before sending data to the backend. - - Possible values: - - - NONE - - PROXY_V1 - - `port_specification` - : Specifies how port is selected for health checking, can be one of the following values: - - `USE_FIXED_PORT` - : The port number in `port` is used for health checking. - - `USE_NAMED_PORT` - : The `portName` is used for health checking. - - `USE_SERVING_PORT` - : For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, SSL health check follows behavior specified in `port` and `portName` fields. - -`http2_health_check` -: A nested object resource - - `host` - : The value of the host header in the HTTP2 health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. - - `request_path` - : The request path of the HTTP2 health check request. The default value is /. - - `response` - : The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. - - `port` - : The TCP port number for the HTTP2 health check request. The default value is 443. - - `port_name` - : Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. - - `proxy_header` - : Specifies the type of proxy header to append before sending data to the backend. - - Possible values: - - - NONE - - PROXY_V1 - - `port_specification` - : Specifies how port is selected for health checking, can be one of the following values: - - `USE_FIXED_PORT` - : The port number in `port` is used for health checking. - - `USE_NAMED_PORT` - : The `portName` is used for health checking. - - `USE_SERVING_PORT` - : For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTP2 health check follows behavior specified in `port` and `portName` fields. - - -`log_config` -: (Beta only) Configure logging on this health check. - - `enable` - : Indicates whether or not to export logs. This is false by default, which means no health check logging will be done. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_health_checks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_health_checks.md deleted file mode 100644 index a8fd84dc9c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_health_checks.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "google_compute_health_checks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_health_checks" - identifier = "inspec/resources/gcp/google_compute_health_checks.md google_compute_health_checks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_health_checks` is used to test a Google HealthCheck resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_health_checks(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-health-check' } - its('timeout_secs') { should include '10' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_health_checks` resource: - -See the [google_compute_health_check](/inspec/resources/google_compute_health_check/#properties) resource for more information. - -`check_interval_secs` -: an array of `google_compute_health_check` check_interval_sec - -`creation_timestamps` -: an array of `google_compute_health_check` creation_timestamp - -`descriptions` -: an array of `google_compute_health_check` description - -`healthy_thresholds` -: an array of `google_compute_health_check` healthy_threshold - -`ids` -: an array of `google_compute_health_check` id - -`names` -: an array of `google_compute_health_check` name - -`timeout_secs` -: an array of `google_compute_health_check` timeout_sec - -`unhealthy_thresholds` -: an array of `google_compute_health_check` unhealthy_threshold - -`types` -: an array of `google_compute_health_check` type - -`http_health_checks` -: an array of `google_compute_health_check` http_health_check - -`https_health_checks` -: an array of `google_compute_health_check` https_health_check - -`tcp_health_checks` -: an array of `google_compute_health_check` tcp_health_check - -`ssl_health_checks` -: an array of `google_compute_health_check` ssl_health_check - -`http2_health_checks` -: an array of `google_compute_health_check` http2_health_check - -`log_configs` -: (Beta only) an array of `google_compute_health_check` log_config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_http_health_check.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_http_health_check.md deleted file mode 100644 index 8e4ed957d3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_http_health_check.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "google_compute_http_health_check resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_http_health_check" - identifier = "inspec/resources/gcp/google_compute_http_health_check.md google_compute_http_health_check resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_http_health_check` is used to test a Google HttpHealthCheck resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_http_health_check(project: 'chef-gcp-inspec', name: 'inspec-gcp-http-health-check') do - it { should exist } - its('timeout_sec') { should eq '20' } - its('request_path') { should eq '/health_check' } - its('check_interval_sec') { should eq '20' } -end - -describe google_compute_http_health_check(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_http_health_check` resource: - -`check_interval_sec` -: How often (in seconds) to send a health check. The default value is 5 seconds. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`healthy_threshold` -: A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2. - -`host` -: The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`port` -: The TCP port number for the HTTP health check request. The default value is 80. - -`request_path` -: The request path of the HTTP health check request. The default value is /. - -`timeout_sec` -: How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. - -`unhealthy_threshold` -: A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_http_health_checks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_http_health_checks.md deleted file mode 100644 index 67c109da91..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_http_health_checks.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_compute_http_health_checks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_http_health_checks" - identifier = "inspec/resources/gcp/google_compute_http_health_checks.md google_compute_http_health_checks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_http_health_checks` is used to test a Google HttpHealthCheck resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_http_health_checks(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-http-health-check' } - its('timeout_secs') { should include '20' } - its('check_interval_secs') { should include '20' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_http_health_checks` resource: - -See the [google_compute_http_health_check](/inspec/resources/google_compute_http_health_check/#properties) resource for more information. - -`check_interval_secs` -: an array of `google_compute_http_health_check` check_interval_sec - -`creation_timestamps` -: an array of `google_compute_http_health_check` creation_timestamp - -`descriptions` -: an array of `google_compute_http_health_check` description - -`healthy_thresholds` -: an array of `google_compute_http_health_check` healthy_threshold - -`hosts` -: an array of `google_compute_http_health_check` host - -`ids` -: an array of `google_compute_http_health_check` id - -`names` -: an array of `google_compute_http_health_check` name - -`ports` -: an array of `google_compute_http_health_check` port - -`request_paths` -: an array of `google_compute_http_health_check` request_path - -`timeout_secs` -: an array of `google_compute_http_health_check` timeout_sec - -`unhealthy_thresholds` -: an array of `google_compute_http_health_check` unhealthy_threshold - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_https_health_check.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_https_health_check.md deleted file mode 100644 index 81f6def08f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_https_health_check.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "google_compute_https_health_check resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_https_health_check" - identifier = "inspec/resources/gcp/google_compute_https_health_check.md google_compute_https_health_check resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_https_health_check` is used to test a Google HttpsHealthCheck resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_https_health_check(project: 'chef-gcp-inspec', name: 'inspec-gcp-https-health-check') do - it { should exist } - its('timeout_sec') { should eq '15' } - its('request_path') { should eq '/https_health_check' } - its('check_interval_sec') { should eq '15' } - its('unhealthy_threshold') { should eq '3' } -end - -describe google_compute_https_health_check(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_https_health_check` resource: - -`check_interval_sec` -: How often (in seconds) to send a health check. The default value is 5 seconds. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`healthy_threshold` -: A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2. - -`host` -: The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`port` -: The TCP port number for the HTTPS health check request. The default value is 80. - -`request_path` -: The request path of the HTTPS health check request. The default value is /. - -`timeout_sec` -: How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. - -`unhealthy_threshold` -: A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_https_health_checks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_https_health_checks.md deleted file mode 100644 index ebc0a0bb34..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_https_health_checks.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_compute_https_health_checks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_https_health_checks" - identifier = "inspec/resources/gcp/google_compute_https_health_checks.md google_compute_https_health_checks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_https_health_checks` is used to test a Google HttpsHealthCheck resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_https_health_checks(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-https-health-check' } - its('timeout_secs') { should include '15' } - its('check_interval_secs') { should include '15' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_https_health_checks` resource: - -See the [google_compute_https_health_check](/inspec/resources/google_compute_https_health_check/#properties) resource for more information. - -`check_interval_secs` -: an array of `google_compute_https_health_check` check_interval_sec - -`creation_timestamps` -: an array of `google_compute_https_health_check` creation_timestamp - -`descriptions` -: an array of `google_compute_https_health_check` description - -`healthy_thresholds` -: an array of `google_compute_https_health_check` healthy_threshold - -`hosts` -: an array of `google_compute_https_health_check` host - -`ids` -: an array of `google_compute_https_health_check` id - -`names` -: an array of `google_compute_https_health_check` name - -`ports` -: an array of `google_compute_https_health_check` port - -`request_paths` -: an array of `google_compute_https_health_check` request_path - -`timeout_secs` -: an array of `google_compute_https_health_check` timeout_sec - -`unhealthy_thresholds` -: an array of `google_compute_https_health_check` unhealthy_threshold - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_image.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_image.md deleted file mode 100644 index 920f727a5d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_image.md +++ /dev/null @@ -1,184 +0,0 @@ -+++ -title = "google_compute_image resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_image" - identifier = "inspec/resources/gcp/google_compute_image.md google_compute_image resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_image` is used to test a Google Image resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_image(project: 'chef-gcp-inspec', name: 'inspec-image') do - it { should exist } - its('disk_size_gb') { should cmp 3 } -end - -describe google_compute_image(project: 'chef-gcp-inspec', name: 'notfound') do - it { should_not exist } -end -``` - -### Test that a GCP compute image is in a particular status e.g. "READY" means available for use - - describe google_compute_image(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do - its('status') { should eq "READY" } - end - -### Test that a GCP compute image has the expected family - - describe google_compute_image(project: 'chef-inspec-gcp', name: 'ubuntu') do - its('family') { should match "ubuntu" } - end - -## Properties - -Properties that can be accessed from the `google_compute_image` resource: - -`archive_size_bytes` -: Size of the image tar.gz archive stored in Google Cloud Storage (in bytes). - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`deprecated` -: The deprecation status associated with this image. - - `deleted` - : An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it. - - `deprecated` - : An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it. - - `obsolete` - : An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it. - - `replacement` - : The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource. - - `state` - : The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error. - - Possible values: - - - DEPRECATED - - OBSOLETE - - DELETED - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`disk_size_gb` -: Size of the image when restored onto a persistent disk (in GB). - -`family` -: The name of the image family to which this image belongs. You can create disks by specifying an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035. - -`guest_os_features` -: A list of features to enable on the guest operating system. Applicable only for bootable images. - - `type` - : The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. - - Possible values: - - - MULTI_IP_SUBNET - - SECURE_BOOT - - UEFI_COMPATIBLE - - VIRTIO_SCSI_MULTIQUEUE - - WINDOWS - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`image_encryption_key` -: Encrypts the image using a customer-supplied encryption key. After you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image) - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `kms_key_name` - : (Beta only) The name of the encryption key that is stored in Google Cloud KMS. - -`labels` -: Labels to apply to this Image. - -`label_fingerprint` -: The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`licenses` -: Any applicable license URI. - -`name` -: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`raw_disk` -: The parameters of the raw disk image. - - `container_type` - : The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created. - - Possible values: - - TAR - - `sha1_checksum` - : An optional SHA1 checksum of the disk image before unpackaging. This is provided by the client when the disk image is created. - - `source` - : The full Google Cloud Storage URL where disk storage is stored You must provide either this property or the sourceDisk property but not both. - -`source_disk` -: The source disk to create this image based on. You must provide either this property or the rawDisk.source property but not both to create an image. - -`source_disk_encryption_key` -: The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `kms_key_name` - : (Beta only) The name of the encryption key that is stored in Google Cloud KMS. - -`source_disk_id` -: The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name. - -`source_type` -: The type of the image used to create this disk. The default and only value is RAW - - Possible values: - - RAW - -`self_link` -: The self link of the image - -`status` -: The status of the image. Either `READY` `PENDING` or `FAILED`. - - Possible values: - - - READY - - PENDING - - FAILED - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance.md deleted file mode 100644 index 0d792ae9c3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance.md +++ /dev/null @@ -1,358 +0,0 @@ -+++ -title = "google_compute_instance resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance" - identifier = "inspec/resources/gcp/google_compute_instance.md google_compute_instance resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance` is used to test a Google Instance resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_instance(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-instance') do - it { should exist } - its('machine_type') { should match 'n1-standard-1' } - its('tags.items') { should include 'foo' } - its('tags.items') { should include 'bar' } - its('tag_count') { should cmp 2 } - its('service_account_scopes') { should include 'https://www.googleapis.com/auth/compute.readonly' } - its('metadata_keys') { should include '123' } - its('metadata_values') { should include 'asdf' } -end - -describe google_compute_instance(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute instance does not exist - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm-not-there') do - it { should_not exist } - end - -### Test that a GCP compute instance is in the expected state ([explore possible states here](https://cloud.google.com/compute/docs/instances/checking-instance-status)) - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('status') { should eq 'RUNNING' } - end - -### Test that a GCP compute instance is the expected size - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('machine_type') { should match "f1-micro" } - end - -### Test that a GCP compute instance has the expected CPU platform - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('cpu_platform') { should match "Intel" } - end - -### Test that a GCP compute instance has the expected number of attached disks - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('disk_count'){should eq 2} - end - -### Test that a GCP compute instance has the expected number of attached network interfaces - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('network_interfaces_count'){should eq 1} - end - -### Test that a GCP compute instance has the expected number of tags - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('tag_count'){should eq 1} - end - -### Test that a GCP compute instance has a single public IP address - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('first_network_interface_nat_ip_exists'){ should be true } - its('first_network_interface_name'){ should eq "external-nat" } - its('first_network_interface_type'){ should eq "one_to_one_nat" } - end - -### Test that a particular compute instance label key is present - - describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do - its('labels_keys') { should include 'my_favourite_label' } - end - -### Test that a particular compute instance label value is matching regexp - - describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm').label_value_by_key('business-area') do - it { should match '^(marketing|research)$' } - end - -### Test that a particular compute instance metadata key is present - - describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm') do - its('metadata_keys') { should include 'patching-type' } - end - -### Test that a particular compute instance metadata value is matching regexp - - describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm').metadata_value_by_key('patching-window') do - it { should match '^\d{1}-\d{2}$' } - end - -## Properties - -Properties that can be accessed from the `google_compute_instance` resource: - -`can_ip_forward` -: Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. - -`cpu_platform` -: The CPU platform used by this instance. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`deletion_protection` -: Whether the resource should be protected against deletion. - -`disks` -: An array of disks that are associated with the instances that are created from this template. - - `auto_delete` - : Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance). Tip: Disks should be set to autoDelete=true so that leftover disks are not left behind on machine deletion. - - `boot` - : Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem. - - `device_name` - : Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. - - `disk_encryption_key` - : Encrypts or decrypts a disk using a customer-supplied encryption key. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `rsa_encrypted_key` - : Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `index` - : Assigns a zero-based index to this disk, where 0 is reserved for the boot disk. For example, if you have many disks attached to an instance, each disk would have a unique index number. If not specified, the server will choose an appropriate value. - - `initialize_params` - : Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. - - `disk_name` - : Specifies the disk name. If not specified, the default is to use the name of the instance. - - `disk_size_gb` - : Specifies the size of the disk in base-2 GB. - - `disk_type` - : Reference to a disk type. Specifies the disk type to use to create the instance. If not specified, the default is pd-standard. - - `source_image` - : The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required. To create a disk with one of the public operating system images, specify the image by its family name. - - `source_image_encryption_key` - : The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `interface` - : Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. - - Possible values: - - SCSI - - NVME - - `mode` - : The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode. - - Possible values: - - READ_WRITE - - READ_ONLY - - `source` - : Reference to a disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. - - `type` - : Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT. - - Possible values: - - SCRATCH - - PERSISTENT - - `licenses` - : Any applicable publicly visible licenses. - -`guest_accelerators` -: List of the type and count of accelerator cards attached to the instance - - `accelerator_count` - : The number of the guest accelerator cards exposed to this instance. - - `accelerator_type` - : Full or partial URL of the accelerator type resource to expose to this instance. - -`hostname` -: The hostname of the instance to be created. The specified hostname must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS. - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`label_fingerprint` -: The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`labels` -: Labels to apply to this instance. A list of key->value pairs. - -`metadata` -: The metadata key/value pairs to assign to instances that are created from this template. These pairs can consist of custom metadata or predefined keys. - -`machine_type` -: A reference to a machine type which defines VM kind. - -`min_cpu_platform` -: Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms - -`name` -: The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`network_interfaces` -: An array of configurations for this interface. This specifies how this interface is configured to interact with other network services, such as connecting to the internet. Only one network interface is supported per instance. - - `access_configs` - : An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access. - - `name` - : The name of this access configuration. The default and recommended name is External NAT but you can use any arbitrary string you would like. For example, My external IP or Network Access. - - `nat_ip` - : Reference to an address. An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. - - `type` - : The type of configuration. The default and only option is ONE_TO_ONE_NAT. - - Possible values: - - ONE_TO_ONE_NAT - - `set_public_ptr` - : Specifies whether a public DNS PTR record should be created to map the external IP address of the instance to a DNS domain name. - - `public_ptr_domain_name` - : The DNS domain name for the public PTR record. You can set this field only if the setPublicPtr field is enabled. - - `network_tier` - : This signifies the networking tier used for configuring this access configuration. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - - Possible values: - - PREMIUM - - STANDARD - - `alias_ip_ranges` - : An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. - - `ip_cidr_range` - : The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (e.g. 10.2.3.4), a netmask (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). - - `subnetwork_range_name` - : Optional subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. - - `name` - : The name of the network interface, generated by the server. For network devices, these are eth0, eth1, etc - - `network` - : Specifies the title of an existing network. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. - - `network_ip` - : An IPv4 internal network address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system. - - `subnetwork` - : Reference to a VPC network. If the network resource is in legacy mode, do not provide this property. If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified. - -`scheduling` -: Sets the scheduling options for this instance. - - `automatic_restart` - : Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. - - `on_host_maintenance` - : Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options. - - `preemptible` - : Defines whether the instance is preemptible. This can only be set during instance creation, it cannot be set or changed after the instance has been created. - -`service_accounts` -: A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported. - - `email` - : Email address of the service account. - - `scopes` - : The list of scopes to be made available for this service account. - -`shielded_instance_config` -: Configuration for various parameters related to shielded instances. - - `enable_secure_boot` - : Defines whether the instance has Secure Boot enabled. - - `enable_vtpm` - : Defines whether the instance has the vTPM enabled - - `enable_integrity_monitoring` - : Defines whether the instance has integrity monitoring enabled. - -`status` -: The status of the instance. One of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, and TERMINATED. As a user, use RUNNING to keep a machine "on" and TERMINATED to turn a machine off - - Possible values: - - - PROVISIONING - - STAGING - - RUNNING - - STOPPING - - SUSPENDING - - SUSPENDED - - TERMINATED - -`status_message` -: An optional, human-readable explanation of the status. - -`tags` -: A list of tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035. - - `fingerprint` - : Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata. - - `items` - : An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035. - -`zone` -: A reference to the zone where the machine resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group.md deleted file mode 100644 index 2ce56a7c99..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group.md +++ /dev/null @@ -1,91 +0,0 @@ -+++ -title = "google_compute_instance_group resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance_group" - identifier = "inspec/resources/gcp/google_compute_instance_group.md google_compute_instance_group resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance_group` is used to test a Google InstanceGroup resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_instance_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-instance-group') do - it { should exist } - its('description') { should cmp 'My instance group for testing' } - its('named_ports.count') { should cmp 1 } - its('named_ports.first.name') { should cmp 'https' } - its('named_ports.first.port') { should cmp '8080' } -end - -describe google_compute_instance_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute instance group has the expected size - - describe google_compute_instance_group(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'gcp-inspec-test') do - its('size') { should eq 2 } - end - -### Test that a GCP compute instance group has a port with supplied name and value - - describe google_compute_instance_group(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'gcp-inspec-test') do - its('port_name') { should eq "http" } - its('port_value') { should eq 80 } - end - -## Properties - -Properties that can be accessed from the `google_compute_instance_group` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: A unique identifier for this instance group. - -`name` -: The name of the instance group. The name must be 1-63 characters long, and comply with RFC1035. - -`named_ports` -: Assigns a name to a port number. For example: {name: "http", port: 80}. This allows the system to reference ports by the assigned name instead of a port number. Named ports can also contain multiple ports. For example: [{name: "http", port: 80},{name: "http", port: 8080}] Named ports apply to all instances in this instance group. - - `name` - : The name for this named port. The name must be 1-63 characters long, and comply with RFC1035. - - `port` - : The port number, which can be a value between 1 and 65535. - -`network` -: The network to which all instances in the instance group belong. - -`region` -: The region where the instance group is located (for regional resources). - -`subnetwork` -: The subnetwork to which all instances in the instance group belong. - -`zone` -: A reference to the zone where the instance group resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group_manager.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group_manager.md deleted file mode 100644 index 07db09a6b4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group_manager.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "google_compute_instance_group_manager resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance_group_manager" - identifier = "inspec/resources/gcp/google_compute_instance_group_manager.md google_compute_instance_group_manager resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance_group_manager` is used to test a Google InstanceGroupManager resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-gcp-igm') do - it { should exist } - - its('base_instance_name') { should eq 'igm' } - its('named_ports.count') { should cmp 1 } - its('named_ports.first.name') { should eq 'port' } - its('named_ports.first.port') { should eq '80' } -end - -describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_instance_group_manager` resource: - -`base_instance_name` -: The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035. - -`creation_timestamp` -: The creation timestamp for this managed instance group in RFC3339 text format. - -`current_actions` -: The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions. - - `abandoning` - : The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it. - - `creating` - : The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated. - - `creating_without_retries` - : The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly. - - `deleting` - : The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted. - - `none` - : The number of instances in the managed instance group that are running and have no scheduled actions. - - `recreating` - : The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template. - - `refreshing` - : The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance. - - `restarting` - : The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: A unique identifier for this resource - -`instance_group` -: The instance group being managed - -`instance_template` -: The instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. - -`name` -: The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035. - -`named_ports` -: Named ports configured for the Instance Groups complementary to this Instance Group Manager. - - `name` - : The name for this named port. The name must be 1-63 characters long, and comply with RFC1035. - - `port` - : The port number, which can be a value between 1 and 65535. - -`region` -: The region this managed instance group resides (for regional resources). - -`target_pools` -: TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group. - -`target_size` -: The target number of running instances for this managed instance group. Deleting or abandoning instances reduces this number. Resizing the group changes this number. - -`zone` -: The zone the managed instance group resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group_managers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group_managers.md deleted file mode 100644 index 1de95e54bb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_group_managers.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "google_compute_instance_group_managers resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance_group_managers" - identifier = "inspec/resources/gcp/google_compute_instance_group_managers.md google_compute_instance_group_managers resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance_group_managers` is used to test a Google InstanceGroupManager resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_instance_group_managers(project: 'chef-gcp-inspec', zone: 'zone') do - its('base_instance_names') { should include 'igm' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_instance_group_managers` resource: - -See the [google_compute_instance_group_manager](/inspec/resources/google_compute_instance_group_manager/#properties) resource for more information. - -`base_instance_names` -: an array of `google_compute_instance_group_manager` base_instance_name - -`creation_timestamps` -: an array of `google_compute_instance_group_manager` creation_timestamp - -`current_actions` -: an array of `google_compute_instance_group_manager` current_actions - -`descriptions` -: an array of `google_compute_instance_group_manager` description - -`ids` -: an array of `google_compute_instance_group_manager` id - -`instance_groups` -: an array of `google_compute_instance_group_manager` instance_group - -`instance_templates` -: an array of `google_compute_instance_group_manager` instance_template - -`names` -: an array of `google_compute_instance_group_manager` name - -`named_ports` -: an array of `google_compute_instance_group_manager` named_ports - -`regions` -: an array of `google_compute_instance_group_manager` region - -`target_pools` -: an array of `google_compute_instance_group_manager` target_pools - -`target_sizes` -: an array of `google_compute_instance_group_manager` target_size - -`zones` -: an array of `google_compute_instance_group_manager` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_groups.md deleted file mode 100644 index e5bc0ea1cb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_groups.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "google_compute_instance_groups resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance_groups" - identifier = "inspec/resources/gcp/google_compute_instance_groups.md google_compute_instance_groups resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance_groups` is used to test a Google InstanceGroup resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_instance_groups(project: 'chef-gcp-inspec', zone: 'zone') do - its('instance_group_names') { should include 'inspec-instance-group' } -end -``` - -### Test that there are no more than a specified number of instance groups available for the project - - describe google_compute_instance_groups(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected instance_group is available for the project - - describe google_compute_instance_groups(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do - its('instance_group_names') { should include "my-instance-group-name" } - end - -### Test that a subset of all instance_groups matching "mig\*" have size greater than zero - - google_compute_instance_groups(project: 'chef-inspec-gcp', zone: 'europe-west2-a').where(instance_group_name: /^mig/).instance_group_names.each do |instance_group_name| - describe google_compute_instance_group(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: instance_group_name) do - it { should exist } - its('size') { should be > 0 } - end - end - -## Properties - -Properties that can be accessed from the `google_compute_instance_groups` resource: - -See the [google_compute_instance_group](/inspec/resources/google_compute_instance_group/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_instance_group` creation_timestamp - -`descriptions` -: an array of `google_compute_instance_group` description - -`instance_group_ids` -: an array of `google_compute_instance_group` id - -`instance_group_names` -: an array of `google_compute_instance_group` name - -`named_ports` -: an array of `google_compute_instance_group` named_ports - -`networks` -: an array of `google_compute_instance_group` network - -`regions` -: an array of `google_compute_instance_group` region - -`subnetworks` -: an array of `google_compute_instance_group` subnetwork - -`zones` -: an array of `google_compute_instance_group` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_template.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_template.md deleted file mode 100644 index 60e841d5f5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_template.md +++ /dev/null @@ -1,252 +0,0 @@ -+++ -title = "google_compute_instance_template resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance_template" - identifier = "inspec/resources/gcp/google_compute_instance_template.md google_compute_instance_template resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance_template` is used to test a Google InstanceTemplate resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_instance_template(project: 'chef-gcp-inspec', name: 'inspec-gcp-instance-template') do - it { should exist } - its('description') { should eq 'A description of the instance template' } - its('properties.description') { should eq 'A description of the instance itself' } - its('properties.machine_type') { should eq 'f1-micro' } - its('properties.tags.items') { should include 'foo' } - its('properties.disks.count') { should eq 1 } - its('properties.disks.first.auto_delete') { should eq 'true' } - its('properties.disks.first.boot') { should eq 'true' } - its('properties.network_interfaces.count') { should eq 1 } - its('properties.service_accounts.count') { should eq 1 } -end - -describe google_compute_instance_template(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_instance_template` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`name` -: Name of the resource. The name is 1-63 characters long and complies with RFC1035. - -`properties` -: The instance properties for this instance template. - - `can_ip_forward` - : Enables instances created based on this template to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. - - `description` - : An optional text description for the instances that are created from this instance template. - - `disks` - : An array of disks that are associated with the instances that are created from this template. - - `licenses` - : Any applicable license URI. - - `auto_delete` - : Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance). Tip: Disks should be set to autoDelete=true so that leftover disks are not left behind on machine deletion. - - `boot` - : Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem. - - `device_name` - : Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. - - `disk_encryption_key` - : Encrypts or decrypts a disk using a customer-supplied encryption key. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `rsa_encrypted_key` - : Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `index` - : Assigns a zero-based index to this disk, where 0 is reserved for the boot disk. For example, if you have many disks attached to an instance, each disk would have a unique index number. If not specified, the server will choose an appropriate value. - - `initialize_params` - : Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. - - `disk_name` - : Specifies the disk name. If not specified, the default is to use the name of the instance. - - `disk_size_gb` - : Specifies the size of the disk in base-2 GB. - - `disk_type` - : Reference to a disk type. Specifies the disk type to use to create the instance. If not specified, the default is pd-standard. - - `source_image` - : The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required. To create a disk with one of the public operating system images, specify the image by its family name. - - `source_image_encryption_key` - : The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys. - - `raw_key` - : Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - - `sha256` - : The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - - `interface` - : Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. - - Possible values: - - - SCSI - - NVME - - `mode` - : The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode. - - Possible values: - - READ_WRITE - - READ_ONLY - - `source` - : Reference to a disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. Note that for InstanceTemplate, specify the disk name, not the URL for the disk. - - `type` - : Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT. - - Possible values: - - SCRATCH - - PERSISTENT - - `labels` - : Labels to apply to this address. A list of key->value pairs. - - `machine_type` - : The machine type to use in the VM instance template. - - `min_cpu_platform` - : Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms - - `metadata` - : The metadata key/value pairs to assign to instances that are created from this template. These pairs can consist of custom metadata or predefined keys. - - `guest_accelerators` - : List of the type and count of accelerator cards attached to the instance - - `accelerator_count` - : The number of the guest accelerator cards exposed to this instance. - - `accelerator_type` - : Full or partial URL of the accelerator type resource to expose to this instance. - - `network_interfaces` - : An array of configurations for this interface. This specifies how this interface is configured to interact with other network services, such as connecting to the internet. Only one network interface is supported per instance. - - `access_configs` - : An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access. - - `name` - : The name of this access configuration. The default and recommended name is External NAT but you can use any arbitrary string you would like. For example, My external IP or Network Access. - - `nat_ip` - : Reference to an address. An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. - - `type` - : The type of configuration. The default and only option is ONE_TO_ONE_NAT. - - Possible values: - - ONE_TO_ONE_NAT - - `set_public_ptr` - : Specifies whether a public DNS PTR record should be created to map the external IP address of the instance to a DNS domain name. - - `public_ptr_domain_name` - : The DNS domain name for the public PTR record. You can set this field only if the setPublicPtr field is enabled. - - `network_tier` - : This signifies the networking tier used for configuring this access configuration. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - - Possible values: - - PREMIUM - - STANDARD - - `alias_ip_ranges` - : An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. - - `ip_cidr_range` - : The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (e.g. 10.2.3.4), a netmask (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). - - `subnetwork_range_name` - : Optional subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. - - `name` - : The name of the network interface, generated by the server. For network devices, these are eth0, eth1, etc - - `network` - : Specifies the title of an existing network. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. - - `network_ip` - : An IPv4 internal network address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system. - - `subnetwork` - : Reference to a VPC network. If the network resource is in legacy mode, do not provide this property. If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified. - - `scheduling` - : Sets the scheduling options for this instance. - - `automatic_restart` - : Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. - - `on_host_maintenance` - : Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options. - - `preemptible` - : Defines whether the instance is preemptible. This can only be set during instance creation, it cannot be set or changed after the instance has been created. - - `service_accounts` - : A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported. - - `email` - : Email address of the service account. - - `scopes` - : The list of scopes to be made available for this service account. - - `tags` - : A list of tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035. - - `fingerprint` - : Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata. - - `items` - : An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_templates.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_templates.md deleted file mode 100644 index 30610b76ab..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instance_templates.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_compute_instance_templates resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instance_templates" - identifier = "inspec/resources/gcp/google_compute_instance_templates.md google_compute_instance_templates resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instance_templates` is used to test a Google InstanceTemplate resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_instance_templates(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-instance-template' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_instance_templates` resource: - -See the [google_compute_instance_template](/inspec/resources/google_compute_instance_template/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_instance_template` creation_timestamp - -`descriptions` -: an array of `google_compute_instance_template` description - -`ids` -: an array of `google_compute_instance_template` id - -`names` -: an array of `google_compute_instance_template` name - -`properties` -: an array of `google_compute_instance_template` properties - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instances.md deleted file mode 100644 index 33ac32951c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_instances.md +++ /dev/null @@ -1,128 +0,0 @@ -+++ -title = "google_compute_instances resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_instances" - identifier = "inspec/resources/gcp/google_compute_instances.md google_compute_instances resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_instances` is used to test a Google Instance resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_instances(project: 'chef-gcp-inspec', zone: 'zone') do - its('instance_names') { should include 'inspec-instance' } -end -``` - -### Test that there are no more than a specified number of instances in the project and zone - - describe google_compute_instances(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do - its('count') { should be <= 100} - end - -### Test the exact number of instances in the project and zone - - describe google_compute_instances(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do - its('instance_ids.count') { should cmp 9 } - end - -### Test that an instance with a particular name exists in the project and zone - - describe google_compute_instances(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do - its('instance_names') { should include "my-favorite-instance" } - end - -## Properties - -Properties that can be accessed from the `google_compute_instances` resource: - -See the [google_compute_instance](/inspec/resources/google_compute_instance/#properties) resource for more information. - -`can_ip_forwards` -: an array of `google_compute_instance` can_ip_forward - -`cpu_platforms` -: an array of `google_compute_instance` cpu_platform - -`creation_timestamps` -: an array of `google_compute_instance` creation_timestamp - -`deletion_protections` -: an array of `google_compute_instance` deletion_protection - -`disks` -: an array of `google_compute_instance` disks - -`guest_accelerators` -: an array of `google_compute_instance` guest_accelerators - -`hostnames` -: an array of `google_compute_instance` hostname - -`instance_ids` -: an array of `google_compute_instance` id - -`label_fingerprints` -: an array of `google_compute_instance` label_fingerprint - -`labels` -: an array of `google_compute_instance` labels - -`metadata` -: an array of `google_compute_instance` metadata - -`machine_types` -: an array of `google_compute_instance` machine_type - -`min_cpu_platforms` -: an array of `google_compute_instance` min_cpu_platform - -`instance_names` -: an array of `google_compute_instance` name - -`network_interfaces` -: an array of `google_compute_instance` network_interfaces - -`schedulings` -: an array of `google_compute_instance` scheduling - -`service_accounts` -: an array of `google_compute_instance` service_accounts - -`shielded_instance_configs` -: an array of `google_compute_instance` shielded_instance_config - -`statuses` -: an array of `google_compute_instance` status - -`status_messages` -: an array of `google_compute_instance` status_message - -`tags` -: an array of `google_compute_instance` tags - -`zones` -: an array of `google_compute_instance` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network.md deleted file mode 100644 index 234e21638a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network.md +++ /dev/null @@ -1,109 +0,0 @@ -+++ -title = "google_compute_network resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_network" - identifier = "inspec/resources/gcp/google_compute_network.md google_compute_network resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_network` is used to test a Google Network resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_network(project: 'chef-gcp-inspec', name: 'inspec-network') do - it { should exist } - its('routing_config.routing_mode') { should cmp 'REGIONAL' } -end - -describe google_compute_network(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute network exists - - describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do - it { should exist } - end - -### Test when a GCP compute network was created - - describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do - its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 } - end - -### Test for an expected network identifier - - describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do - its('id') { should eq 12345567789 } - end - -### Test whether a single attached subnetwork name is correct - - describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do - its ('subnetworks.count') { should eq 1 } - its ('subnetworks.first') { should match "subnetwork-name"} - end - -### Test whether the network is configured to automatically create subnetworks or not - - describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do - its ('auto_create_subnetworks'){ should be false } - end - -### Check the network routing configuration routing mode - - describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do - its ('routing_config.routing_mode') { should eq "REGIONAL" } - end - -## Properties - -Properties that can be accessed from the `google_compute_network` resource: - -`description` -: An optional description of this resource. The resource must be recreated to modify this field. - -`gateway_ipv4` -: The gateway address for default routing out of the network. This value is selected by GCP. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`subnetworks` -: Server-defined fully-qualified URLs for all subnetworks in this network. - -`auto_create_subnetworks` -: When set to `true`, the network is created in "auto subnet mode" and it will create a subnet for each region automatically across the `10.128.0.0/9` address range. When set to `false`, the network is created in "custom subnet mode" so the user can explicitly connect subnetwork resources. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`routing_config` -: The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce. - - `routing_mode` - : The network-wide routing mode to use. If set to `REGIONAL`, this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to `GLOBAL`, this network's cloud routers will advertise routes with all subnetworks of this network, across regions. - - Possible values: - - REGIONAL - - GLOBAL - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network_endpoint_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network_endpoint_group.md deleted file mode 100644 index 179823d947..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network_endpoint_group.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_compute_network_endpoint_group resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_network_endpoint_group" - identifier = "inspec/resources/gcp/google_compute_network_endpoint_group.md google_compute_network_endpoint_group resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_network_endpoint_group` is used to test a Google NetworkEndpointGroup resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_network_endpoint_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-gcp-endpoint-group') do - it { should exist } - its('default_port') { should cmp '90' } -end - -describe google_compute_network_endpoint_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_network_endpoint_group` resource: - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`network_endpoint_type` -: Type of network endpoints in this network endpoint group. - - Possible values: - - GCE_VM_IP_PORT - -`size` -: Number of network endpoints in the network endpoint group. - -`network` -: The network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. - -`subnetwork` -: Optional subnetwork to which all network endpoints in the NEG belong. - -`default_port` -: The default port used if the port number is not specified in the network endpoint. - -`zone` -: Zone where the network endpoint group is located. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network_endpoint_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network_endpoint_groups.md deleted file mode 100644 index a2cbbed4ef..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_network_endpoint_groups.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_compute_network_endpoint_groups resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_network_endpoint_groups" - identifier = "inspec/resources/gcp/google_compute_network_endpoint_groups.md google_compute_network_endpoint_groups resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_network_endpoint_groups` is used to test a Google NetworkEndpointGroup resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby - -describe google_compute_network_endpoint_groups(project: 'chef-gcp-inspec', zone: 'zone') do - its('default_ports') { should include '90' } - its('names') { should include 'inspec-gcp-endpoint-group' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_network_endpoint_groups` resource: - -See the [google_compute_network_endpoint_group](/inspec/resources/google_compute_network_endpoint_group/#properties) resource for more information. - -`ids` -: an array of `google_compute_network_endpoint_group` id - -`names` -: an array of `google_compute_network_endpoint_group` name - -`descriptions` -: an array of `google_compute_network_endpoint_group` description - -`network_endpoint_types` -: an array of `google_compute_network_endpoint_group` network_endpoint_type - -`sizes` -: an array of `google_compute_network_endpoint_group` size - -`networks` -: an array of `google_compute_network_endpoint_group` network - -`subnetworks` -: an array of `google_compute_network_endpoint_group` subnetwork - -`default_ports` -: an array of `google_compute_network_endpoint_group` default_port - -`zones` -: an array of `google_compute_network_endpoint_group` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_networks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_networks.md deleted file mode 100644 index b850deb798..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_networks.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "google_compute_networks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_networks" - identifier = "inspec/resources/gcp/google_compute_networks.md google_compute_networks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_networks` is used to test a Google Network resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -``` -describe google_compute_networks(project: 'chef-gcp-inspec') do - its('network_names') { should include 'inspec-network' } -end -``` - -### Test that there are no more than a specified number of networks available for the project - - describe google_compute_networks(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected network identifier is present in the project - - describe google_compute_networks(project: 'chef-inspec-gcp') do - its('network_ids') { should include 12345678975432 } - end - -### Test that an expected network name is available for the project - - describe google_compute_networks(project: 'chef-inspec-gcp') do - its('network_names') { should include "network-name" } - end - -## Properties - -Properties that can be accessed from the `google_compute_networks` resource: - -See the [google_compute_network](/inspec/resources/google_compute_network/#properties) resource for more information. - -`descriptions` -: an array of `google_compute_network` description - -`gateway_ipv4s` -: an array of `google_compute_network` gateway_ipv4 - -`network_ids` -: an array of `google_compute_network` id - -`network_names` -: an array of `google_compute_network` name - -`subnetworks` -: an array of `google_compute_network` subnetworks - -`auto_create_subnetworks` -: an array of `google_compute_network` auto_create_subnetworks - -`creation_timestamps` -: an array of `google_compute_network` creation_timestamp - -`routing_configs` -: an array of `google_compute_network` routing_config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_group.md deleted file mode 100644 index 0cea299578..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_group.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_compute_node_group resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_node_group" - identifier = "inspec/resources/gcp/google_compute_node_group.md google_compute_node_group resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_node_group` is used to test a Google NodeGroup resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_node_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-node-group') do - it { should exist } - its('description') { should cmp 'A description of the node group' } - its('size') { should cmp '0' } -end - -describe google_compute_node_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_node_group` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional textual description of the resource. - -`name` -: Name of the resource. - -`node_template` -: The URL of the node template to which this node group belongs. - -`size` -: The total number of nodes in the node group. - -`autoscaling_policy` -: (Beta only) If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups. - -`mode` -: The autoscaling mode. Set to one of the following: - OFF: Disables the autoscaler. - ON: Enables scaling in and scaling out. - ONLY_SCALE_OUT: Enables only scaling out. You must use this mode if your node groups are configured to restart their hosted VMs on minimal servers. - - Possible values: - - - OFF - - ON - - ONLY_SCALE_OUT - -`min_nodes` -: Minimum size of the node group. Must be less than or equal to max-nodes. The default value is 0. - -`max_nodes` -: Maximum size of the node group. Set to a value less than or equal to 100 and greater than or equal to min-nodes. - -`zone` -: Zone where this node group is located - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_groups.md deleted file mode 100644 index 3ebc418212..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_groups.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_compute_node_groups resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_node_groups" - identifier = "inspec/resources/gcp/google_compute_node_groups.md google_compute_node_groups resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_node_groups` is used to test a Google NodeGroup resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_node_groups(project: 'chef-gcp-inspec', zone: 'zone') do - it { should exist } - its('descriptions') { should include 'A description of the node group' } - its('sizes') { should include '0' } - its('names') { should include 'inspec-node-group' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_node_groups` resource: - -See the [google_compute_node_group](/inspec/resources/google_compute_node_group/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_node_group` creation_timestamp - -`descriptions` -: an array of `google_compute_node_group` description - -`names` -: an array of `google_compute_node_group` name - -`node_templates` -: an array of `google_compute_node_group` node_template - -`sizes` -: an array of `google_compute_node_group` size - -`autoscaling_policies` -: (Beta only) an array of `google_compute_node_group` autoscaling_policy -`zones` -: an array of `google_compute_node_group` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_template.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_template.md deleted file mode 100644 index 2f216713f2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_template.md +++ /dev/null @@ -1,81 +0,0 @@ -+++ -title = "google_compute_node_template resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_node_template" - identifier = "inspec/resources/gcp/google_compute_node_template.md google_compute_node_template resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_node_template` is used to test a Google NodeTemplate resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_node_template(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-node-template') do - it { should exist } - its('node_affinity_labels') { should include('key' => 'value') } -end - -describe google_compute_node_template(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_node_template` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional textual description of the resource. - -`name` -: Name of the resource. - -`node_affinity_labels` -: Labels to use for node affinity, which will be used in instance scheduling. - -`node_type` -: Node type to use for nodes group that are created from this template. Only one of nodeTypeFlexibility and nodeType can be specified. - -`node_type_flexibility` -: Flexible properties for the desired node type. Node groups that use this node template will create nodes of a type that matches these properties. Only one of nodeTypeFlexibility and nodeType can be specified. - -`cpus` -: Number of virtual CPUs to use. - -`memory` -: Physical memory available to the node, defined in MB. - -`local_ssd` -: Use local SSD - -`server_binding` -: (Beta only) The server binding policy for nodes using this template. Determines where the nodes should restart following a maintenance event. - -`type` -: Type of server binding policy. If `RESTART_NODE_ON_ANY_SERVER`, nodes using this template will restart on any physical server following a maintenance event. If `RESTART_NODE_ON_MINIMAL_SERVER`, nodes using this template will restart on the same physical server following a maintenance event, instead of being live migrated to or restarted on a new physical server. This option may be useful if you are using software licenses tied to the underlying server characteristics such as physical sockets or cores, to avoid the need for additional licenses when maintenance occurs. However, VMs on such nodes will experience outages while maintenance is applied. - - Possible values: - - RESTART_NODE_ON_ANY_SERVER - - RESTART_NODE_ON_MINIMAL_SERVERS - -`region` -: Region where nodes using the node template will be created - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_templates.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_templates.md deleted file mode 100644 index 11cab1e521..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_node_templates.md +++ /dev/null @@ -1,67 +0,0 @@ -+++ -title = "google_compute_node_templates resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_node_templates" - identifier = "inspec/resources/gcp/google_compute_node_templates.md google_compute_node_templates resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_node_templates` is used to test a Google NodeTemplate resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_node_templates(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('names') { should include 'inspec-node-template' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_node_templates` resource: - -See the [google_compute_node_template](/inspec/resources/google_compute_node_template/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_node_template` creation_timestamp - -`descriptions` -: an array of `google_compute_node_template` description - -`names` -: an array of `google_compute_node_template` name - -`node_affinity_labels` -: an array of `google_compute_node_template` node_affinity_labels - -`node_types` -: an array of `google_compute_node_template` node_type - -`node_type_flexibilities` -: an array of `google_compute_node_template` node_type_flexibility - -`server_bindings` -: (Beta only) an array of `google_compute_node_template` server_binding - -`regions` -: an array of `google_compute_node_template` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_project_info.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_project_info.md deleted file mode 100644 index bbc492fd94..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_project_info.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "google_compute_project_info resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_project_info" - identifier = "inspec/resources/gcp/google_compute_project_info.md google_compute_project_info resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_project_info` is used to test a Google ProjectInfo resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -``` -describe google_compute_project_info(project: 'chef-gcp-inspec') do - it { should exist } - its('default_service_account') { should match "developer.gserviceaccount.com" } -end -``` - -### Test that GCP compute project information exists - - describe google_compute_project_info(project: 'chef-inspec-gcp') do - it { should exist } - end - -### Test that GCP compute project default service account is as expected - - describe google_compute_project_info(project: 'chef-inspec-gcp') do - its('default_service_account') { should eq '12345-compute@developer.gserviceaccount.com' } - end - -## Properties - -Properties that can be accessed from the `google_compute_project_info` resource: - -`name` -: The name of this project - -`common_instance_metadata` -: Metadata shared for all instances in this project - -`items` -: Array of key/values - - `key` - : Key of the metadata key/value pair - - `value` - : Value of the metadata key/value pair - -`enabled_features` -: Restricted features enabled for use on this project - -`default_service_account` -: Default service account used by VMs in this project - -`xpn_project_status` -: The role this project has in a shared VPC configuration. - -`default_network_tier` -: The default network tier used for configuring resources in this project - -`quotas` -: Quotas applied to this project - -`metric` -: Name of the quota metric - -`limit` -: Quota limit for this metric - -`usage` -: Current usage of this metric - -`owner` -: Owning resource. This is the resource on which this quota is applied. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region.md deleted file mode 100644 index 8a4bb7af0f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region.md +++ /dev/null @@ -1,155 +0,0 @@ -+++ -title = "google_compute_region resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_region" - identifier = "inspec/resources/gcp/google_compute_region.md google_compute_region resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_region` is used to test a Google Region resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_region(project: 'chef-gcp-inspec', name: 'europe-west2') do - it { should exist } - it { should be_up } - its('zone_names') { should include "#{gcp_location}-a" } -end - -describe google_compute_region(project: 'chef-gcp-inspec', name: 'notthere') do - it { should_not exist } -end -``` - -### Test that a GCP compute region exists - -```ruby -describe google_compute_region(project: 'chef-inspec-gcp', region: 'europe-west2') do - it { should exist } -end -``` - -### Test that a GCP compute region is in the expected state - -```ruby -describe google_compute_region(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('status') { should eq 'UP' } - # or equivalently - it { should be_up } -end -``` - -### Test a GCP compute region identifier - -```ruby -describe google_compute_region(project: 'chef-inspec-gcp', region: "asia-east1") do - its('id') { should eq "1220" } -end -``` - -### Check that a region is associated with the expected zone fully qualified name - -```ruby -describe google_compute_region(project: 'chef-inspec-gcp', region: "asia-east1") do - its('zones') { should include "https://www.googleapis.com/compute/v1/projects/spaterson-project/zones/asia-east1-a" } -end -``` - -### Check that a region is associated with the expected zone short name - -```ruby -describe google_compute_region(project: 'chef-inspec-gcp', region: "asia-east1") do - its('zone_names') { should include "asia-east1-a" } -end -``` - -The `zone_names` property is also useful for subsequently looping over associated `google_compute_zone` resources. For example: - -```ruby -google_compute_region(project: 'chef-inspec-gcp', region: "asia-east1").zone_names.each do |zone_name| - describe google_compute_zone(project: 'chef-inspec-gcp', name: zone_name) do - it { should be_up } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_region` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`deprecated` -: The deprecation state of this resource. - -`deleted` -: An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to DELETED. - -`deprecated` -: An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to DEPRECATED. - -`obsolete` -: An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to OBSOLETE. - -`replacement` -: The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource. - -`state` -: The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error. - - Possible values: - - - DEPRECATED - - OBSOLETE - - DELETED - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. - -`quotas` -: Quotas assigned to this region. - -`metric` -: Name of the quota metric. - -`limit` -: Quota limit for this metric. - -`usage` -: Current usage of this metric. - -`owner` -: Owning resource. This is the resource on which this quota is applied. - -`status` -: Status of the region, either UP or DOWN. -Possible values: - -- UP -- DOWN - -`zones` -: List of zones within the region - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_backend_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_backend_service.md deleted file mode 100644 index 070e3e480a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_backend_service.md +++ /dev/null @@ -1,308 +0,0 @@ -+++ -title = "google_compute_region_backend_service resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_region_backend_service" - identifier = "inspec/resources/gcp/google_compute_region_backend_service.md google_compute_region_backend_service resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_region_backend_service` is used to test a Google RegionBackendService resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_region_backend_service(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-region-backend-service') do - it { should exist } - its('description') { should eq 'A regional description' } - its('protocol') { should eq 'TCP' } - its('timeout_sec') { should eq '15' } -end - -describe google_compute_region_backend_service(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_region_backend_service` resource: - -`affinity_cookie_ttl_sec` -: Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used. - -`backends` -: The set of backends that serve this RegionBackendService. - - `balancing_mode` - : Specifies the balancing mode for this backend. - - Possible values: - - UTILIZATION - - RATE - - CONNECTION - - `capacity_scaler` - : A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). ~>**NOTE**: This field cannot be set for INTERNAL region backend services (default loadBalancingScheme), but is required for non-INTERNAL backend service. The total capacity_scaler for all backends must be non-zero. A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0]. - - `description` - : An optional description of this resource. Provide this property when you create the resource. - - `failover` - : This field designates whether this is a failover backend. More than one failover backend can be configured for a given RegionBackendService. - - `group` - : The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. When the `load_balancing_scheme` is INTERNAL, only instance groups are supported. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL. - - `max_connections` - : The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. Cannot be set for INTERNAL backend services. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set. - - `max_connections_per_instance` - : The max number of simultaneous connections that a single backend instance can handle. Cannot be set for INTERNAL backend services. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set. - - `max_connections_per_endpoint` - : The max number of simultaneous connections that a single backend network endpoint can handle. Cannot be set for INTERNAL backend services. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set. - - `max_rate` - : The max requests per second (RPS) of the group. Cannot be set for INTERNAL backend services. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. Either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set. - - `max_rate_per_instance` - : The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set. Cannot be set for INTERNAL backend services. - - `max_rate_per_endpoint` - : The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set. Cannot be set for INTERNAL backend services. - - `max_utilization` - : Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0]. Cannot be set for INTERNAL backend services. - -`circuit_breakers` -: Settings controlling the volume of connections to a backend service. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. - - `connect_timeout` - : (Beta only) The timeout for new network connections to hosts. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - `max_requests_per_connection` - : Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive. - - `max_connections` - : The maximum number of connections to the backend cluster. Defaults to 1024. - - `max_pending_requests` - : The maximum number of pending requests to the backend cluster. Defaults to 1024. - - `max_requests` - : The maximum number of parallel requests to the backend cluster. Defaults to 1024. - - `max_retries` - : The maximum number of parallel retries to the backend cluster. Defaults to 3. - -`consistent_hash` -: Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies when all of the following are true: `load_balancing_scheme` is set to INTERNAL_MANAGED, `protocol` is set to HTTP, HTTPS, or HTTP2, and `locality_lb_policy` is set to MAGLEV or RING_HASH - -`http_cookie` -: Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - - `ttl` - : Lifetime of the cookie. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - `name` - : Name of the cookie. - - `path` - : Path to set for the cookie. - -`http_header_name` -: The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD. - -`minimum_ring_size` -: The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024. - -`connection_draining` -: Settings for connection draining - - `draining_timeout_sec` - : Time for which instance will be drained (not accept new connections, but still work to finish started). - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`failover_policy` -: Policy for failovers. - - `disable_connection_drain_on_failover` - : On failover or failback, this field indicates whether connection drain will be honored. Setting this to true has the following effect: connections to the old active pool are not drained. Connections to the new active pool use the timeout of 10 min (currently fixed). Setting to false has the following effect: both old and new connections will have a drain timeout of 10 min. This can be set to true only if the protocol is TCP. The default is false. - - `drop_traffic_if_unhealthy` - : This option is used only when no healthy VMs are detected in the primary and backup instance groups. When set to true, traffic is dropped. When set to false, new connections are sent across all VMs in the primary group. The default is false. - - `failover_ratio` - : The value of the field must be in [0, 1]. If the ratio of the healthy VMs in the primary backend is at or below this number, traffic arriving at the load-balanced IP will be directed to the failover backend. In case where 'failoverRatio' is not set or all the VMs in the backup backend are unhealthy, the traffic will be directed back to the primary backend in the "force" mode, where traffic will be spread to the healthy VMs with the best effort, or to all VMs when no VM is healthy. This field is only used with l4 load balancing. - -`fingerprint` -: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. - -`health_checks` -: The set of URLs to HealthCheck resources for health checking this RegionBackendService. Currently at most one health check can be specified, and a health check is required. - -`id` -: The unique identifier for the resource. - -`load_balancing_scheme` -: Indicates what kind of load balancing this regional backend service will be used for. A backend service created for one type of load balancing cannot be used with the other(s). - - Possible values: - - - INTERNAL - - INTERNAL_MANAGED - - -`locality_lb_policy` -: The load balancing algorithm used within the scope of the locality. - - The possible values are: - - ROUND*ROBIN - : This is a simple policy in which each healthy backend is selected in round robin order. - - LEAST_REQUEST - : An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. - - RING_HASH - : The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. - - RANDOM - : The load balancer selects a random healthy host. - - ORIGINAL_DESTINATION - : Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. - - MAGLEV - : used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`outlier_detection` -: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. - - `base_ejection_time` - : The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - - `consecutive_errors` - : Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5. - - `consecutive_gateway_failure` - : The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5. - - `enforcing_consecutive_errors` - : The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. - - `enforcing_consecutive_gateway_failure` - : The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0. - - `enforcing_success_rate` - : The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. - - `interval` - : Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. - - `seconds` - : Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - - `nanos` - : Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - - `max_ejection_percent` - : Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%. - - `success_rate_minimum_hosts` - : The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5. - - `success_rate_request_volume` - : The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100. - - `success_rate_stdev_factor` - : This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. - -`port_name` -: A named port on a backend instance group representing the port for communication to the backend VMs in that group. Required when the loadBalancingScheme is EXTERNAL, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED and the backends are instance groups. The named port must be defined on each backend instance group. This parameter has no meaning if the backends are NEGs. API sets a default of "http" if not given. Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing). - -`protocol` -: The protocol this RegionBackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. - - Possible values: - - - HTTP - - HTTPS - - HTTP2 - - SSL - - TCP - - UDP - - -`session_affinity` -: Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - - Possible values: - - - NONE - - CLIENT - - IP - - CLIENT*IP_PORT_PROTO - - CLIENT*IP_PROTO - - GENERATED*COOKIE - - HEADER_FIELD - - HTTP_COOKIE - -`timeout_sec` -: How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400]. - -`log_config` -: This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. - - `enable` - : Whether to enable logging for the load balancer traffic served by this backend service. - - `sample_rate` - : This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0. - -`network` -: The URL of the network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL. - -`region` -: A reference to the region where the regional backend service resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_backend_services.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_backend_services.md deleted file mode 100644 index 7734e8569f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_backend_services.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "google_compute_region_backend_services resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_region_backend_services" - identifier = "inspec/resources/gcp/google_compute_region_backend_services.md google_compute_region_backend_services resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_region_backend_services` is used to test a Google RegionBackendService resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_region_backend_services(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('count') { should be >= 1 } - its('names') { should include 'inspec-gcp-region-backend-service' } - its('protocols') { should include 'TCP' } - its('timeout_secs') { should include '15' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_region_backend_services` resource: - -See the [google_compute_region_backend_service](/inspec/resources/google_compute_region_backend_service/#properties) resource for more information. - -`affinity_cookie_ttl_secs` -: an array of `google_compute_region_backend_service` affinity_cookie_ttl_sec - -`backends` -: an array of `google_compute_region_backend_service` backends - -`circuit_breakers` -: an array of `google_compute_region_backend_service` circuit_breakers - -`consistent_hashes` -: an array of `google_compute_region_backend_service` consistent_hash - -`connection_drainings` -: an array of `google_compute_region_backend_service` connection_draining - -`creation_timestamps` -: an array of `google_compute_region_backend_service` creation_timestamp - -`descriptions` -: an array of `google_compute_region_backend_service` description - -`failover_policies` -: an array of `google_compute_region_backend_service` failover_policy - -`fingerprints` -: an array of `google_compute_region_backend_service` fingerprint - -`health_checks` -: an array of `google_compute_region_backend_service` health_checks - -`ids` -: an array of `google_compute_region_backend_service` id - -`load_balancing_schemes` -: an array of `google_compute_region_backend_service` load_balancing_scheme - -`locality_lb_policies` -: an array of `google_compute_region_backend_service` locality_lb_policy - -`names` -: an array of `google_compute_region_backend_service` name - -`outlier_detections` -: an array of `google_compute_region_backend_service` outlier_detection - -`port_names` -: an array of `google_compute_region_backend_service` port_name - -`protocols` -: an array of `google_compute_region_backend_service` protocol - -`session_affinities` -: an array of `google_compute_region_backend_service` session_affinity - -`timeout_secs` -: an array of `google_compute_region_backend_service` timeout_sec - -`log_configs` -: an array of `google_compute_region_backend_service` log_config - -`networks` -: an array of `google_compute_region_backend_service` network - -`regions` -: an array of `google_compute_region_backend_service` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_instance_group_manager.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_instance_group_manager.md deleted file mode 100644 index d57bb790d4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_instance_group_manager.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "google_compute_region_instance_group_manager resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_region_instance_group_manager" - identifier = "inspec/resources/gcp/google_compute_region_instance_group_manager.md google_compute_region_instance_group_manager resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_region_instance_group_manager` is used to test a Google RegionInstanceGroupManager resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_region_instance_group_manager(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-rigm') do - it { should exist } - its('base_instance_name') { should eq 'rigm1' } - its('target_size') { should eq '1' } - its('named_ports.first.name') { should eq 'https' } - its('named_ports.first.port') { should eq '8888' } - its('auto_healing_policies.first.initial_delay_sec') { should eq '300' } -end - -describe google_compute_region_instance_group_manager(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute region instance group manager has the expected size - - describe google_compute_region_instance_group_manager(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-test') do - its('target_size') { should eq 2 } - end - -### Test that a GCP compute region instance group manager has a port with supplied name and value - - describe google_compute_region_instance_group_manager(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-test') do - its('named_ports') { should include "http" } - end - -## Properties - -Properties that can be accessed from the `google_compute_region_instance_group_manager` resource: - -`base_instance_name` -: The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035. - -`creation_timestamp` -: The creation timestamp for this managed instance group in RFC3339 text format. - -`current_actions` -: The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions. - - `abandoning` - : The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it. - - `creating` - : The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated. - - `creating_without_retries` - : The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly. - - `deleting` - : The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted. - - `none` - : The number of instances in the managed instance group that are running and have no scheduled actions. - - `recreating` - : The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template. - - `refreshing` - : The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance. - - `restarting` - : The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: A unique identifier for this resource - -`instance_group` -: The instance group being managed - -`instance_template` -: The instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. - -`name` -: The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035. - -`named_ports` -: Named ports configured for the Instance Groups complementary to this Instance Group Manager. - - `name` - : The name for this named port. The name must be 1-63 characters long, and comply with RFC1035. - - `port` - : The port number, which can be a value between 1 and 65535. - -`target_pools` -: TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group. - -`target_size` -: The target number of running instances for this managed instance group. Deleting or abandoning instances reduces this number. Resizing the group changes this number. - -`auto_healing_policies` -: The autohealing policy for this managed instance group - - `health_check` - : The URL for the health check that signals autohealing. - - `initial_delay_sec` - : The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances - -`region` -: The region the managed instance group resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_instance_group_managers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_instance_group_managers.md deleted file mode 100644 index 5181d59509..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_region_instance_group_managers.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "google_compute_region_instance_group_managers resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_region_instance_group_managers" - identifier = "inspec/resources/gcp/google_compute_region_instance_group_managers.md google_compute_region_instance_group_managers resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_region_instance_group_managers` is used to test a Google RegionInstanceGroupManager resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -``` -describe google_compute_region_instance_group_managers(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('instance_group_manager_names') { should include 'inspec-rigm' } - its('base_instance_names') { should include 'rigm1' } -end -``` - -### Test that there are no more than a specified number of instance groups available for the project - - describe google_compute_region_instance_group_managers(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('count') { should be <= 100} - end - -### Test that an expected instance_group is available for the project - - describe google_compute_region_instance_group_managers(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('instance_group_names') { should include "my-instance-group-name" } - end - -### Test that a subset of all instance_groups matching "mig\*" have size greater than zero - - google_compute_region_instance_group_managers(project: 'chef-inspec-gcp', region: 'europe-west2').where(instance_group_name: /^mig/).instance_group_names.each do |instance_group_name| - describe google_compute_instance_group(project: 'chef-inspec-gcp', region: 'europe-west2', name: instance_group_name) do - it { should exist } - its('target_size') { should be > 0 } - end - end - -## Properties - -Properties that can be accessed from the `google_compute_region_instance_group_managers` resource: - -See the [google_compute_region_instance_group_manager](/inspec/resources/google_compute_region_instance_group_manager/#properties) resource for more information. - -`base_instance_names` -: an array of `google_compute_region_instance_group_manager` base_instance_name - -`creation_timestamps` -: an array of `google_compute_region_instance_group_manager` creation_timestamp - -`current_actions` -: an array of `google_compute_region_instance_group_manager` current_actions - -`descriptions` -: an array of `google_compute_region_instance_group_manager` description - -`instance_group_manager_ids` -: an array of `google_compute_region_instance_group_manager` id - -`instance_groups` -: an array of `google_compute_region_instance_group_manager` instance_group - -`instance_templates` -: an array of `google_compute_region_instance_group_manager` instance_template - -`instance_group_manager_names` -: an array of `google_compute_region_instance_group_manager` name - -`named_ports` -: an array of `google_compute_region_instance_group_manager` named_ports - -`target_pools` -: an array of `google_compute_region_instance_group_manager` target_pools - -`target_sizes` -: an array of `google_compute_region_instance_group_manager` target_size - -`auto_healing_policies` -: an array of `google_compute_region_instance_group_manager` auto_healing_policies - -`regions` -: an array of `google_compute_region_instance_group_manager` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_regional_disk.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_regional_disk.md deleted file mode 100644 index 65a78ef3d6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_regional_disk.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "google_compute_regional_disk resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_regional_disk" - identifier = "inspec/resources/gcp/google_compute_regional_disk.md google_compute_regional_disk resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_regional_disk` is used to test a Google Regional Disk resource - -## Examples - -```ruby -describe google_compute_regional_disk(project: 'chef-gcp-inspec', name: 'my_disk', region: 'region') do - it { should exist } - its('type') { should match 'pd-standard' } -end - -describe.one do - google_compute_regional_disk(project: 'chef-gcp-inspec', name: 'my_disk', region: 'region').labels.each_pair do |key, value| - describe key do - it { should cmp "environment" } - end - end -end - -describe google_compute_regional_disk(project: 'chef-gcp-inspec', name: 'nonexistent', region: 'region') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_regional_disk` resource: - -`label_fingerprint` -: The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`size_gb` -: Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the sourceImage or sourceSnapshot parameter, or specify it alone to create an empty persistent disk. If you specify this field along with sourceImage or sourceSnapshot, the value of sizeGb must not be less than the size of the sourceImage or the size of the snapshot. - -`physical_block_size_bytes` -: Physical block size of the persistent disk, in bytes. If not present in a request, a default value is used. Currently supported sizes are 4096 and 16384, other sizes may be added in the future. If an unsupported value is requested, the error message will list the supported values for the caller's project. - -`type` -: URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk. - -`region` -: A reference to the region where the disk resides. - -`replica_zones` -: A reference to the zones where the disk resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_regions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_regions.md deleted file mode 100644 index e4879df427..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_regions.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "google_compute_regions resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_regions" - identifier = "inspec/resources/gcp/google_compute_regions.md google_compute_regions resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_regions` is used to test a Google Region resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -``` -describe google_compute_regions(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('region_names') { should include "#{gcp_location}" } - its('region_statuses') { should_not include "DOWN" } - its('region_ids') { should include "1290" } -end -``` - -### Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_region` - -```ruby - google_compute_regions(project: 'chef-inspec-gcp').region_names.each do |region_name| - describe google_compute_region(project: 'chef-inspec-gcp', region: region_name) do - it { should be_up } - end - end -``` - -### Test that there are more than a specified number of regions available for the project - -```ruby -describe google_compute_regions(project: 'chef-inspec-gcp') do - its('count') { should be >= 10} -end -``` - -### Test that an expected region is available for the project - -```ruby -describe google_compute_regions(project: 'chef-inspec-gcp') do - its('region_names') { should include 'europe-west2' } -end -``` - -### Test whether any regions are in status "DOWN" - -```ruby -describe google_compute_regions(project: 'chef-inspec-gcp') do - its('region_statuses') { should_not include "DOWN" } -end -``` - -### Test that a subset of all regions matching "europe\*" are "UP" - -```ruby -google_compute_regions(project: gcp_project_id).where(region_name: /^europe/).region_names.each do |region_name| - describe google_compute_region(project: 'chef-inspec-gcp', region: region_name) do - it { should be_up } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_regions` resource: - -See the [google_compute_region](/inspec/resources/google_compute_region/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_region` creation_timestamp - -`deprecateds` -: an array of `google_compute_region` deprecated - -`descriptions` -: an array of `google_compute_region` description - -`region_ids` -: an array of `google_compute_region` id - -`region_names` -: an array of `google_compute_region` name - -`quotas` -: an array of `google_compute_region` quotas - -`region_statuses` -: an array of `google_compute_region` status - -`zones` -: an array of `google_compute_region` zones - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_route.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_route.md deleted file mode 100644 index 02344ee84c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_route.md +++ /dev/null @@ -1,80 +0,0 @@ -+++ -title = "google_compute_route resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_route" - identifier = "inspec/resources/gcp/google_compute_route.md google_compute_route resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_route` is used to test a Google Route resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_route(project: 'chef-gcp-inspec', name: 'inspec-gcp-route') do - it { should exist } - its('dest_range') { should eq '15.0.0.0/24' } - its('network') { should match /\/gcp-inspec-network$/ } - its('next_hop_ip') { should eq '10.2.0.1' } - its('priority') { should eq '100' } -end - -describe google_compute_route(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_route` resource: - -`dest_range` -: The destination range of outgoing packets that this route applies to. Only IPv4 is supported. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`network` -: The network that this route applies to. - -`priority` -: The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535. - -`tags` -: A list of instance tags to which this route applies. - -`next_hop_gateway` -: URL to a gateway that should handle matching packets. Currently, you can only specify the internet gateway, using a full or partial valid URL: _ https://www.googleapis.com/compute/v1/projects/project/ global/gateways/default-internet-gateway _ projects/project/global/gateways/default-internet-gateway \* global/gateways/default-internet-gateway - -`next_hop_instance` -: URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example: _ https://www.googleapis.com/compute/v1/projects/project/zones/zone/ instances/instance _ projects/project/zones/zone/instances/instance \* zones/zone/instances/instance - -`next_hop_ip` -: Network IP address of an instance that should handle matching packets. - -`next_hop_vpn_tunnel` -: URL to a VpnTunnel that should handle matching packets. - -`next_hop_network` -: URL to a Network that should handle matching packets. - -`next_hop_ilb` -: The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets. You can only specify the forwarding rule as a partial or full URL. For example, the following are all valid URLs: https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule regions/region/forwardingRules/forwardingRule Note that this can only be used when the destinationRange is a public (non-RFC 1918) IP CIDR range. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router.md deleted file mode 100644 index 6616fb27a9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router.md +++ /dev/null @@ -1,90 +0,0 @@ -+++ -title = "google_compute_router resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_router" - identifier = "inspec/resources/gcp/google_compute_router.md google_compute_router resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_router` is used to test a Google Router resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-router') do - it { should exist } - its('bgp.asn') { should eq '64514' } - its('bgp.advertise_mode') { should eq 'CUSTOM' } - its('bgp.advertised_groups') { should include 'ALL_SUBNETS' } - its('bgp.advertised_ip_ranges.count') { should eq 2 } - its('bgp.advertised_ip_ranges.first.range') { should eq '1.2.3.4' } - its('bgp.advertised_ip_ranges.last.range') { should eq '1.2.3.4' } - its('network') { should match /\/gcp-inspec-network$/ } - end - -describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_router` resource: - -`id` -: The unique identifier for the resource. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`name` -: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`description` -: An optional description of this resource. - -`network` -: A reference to the network to which this router belongs. - -`bgp` -: BGP information specific to this router. - - `asn` - : Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN. - - `advertise_mode` - : User-specified flag to indicate which mode to use for advertisement. - - Possible values: - - DEFAULT - - CUSTOM - - `advertised_groups` - : User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups. This enum field has the one valid value: ALL_SUBNETS - - `advertised_ip_ranges` - : User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges. - - `range` - : The IP range to advertise. The value must be a CIDR-formatted string. - - `description` - : User-specified description for the IP range. - -`region` -: Region where the router resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router_nat.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router_nat.md deleted file mode 100644 index d3403a7b37..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router_nat.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "google_compute_router_nat resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_router_nat" - identifier = "inspec/resources/gcp/google_compute_router_nat.md google_compute_router_nat resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_router_nat` is used to test a Google RouterNat resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do - it { should exist } - its('nat_ip_allocate_option') { should cmp 'AUTO_ONLY' } - its('source_subnetwork_ip_ranges_to_nat') { should cmp 'ALL_SUBNETWORKS_ALL_IP_RANGES' } - its('min_ports_per_vm') { should cmp '2' } - its('log_config.enable') { should cmp 'true' } - its('log_config.filter') { should cmp 'ERRORS_ONLY' } -end - -describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'nonexistent', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_router_nat` resource: - -`name` -: Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035. - -`nat_ip_allocate_option` -: How external IPs should be allocated for this NAT. Valid values are `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. - - Possible values: - - - MANUAL_ONLY - - AUTO_ONLY - -`nat_ips` -: Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. - -`drain_nat_ips` -: A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. - -`source_subnetwork_ip_ranges_to_nat` -: How NAT should be configured per Subnetwork. If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the IP ranges in every Subnetwork are allowed to Nat. If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP ranges in every Subnetwork are allowed to Nat. `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. - - Possible values: - - - ALL_SUBNETWORKS_ALL_IP_RANGES - - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES - - LIST_OF_SUBNETWORKS - -`subnetwork` -: One or more subnetwork NAT configurations. Only used if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS` - -`name` -: Self-link of subnetwork to NAT - -`source_ip_ranges_to_nat` -: List of options for which source IPs in the subnetwork should have NAT enabled. - - Supported values include: - - - `ALL_IP_RANGES` - - `LIST_OF_SECONDARY_IP_RANGES` - - `PRIMARY_IP_RANGE` - -`secondary_ip_range_names` -: List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if `LIST_OF_SECONDARY_IP_RANGES` is one of the values in sourceIpRangesToNat - -`min_ports_per_vm` -: Minimum number of ports allocated to a VM from this NAT. - -`udp_idle_timeout_sec` -: Timeout (in seconds) for UDP connections. Defaults to 30s if not set. - -`icmp_idle_timeout_sec` -: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. - -`tcp_established_idle_timeout_sec` -: Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. - -`tcp_transitory_idle_timeout_sec` -: Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. - -`log_config` -: Configuration for logging on NAT - -`enable` -: Indicates whether or not to export logs. - -`filter` -: Specifies the desired filtering of logs on this NAT. - - Possible values: - - - ERRORS_ONLY - - TRANSLATIONS_ONLY - - ALL - -`router` -: The name of the Cloud Router in which this NAT will be configured. - -`region` -: Region where the router and NAT reside. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router_nats.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router_nats.md deleted file mode 100644 index 36b592aa8c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_router_nats.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "google_compute_router_nats resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_router_nats" - identifier = "inspec/resources/gcp/google_compute_router_nats.md google_compute_router_nats resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_router_nats` is used to test a Google RouterNat resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_router_nats(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router') do - its('names') { should include 'inspec-router-nat' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_router_nats` resource: - -See the [google_compute_router_nat](/inspec/resources/google_compute_router_nat/#properties) resource for more information. - -`names` -: an array of `google_compute_router_nat` name - -`nat_ip_allocate_options` -: an array of `google_compute_router_nat` nat_ip_allocate_option - -`nat_ips` -: an array of `google_compute_router_nat` nat_ips - -`drain_nat_ips` -: an array of `google_compute_router_nat` drain_nat_ips - -`source_subnetwork_ip_ranges_to_nats` -: an array of `google_compute_router_nat` source_subnetwork_ip_ranges_to_nat - -`subnetworks` -: an array of `google_compute_router_nat` subnetwork - -`min_ports_per_vms` -: an array of `google_compute_router_nat` min_ports_per_vm - -`udp_idle_timeout_secs` -: an array of `google_compute_router_nat` udp_idle_timeout_sec - -`icmp_idle_timeout_secs` -: an array of `google_compute_router_nat` icmp_idle_timeout_sec - -`tcp_established_idle_timeout_secs` -: an array of `google_compute_router_nat` tcp_established_idle_timeout_sec - -`tcp_transitory_idle_timeout_secs` -: an array of `google_compute_router_nat` tcp_transitory_idle_timeout_sec - -`log_configs` -: an array of `google_compute_router_nat` log_config - -`routers` -: an array of `google_compute_router_nat` router - -`regions` -: an array of `google_compute_router_nat` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_routers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_routers.md deleted file mode 100644 index fa7f75fdf0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_routers.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "google_compute_routers resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_routers" - identifier = "inspec/resources/gcp/google_compute_routers.md google_compute_routers resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_routers` is used to test a Google Router resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_routers(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('names') { should include 'inspec-gcp-router' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_routers` resource: - -See the [google_compute_router](/inspec/resources/google_compute_router/#properties) resource for more information. - -`ids` -: an array of `google_compute_router` id - -`creation_timestamps` -: an array of `google_compute_router` creation_timestamp - -`names` -: an array of `google_compute_router` name - -`descriptions` -: an array of `google_compute_router` description - -`networks` -: an array of `google_compute_router` network - -`bgps` -: an array of `google_compute_router` bgp - -`regions` -: an array of `google_compute_router` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_routes.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_routes.md deleted file mode 100644 index de3038e05e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_routes.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "google_compute_routes resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_routes" - identifier = "inspec/resources/gcp/google_compute_routes.md google_compute_routes resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_routes` is used to test a Google Route resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_routes(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('dest_ranges') { should include '15.0.0.0/24' } - its('next_hop_ips') { should include '10.2.0.1' } - its('priorities') { should include '100' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_routes` resource: - -See the [google_compute_route](/inspec/resources/google_compute_route/#properties) resource for more information. - -`dest_ranges` -: an array of `google_compute_route` dest_range - -`descriptions` -: an array of `google_compute_route` description - -`names` -: an array of `google_compute_route` name - -`networks` -: an array of `google_compute_route` network - -`priorities` -: an array of `google_compute_route` priority - -`tags` -: an array of `google_compute_route` tags - -`next_hop_gateways` -: an array of `google_compute_route` next_hop_gateway - -`next_hop_instances` -: an array of `google_compute_route` next_hop_instance - -`next_hop_ips` -: an array of `google_compute_route` next_hop_ip - -`next_hop_vpn_tunnels` -: an array of `google_compute_route` next_hop_vpn_tunnel - -`next_hop_networks` -: an array of `google_compute_route` next_hop_network - -`next_hop_ilbs` -: an array of `google_compute_route` next_hop_ilb - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_security_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_security_policies.md deleted file mode 100644 index a4132ebdb0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_security_policies.md +++ /dev/null @@ -1,53 +0,0 @@ -+++ -title = "google_compute_security_policies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_security_policies" - identifier = "inspec/resources/gcp/google_compute_security_policies.md google_compute_security_policies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_security_policies` is used to test a Google SecurityPolicy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_security_policies(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } - its('names') { should include 'sec-policy' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_security_policies` resource: - -See the [google_compute_security_policy](/inspec/resources/google_compute_security_policy/#properties) resource for more information. - -`names` -: an array of `google_compute_security_policy` name - -`ids` -: an array of `google_compute_security_policy` id - -`rules` -: an array of `google_compute_security_policy` rules - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_security_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_security_policy.md deleted file mode 100644 index 69888df87b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_security_policy.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "google_compute_security_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_security_policy" - identifier = "inspec/resources/gcp/google_compute_security_policy.md google_compute_security_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_security_policy` is used to test a Google SecurityPolicy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_security_policy(project: 'chef-gcp-inspec', name: 'sec-policy') do - it { should exist } - its('rules.size') { should cmp 2 } - its('rules.first.priority') { should cmp '1000' } - its('rules.first.match.config.src_ip_ranges.first') { should cmp '9.9.9.0/24' } -end - -describe google_compute_security_policy(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_security_policy` resource: - -`name` -: Name of the security policy. - -`id` -: The unique identifier for the resource. - -`rules` -: A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added. - -`description` -: A description of the rule. - -`priority` -: An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. - -`action` -: The Action to preform when the client connection triggers the rule. Can currently be either "allow" or "deny()" where valid values for status are 403, 404, and 502. - -`preview` -: If set to true, the specified action is not enforced. - -`match` -: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. - - `description` - : A description of the rule. - - `expr` - : User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. - - `expression` - : Textual representation of an expression in Common Expression Language syntax. - - `title` - : Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. - - `description` - : Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. - - `location` - : Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. - - `versioned_expr` - : Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: `SRC_IPS_V1` - must specify the corresponding srcIpRange field in config. - - `config` - : The configuration options available when specifying versionedExpr. This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified. - - `src_ip_ranges` - : CIDR IP address range. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_snapshot.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_snapshot.md deleted file mode 100644 index bb322ec09f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_snapshot.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "google_compute_snapshot resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_snapshot" - identifier = "inspec/resources/gcp/google_compute_snapshot.md google_compute_snapshot resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_snapshot` is used to test a Google Snapshot resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_snapshot(project: 'chef-gcp-inspec', name: 'inspec-gcp-disk-snapshot') do - it { should exist } - its('source_disk') { should match 'inspec-snapshot-disk' } -end - -describe google_compute_snapshot(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_snapshot` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`id` -: The unique identifier for the resource. - -`disk_size_gb` -: Size of the snapshot, specified in GB. - -`name` -: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`description` -: An optional description of this resource. - -`storage_bytes` -: A size of the the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion. - -`licenses` -: A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image). snapshotEncryptionKey nested object Encrypts the snapshot using a customer-supplied encryption key. - -`labels` -: Labels to apply to this Snapshot. - -`label_fingerprint` -: The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`source_disk` -: A reference to the disk used to create this snapshot. - -`zone` -: A reference to the zone where the disk is hosted. - -`snapshot_encryption_key` -: The customer --supplied encryption key of the snapshot. Required if the source snapshot is protected by a customer-supplied encryption key. - -`raw_key` -: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - -`sha256` -: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. - -`kms_key_name` -: The name of the encryption key that is stored in Google Cloud KMS. - -`source_disk_encryption_key` -: The customer --supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key. - -`raw_key` -: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. - -`kms_key_name` -: The name of the encryption key that is stored in Google Cloud KMS. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_snapshots.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_snapshots.md deleted file mode 100644 index 29d03abc8c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_snapshots.md +++ /dev/null @@ -1,90 +0,0 @@ -+++ -title = "google_compute_snapshots resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_snapshots" - identifier = "inspec/resources/gcp/google_compute_snapshots.md google_compute_snapshots resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_snapshots` is used to test a Google Snapshot resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_snapshots(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } -end - -describe.one do - google_compute_snapshots(project: 'chef-gcp-inspec').names do |snapshot_name| - describe google_compute_snapshot(project: 'chef-gcp-inspec', name: snapshot_name) do - its('source_disk') { should match 'inspec-snapshot-disk' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_snapshots` resource: - -See the [google_compute_snapshot](/inspec/resources/google_compute_snapshot/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_snapshot` creation_timestamp - -`ids` -: an array of `google_compute_snapshot` id - -`disk_size_gbs` -: an array of `google_compute_snapshot` disk_size_gb - -`names` -: an array of `google_compute_snapshot` name - -`descriptions` -: an array of `google_compute_snapshot` description - -`storage_bytes` -: an array of `google_compute_snapshot` storage_bytes - -`licenses` -: an array of `google_compute_snapshot` licenses - -`labels` -: an array of `google_compute_snapshot` labels - -`label_fingerprints` -: an array of `google_compute_snapshot` label_fingerprint - -`source_disks` -: an array of `google_compute_snapshot` source_disk - -`zones` -: an array of `google_compute_snapshot` zone - -`snapshot_encryption_keys` -: an array of `google_compute_snapshot` snapshot_encryption_key - -`source_disk_encryption_keys` -: an array of `google_compute_snapshot` source_disk_encryption_key - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_certificate.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_certificate.md deleted file mode 100644 index 0318fa3958..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_certificate.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "google_compute_ssl_certificate resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_ssl_certificate" - identifier = "inspec/resources/gcp/google_compute_ssl_certificate.md google_compute_ssl_certificate resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_ssl_certificate` is used to test a Google SslCertificate resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_ssl_certificate(project: 'chef-gcp-inspec', name: 'inspec-gcp-ssl-certificate') do - it { should exist } - its('description') { should eq 'A fake ssl certificate (DO NOT USE)' } - its('certificate') { should eq '-----BEGIN CERTIFICATE----- -MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG -EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT -BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm -b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN -AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 -MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP -BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM -FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z -aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ -4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O -BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn -0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O -M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ -zqGNhIPGq2ULqXKK8BY= ------END CERTIFICATE----- -' } -end - -describe google_compute_ssl_certificate(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_ssl_certificate` resource: - -`certificate` -: The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`private_key` -: The write-only private key in PEM format. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_certificates.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_certificates.md deleted file mode 100644 index d91079a4fb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_certificates.md +++ /dev/null @@ -1,81 +0,0 @@ -+++ -title = "google_compute_ssl_certificates resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_ssl_certificates" - identifier = "inspec/resources/gcp/google_compute_ssl_certificates.md google_compute_ssl_certificates resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_ssl_certificates` is used to test a Google SslCertificate resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_ssl_certificates(project: 'chef-gcp-inspec') do - - its('names') { should include 'inspec-gcp-ssl-certificate' } - its('descriptions') { should include 'A fake ssl certificate (DO NOT USE)' } - its('certificates') { should include '-----BEGIN CERTIFICATE----- -MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG -EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT -BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm -b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN -AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 -MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP -BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM -FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z -aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ -4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O -BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn -0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O -M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ -zqGNhIPGq2ULqXKK8BY= ------END CERTIFICATE----- -' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_ssl_certificates` resource: - -See the [google_compute_ssl_certificate](/inspec/resources/google_compute_ssl_certificate/#properties) resource for more information. - -`certificates` -: an array of `google_compute_ssl_certificate` certificate - -`creation_timestamps` -: an array of `google_compute_ssl_certificate` creation_timestamp - -`descriptions` -: an array of `google_compute_ssl_certificate` description - -`ids` -: an array of `google_compute_ssl_certificate` id - -`names` -: an array of `google_compute_ssl_certificate` name - -`private_keys` -: an array of `google_compute_ssl_certificate` private_key - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_policies.md deleted file mode 100644 index 5b34d3d01d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_policies.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "google_compute_ssl_policies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_ssl_policies" - identifier = "inspec/resources/gcp/google_compute_ssl_policies.md google_compute_ssl_policies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_ssl_policies` is used to test a Google SslPolicy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_ssl_policies(project: 'chef-gcp-inspec') do - it { should exist } - its('names') { should include 'inspec-gcp-ssl-policy' } - its('profiles') { should include 'CUSTOM' } - its('count') { should eq 1 } -end - -google_compute_ssl_policies(project: 'chef-gcp-inspec').names.each do |policy_name| - describe google_compute_ssl_policy(project: 'chef-gcp-inspec', name: policy_name) do - its('min_tls_version') { should eq 'TLS_1_2' } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_ssl_policies` resource: - -See the [google_compute_ssl_policy](/inspec/resources/google_compute_ssl_policy/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_ssl_policy` creation_timestamp - -`descriptions` -: an array of `google_compute_ssl_policy` description - -`ids` -: an array of `google_compute_ssl_policy` id - -`names` -: an array of `google_compute_ssl_policy` name - -`profiles` -: an array of `google_compute_ssl_policy` profile - -`min_tls_versions` -: an array of `google_compute_ssl_policy` min_tls_version - -`enabled_features` -: an array of `google_compute_ssl_policy` enabled_features - -`custom_features` -: an array of `google_compute_ssl_policy` custom_features - -`fingerprints` -: an array of `google_compute_ssl_policy` fingerprint - -`warnings` -: an array of `google_compute_ssl_policy` warnings - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_policy.md deleted file mode 100644 index 889c6ce836..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_ssl_policy.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "google_compute_ssl_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_ssl_policy" - identifier = "inspec/resources/gcp/google_compute_ssl_policy.md google_compute_ssl_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_ssl_policy` is used to test a Google SslPolicy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_ssl_policy(project: 'chef-gcp-inspec', name: 'inspec-gcp-ssl-policy') do - it { should exist } - its('min_tls_version') { should eq 'TLS_1_2' } - its('profile') { should eq 'CUSTOM' } - its('custom_features') { should include 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' } - its('custom_features') { should include 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' } -end - -describe google_compute_ssl_policy(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_ssl_policy` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`profile` -: Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. If using `CUSTOM`, the set of SSL features to enable must be specified in the `customFeatures` field. - - Possible values: - - - COMPATIBLE - - MODERN - - RESTRICTED - - CUSTOM - - -`min_tls_version` -: The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. - - Possible values: - - - TLS_1_0 - - TLS_1_1 - - TLS_1_2 - -`enabled_features` -: The list of features enabled in the SSL policy. - -`custom_features` -: A list of features enabled when the selected profile is CUSTOM. The method returns the set of features that can be specified in this list. This field must be empty if the profile is not CUSTOM. - -`fingerprint` -: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. - -`warnings` -: If potential misconfigurations are detected for this SSL policy, this field will be populated with warning messages. - -`code` -: A warning code, if applicable. - -`message` -: A human-readable description of the warning code. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork.md deleted file mode 100644 index dd4fe30710..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork.md +++ /dev/null @@ -1,166 +0,0 @@ -+++ -title = "google_compute_subnetwork resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_subnetwork" - identifier = "inspec/resources/gcp/google_compute_subnetwork.md google_compute_subnetwork resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_subnetwork` is used to test a Google Subnetwork resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_subnetwork(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-subnet') do - it { should exist } - its('ip_cidr_range') { should eq '10.2.0.0/16' } - its('log_config.enable') { should be true } - its('log_config.flow_sampling') { should cmp '0.5' } - its('log_config.aggregation_interval') { should cmp 'INTERVAL_10_MIN' } - its('log_config.metadata') { should include 'INCLUDE_ALL_METADATA' } -end - -describe google_compute_subnetwork(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute subnetwork exists - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - it { should exist } - end - -### Test when a GCP compute subnetwork was created - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - its('creation_timestamp') { should be > Time.now - 365*60*60*24*10 } - end - -### Test for an expected subnetwork identifier - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - its('id') { should eq 12345567789 } - end - -### Test that a subnetwork gateway address is as expected - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - its('gateway_address') { should eq "10.2.0.1" } - end - -### Test that a subnetwork IP CIDR range is as expected - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - its('ip_cidr_range') { should eq "10.2.0.0/29" } - end - -### Test that a subnetwork is associated with the expected network - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - its('network') { should match "gcp_network_name" } - end - -### Test whether VMs in this subnet can access Google services without assigning external IP addresses through Private Google Access - - describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do - its('private_ip_google_access') { should be false } - end - -## Properties - -Properties that can be accessed from the `google_compute_subnetwork` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time. - -`gateway_address` -: The gateway address for default routes to reach destination addresses outside this subnetwork. - -`id` -: The unique identifier for the resource. - -`ip_cidr_range` -: The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. - -`name` -: The name of the resource, provided by the client when initially creating the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`network` -: The network this subnet belongs to. Only networks that are in the distributed mode can have subnetworks. - -`purpose` -: (Beta only) The purpose of the resource. This field can be either PRIVATE or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE. If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role. - - Possible values: - - - INTERNAL_HTTPS_LOAD_BALANCER - - PRIVATE - -`role` -: (Beta only) The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - - Possible values: - - - ACTIVE - - BACKUP - -`secondary_ip_ranges` -: An array of configurations for secondary IP ranges for VM instances contained in this subnetwork. The primary IP of such VM must belong to the primary ipCidrRange of the subnetwork. The alias IPs may belong to either primary or secondary ranges. - -`range_name` -: The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. - -`ip_cidr_range` -: The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. - -`private_ip_google_access` -: When enabled, VMs in this subnetwork without external IP addresses can access Google APIs and services by using Private Google Access. - -`region` -: URL of the GCP region for this subnetwork. - -`log_config` -: Denotes the logging options for the subnetwork flow logs. If logging is enabled logs will be exported to Stackdriver. This field cannot be set if the `purpose` of this subnetwork is `INTERNAL_HTTPS_LOAD_BALANCER` - -`enable` -: If logging is enabled for this subnetwork - -`aggregation_interval` -: Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection. - - Possible values: - - INTERVAL_5_SEC - - INTERVAL_30_SEC - - INTERVAL_1_MIN - - INTERVAL_5_MIN - - INTERVAL_10_MIN - - INTERVAL_15_MIN - -`flow_sampling` -: Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 which means half of all collected logs are reported. - -`metadata` -: Can only be specified if VPC flow logging for this subnetwork is enabled. Configures whether metadata fields should be added to the reported VPC flow logs. - - Possible values: - - EXCLUDE_ALL_METADATA - - INCLUDE_ALL_METADATA - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork_iam_binding.md deleted file mode 100644 index 3ffbb8e5e1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_compute_subnetwork_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_subnetwork_iam_binding" - identifier = "inspec/resources/gcp/google_compute_subnetwork_iam_binding.md google_compute_subnetwork_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_subnetwork_iam_binding` is used to test a Google Subnetwork Iam Bindings - -## Examples - -```ruby -describe google_compute_subnetwork_iam_binding(project: "project", region: "region", name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_subnetwork_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork_iam_policy.md deleted file mode 100644 index ee4425e16c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetwork_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_compute_subnetwork_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_subnetwork_iam_policy" - identifier = "inspec/resources/gcp/google_compute_subnetwork_iam_policy.md google_compute_subnetwork_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_subnetwork_iam_policy` is used to test a Google Subnetwork Iam Policy resource - -## Examples - -```ruby -describe google_compute_subnetwork_iam_policy(project: "project", region: "region", name: "name") do - it { should exist } -end - -google_compute_subnetwork_iam_policy(project: "project", region: "region", name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_subnetwork_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - -`service` -: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - -`audit_log_configs` -: The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetworks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetworks.md deleted file mode 100644 index 347571bdb7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_subnetworks.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "google_compute_subnetworks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_subnetworks" - identifier = "inspec/resources/gcp/google_compute_subnetworks.md google_compute_subnetworks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_subnetworks` is used to test a Google Subnetwork resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_subnetworks(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('ip_cidr_ranges') { should include '10.2.0.0/16' } - its('subnetwork_names') { should include 'inspec-subnet' } -end -``` - -### Test that there are no more than a specified number of subnetworks available for the project and region - - describe google_compute_subnetworks(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('count') { should be <= 100} - end - -### Test that an expected subnetwork identifier is present in the project and region - - describe google_compute_subnetworks(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('subnetwork_ids') { should include 12345678975432 } - end - -### Test that an expected subnetwork name is available for the project and region - - describe google_compute_subnetworks(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('subnetwork_names') { should include "subnetwork-name" } - end - -### Test that an expected subnetwork network name is not present for the project and region - - describe google_compute_subnetworks(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('subnetwork_networks') { should not include "network-name" } - end - -## Properties - -Properties that can be accessed from the `google_compute_subnetworks` resource: - -See the [google_compute_subnetwork](/inspec/resources/google_compute_subnetwork/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_subnetwork` creation_timestamp - -`descriptions` -: an array of `google_compute_subnetwork` description - -`gateway_addresses` -: an array of `google_compute_subnetwork` gateway_address - -`subnetwork_ids` -: an array of `google_compute_subnetwork` id - -`ip_cidr_ranges` -: an array of `google_compute_subnetwork` ip_cidr_range - -`subnetwork_names` -: an array of `google_compute_subnetwork` name - -`networks` -: an array of `google_compute_subnetwork` network - -`purposes` -: (Beta only) an array of `google_compute_subnetwork` purpose - -`roles` -: (Beta only) an array of `google_compute_subnetwork` role - -`secondary_ip_ranges` -: an array of `google_compute_subnetwork` secondary_ip_ranges - -`private_ip_google_accesses` -: an array of `google_compute_subnetwork` private_ip_google_access - -`regions` -: an array of `google_compute_subnetwork` region - -`log_configs` -: an array of `google_compute_subnetwork` log_config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_http_proxies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_http_proxies.md deleted file mode 100644 index 041973f24d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_http_proxies.md +++ /dev/null @@ -1,59 +0,0 @@ -+++ -title = "google_compute_target_http_proxies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_http_proxies" - identifier = "inspec/resources/gcp/google_compute_target_http_proxies.md google_compute_target_http_proxies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_http_proxies` is used to test a Google TargetHttpProxy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_http_proxies(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-http-proxy' } - its('descriptions') { should include 'A HTTP proxy' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_http_proxies` resource: - -See the [google_compute_target_http_proxy](/inspec/resources/google_compute_target_http_proxy/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_target_http_proxy` creation_timestamp - -`descriptions` -: an array of `google_compute_target_http_proxy` description - -`ids` -: an array of `google_compute_target_http_proxy` id - -`names` -: an array of `google_compute_target_http_proxy` name - -`url_maps` -: an array of `google_compute_target_http_proxy` url_map - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_http_proxy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_http_proxy.md deleted file mode 100644 index b3ec3bf696..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_http_proxy.md +++ /dev/null @@ -1,57 +0,0 @@ -+++ -title = "google_compute_target_http_proxy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_http_proxy" - identifier = "inspec/resources/gcp/google_compute_target_http_proxy.md google_compute_target_http_proxy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_http_proxy` is used to test a Google TargetHttpProxy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_http_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-http-proxy') do - it { should exist } - its('description') { should eq 'A HTTP proxy' } - its('url_map') { should match /\/inspec-gcp-url-map$/ } -end - -describe google_compute_target_http_proxy(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_http_proxy` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`url_map` -: A reference to the UrlMap resource that defines the mapping from URL to the BackendService. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_https_proxies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_https_proxies.md deleted file mode 100644 index 37c3f3902e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_https_proxies.md +++ /dev/null @@ -1,68 +0,0 @@ -+++ -title = "google_compute_target_https_proxies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_https_proxies" - identifier = "inspec/resources/gcp/google_compute_target_https_proxies.md google_compute_target_https_proxies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_https_proxies` is used to test a Google TargetHttpsProxy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_https_proxies(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-https-proxy' } - its('descriptions') { should include 'A HTTPS target proxy' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_https_proxies` resource: - -See the [google_compute_target_https_proxy](/inspec/resources/google_compute_target_https_proxy/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_target_https_proxy` creation_timestamp - -`descriptions` -: an array of `google_compute_target_https_proxy` description - -`ids` -: an array of `google_compute_target_https_proxy` id - -`names` -: an array of `google_compute_target_https_proxy` name - -`quic_overrides` -: an array of `google_compute_target_https_proxy` quic_override - -`ssl_certificates` -: an array of `google_compute_target_https_proxy` ssl_certificates - -`ssl_policies` -: an array of `google_compute_target_https_proxy` ssl_policy - -`url_maps` -: an array of `google_compute_target_https_proxy` url_map - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_https_proxy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_https_proxy.md deleted file mode 100644 index d95f74d9d3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_https_proxy.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_compute_target_https_proxy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_https_proxy" - identifier = "inspec/resources/gcp/google_compute_target_https_proxy.md google_compute_target_https_proxy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_https_proxy` is used to test a Google TargetHttpsProxy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_https_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-https-proxy') do - it { should exist } - its('url_map') { should match /\/inspec-gcp-url-map$/ } - its('description') { should eq 'A HTTPS target proxy' } -end - -describe google_compute_target_https_proxy(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_https_proxy` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`quic_override` -: Specifies the QUIC override policy for this resource. This determines whether the load balancer will attempt to negotiate QUIC with clients or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is specified, uses the QUIC policy with no user overrides, which is equivalent to DISABLE. - - Possible values: - - - NONE - - ENABLE - - DISABLE - -`ssl_certificates` -: A list of SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. - -`ssl_policy` -: A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured. - -`url_map` -: A reference to the UrlMap resource that defines the mapping from URL to the BackendService. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_pool.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_pool.md deleted file mode 100644 index c7ccdc6fce..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_pool.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_compute_target_pool resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_pool" - identifier = "inspec/resources/gcp/google_compute_target_pool.md google_compute_target_pool resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_pool` is used to test a Google TargetPool resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_pool(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-target-pool') do - it { should exist } - its('session_affinity') { should eq 'CLIENT_IP' } - it { should has_target_instance('gcp_ext_vm_name', 'zone') } -end - -describe google_compute_target_pool(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_pool` resource: - -`backup_pool` -: This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1]. backupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the "force" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`failover_ratio` -: This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1]. If set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the "force" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy. - -`health_check` -: A reference to a HttpHealthCheck resource. A member instance in this pool is considered healthy if and only if the health checks pass. If not specified it means all member instances will be considered healthy at all times. - -`id` -: The unique identifier for the resource. - -`instances` -: A list of virtual machine instances serving this pool. They must live in zones contained in the same region as this pool. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`session_affinity` -: Session affinity option. Must be one of these values: - NONE: Connections from the same client IP may go to any instance in the pool. - CLIENT_IP: Connections from the same client IP will go to the same instance in the pool while that instance remains healthy. - CLIENT_IP_PROTO: Connections from the same client IP with the same IP protocol will go to the same instance in the pool while that instance remains healthy. - - Possible values: - - - NONE - - CLIENT_IP - - CLIENT_IP_PROTO - -`region` -: The region where the target pool resides. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_pools.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_pools.md deleted file mode 100644 index f4b5e957f1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_pools.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "google_compute_target_pools resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_pools" - identifier = "inspec/resources/gcp/google_compute_target_pools.md google_compute_target_pools resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_pools` is used to test a Google TargetPool resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_pools(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('names') { should include 'inspec-gcp-target-pool' } - its('session_affinities') { should include 'CLIENT_IP' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_pools` resource: - -See the [google_compute_target_pool](/inspec/resources/google_compute_target_pool/#properties) resource for more information. - -`backup_pools` -: an array of `google_compute_target_pool` backup_pool - -`creation_timestamps` -: an array of `google_compute_target_pool` creation_timestamp - -`descriptions` -: an array of `google_compute_target_pool` description - -`failover_ratios` -: an array of `google_compute_target_pool` failover_ratio - -`health_checks` -: an array of `google_compute_target_pool` health_check - -`ids` -: an array of `google_compute_target_pool` id - -`instances` -: an array of `google_compute_target_pool` instances - -`names` -: an array of `google_compute_target_pool` name - -`session_affinities` -: an array of `google_compute_target_pool` session_affinity - -`regions` -: an array of `google_compute_target_pool` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_tcp_proxies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_tcp_proxies.md deleted file mode 100644 index 8259834482..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_tcp_proxies.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "google_compute_target_tcp_proxies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_tcp_proxies" - identifier = "inspec/resources/gcp/google_compute_target_tcp_proxies.md google_compute_target_tcp_proxies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_tcp_proxies` is used to test a Google TargetTcpProxy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_tcp_proxies(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-target-tcp-proxy' } - its('proxy_headers') { should include 'NONE' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_tcp_proxies` resource: - -See the [google_compute_target_tcp_proxy](/inspec/resources/google_compute_target_tcp_proxy/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_target_tcp_proxy` creation_timestamp - -`descriptions` -: an array of `google_compute_target_tcp_proxy` description - -`ids` -: an array of `google_compute_target_tcp_proxy` id - -`names` -: an array of `google_compute_target_tcp_proxy` name - -`proxy_headers` -: an array of `google_compute_target_tcp_proxy` proxy_header - -`services` -: an array of `google_compute_target_tcp_proxy` service - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_tcp_proxy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_tcp_proxy.md deleted file mode 100644 index 0a0be47095..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_target_tcp_proxy.md +++ /dev/null @@ -1,65 +0,0 @@ -+++ -title = "google_compute_target_tcp_proxy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_target_tcp_proxy" - identifier = "inspec/resources/gcp/google_compute_target_tcp_proxy.md google_compute_target_tcp_proxy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_target_tcp_proxy` is used to test a Google TargetTcpProxy resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_target_tcp_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-target-tcp-proxy') do - it { should exist } - its('proxy_header') { should eq 'NONE' } - its('service') { should match /\/gcp-inspec-tcp-backend-service$/ } -end - -describe google_compute_target_tcp_proxy(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_target_tcp_proxy` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`description` -: An optional description of this resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`proxy_header` -: Specifies the type of proxy header to append before sending data to the backend. - - Possible values: - - - NONE - - PROXY_V1 - -`service` -: A reference to the BackendService resource. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_url_map.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_url_map.md deleted file mode 100644 index 661a093082..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_url_map.md +++ /dev/null @@ -1,230 +0,0 @@ -+++ -title = "google_compute_url_map resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_url_map" - identifier = "inspec/resources/gcp/google_compute_url_map.md google_compute_url_map resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_url_map` is used to test a Google UrlMap resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_url_map(project: 'chef-gcp-inspec', name: 'inspec-gcp-url-map') do - it { should exist } - its('description') { should eq 'URL map description' } - its('default_service') { should match /\/inspec-gcp-backend-service$/ } - its('host_rules.count') { should eq 1 } - its('host_rules.first.hosts') { should include 'site.com' } - its('path_matchers.count') { should eq 1 } - its('path_matchers.first.default_service') { should match /\/inspec-gcp-backend-service$/ } - its('tests.count') { should eq 1 } - its('tests.first.host') { should eq 'test.com' } - its('tests.first.path') { should eq '/home' } -end - -describe google_compute_url_map(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_url_map` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`default_service` -: The full or partial URL of the defaultService resource to which traffic is directed if none of the hostRules match. If defaultRouteAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of defaultService, defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`id` -: The unique identifier for the resource. - -`fingerprint` -: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. - -`header_action` -: Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction specified here take effect after headerAction specified under pathMatcher. - -`request_headers_to_add` -: Headers to add to a matching request prior to forwarding the request to the backendService. - - `header_name` - : The name of the header. - - `header_value` - : The value of the header to add. - - `replace` - : If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - -`request_headers_to_remove` -: A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. - -`response_headers_to_add` -: Headers to add the response prior to sending the response back to the client. - - `header_name` - : The name of the header. - - `header_value` - : The value of the header to add. - - `replace` - : If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - -`response_headers_to_remove` -: A list of header names for headers that need to be removed from the response prior to sending the response back to the client. - -`host_rules` -: The list of HostRules to use against the URL. - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`hosts` -: The list of host patterns to match. They must be valid hostnames, except _ will match any string of ([a-z0-9-.]_). In that case, \* must be the first character and must be followed in the pattern by either - or .. - -`path_matcher` -: The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion. - -`name` -: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`path_matchers` -: The list of named PathMatchers to use against the URL. - -`default_service` -: The full or partial URL to the BackendService resource. This will be used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backendService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if defaultRouteAction specifies any weightedBackendServices, defaultService must not be specified. Only one of defaultService, defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. Authorization requires one or more of the following Google IAM permissions on the specified resource defaultService: - compute.backendBuckets.use - compute.backendServices.use - -`description` -: An optional description of this resource. Provide this property when you create the resource. - -`header_action` -: Specifies changes to request and response headers that need to take effect for the selected backendService. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap - - `request_headers_to_add` - : Headers to add to a matching request prior to forwarding the request to the backendService. - - `header_name` - : The name of the header. - - `header_value` - : The value of the header to add. - - `replace` - : If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - - `request_headers_to_remove` - : A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. - - `response_headers_to_add` - : Headers to add the response prior to sending the response back to the client. - - `header_name` - : The name of the header. - - `header_value` - : The value of the header to add. - - `replace` - : If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - - `response_headers_to_remove` - : A list of header names for headers that need to be removed from the response prior to sending the response back to the client. - -`name` -: The name to which this PathMatcher is referred by the HostRule. - -`default_url_redirect` -: When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. - - `host_redirect` - : The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. - - `https_redirect` - : If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. - - `path_redirect` - : The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - - `prefix_redirect` - : The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - - `redirect_response_code` - : The HTTP Status code to use for this RedirectAction. Supported values are: - - Supported values are: - - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. - - `strip_query` - : If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. - -`tests` -: The list of expected URL mapping tests. Request to update this UrlMap will succeed only if all of the test cases pass. You can specify a maximum of 100 tests per UrlMap. - - `description` - : Description of this test case. - - `host` - : Host portion of the URL. - - `path` - : Path portion of the URL. - - `service` - : Expected BackendService resource the given URL should be mapped to. - -`default_url_redirect` -: When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. - -`host_redirect` -: The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. - -`https_redirect` -: If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. - -`path_redirect` -: The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - -`prefix_redirect` -: The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - -`redirect_response_code` -: The HTTP Status code to use for this RedirectAction. - - Supported values are: - - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. - -`strip_query` -: If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_url_maps.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_url_maps.md deleted file mode 100644 index 7b6534bcb0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_url_maps.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "google_compute_url_maps resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_url_maps" - identifier = "inspec/resources/gcp/google_compute_url_maps.md google_compute_url_maps resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_url_maps` is used to test a Google UrlMap resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_url_maps(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-url-map' } -end -``` - -## Properties - -Properties that can be accessed from the `google_compute_url_maps` resource: - -See the [google_compute_url_map](/inspec/resources/google_compute_url_map/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_url_map` creation_timestamp - -`default_services` -: an array of `google_compute_url_map` default_service - -`descriptions` -: an array of `google_compute_url_map` description - -`ids` -: an array of `google_compute_url_map` id - -`fingerprints` -: an array of `google_compute_url_map` fingerprint - -`header_actions` -: an array of `google_compute_url_map` header_action - -`host_rules` -: an array of `google_compute_url_map` host_rules - -`names` -: an array of `google_compute_url_map` name - -`path_matchers` -: an array of `google_compute_url_map` path_matchers - -`tests` -: an array of `google_compute_url_map` tests - -`default_url_redirects` -: an array of `google_compute_url_map` default_url_redirect - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_vpn_tunnel.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_vpn_tunnel.md deleted file mode 100644 index 4404aa56d7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_vpn_tunnel.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "google_compute_vpn_tunnel resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_vpn_tunnel" - identifier = "inspec/resources/gcp/google_compute_vpn_tunnel.md google_compute_vpn_tunnel resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_vpn_tunnel` is used to test a Google VpnTunnel resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_vpn_tunnel(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-vpn-tunnel') do - it { should exist } - its('peer_ip') { should eq '15.0.0.120' } -end - -describe google_compute_vpn_tunnel(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute vpn_tunnel exists - - describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do - it { should exist } - end - -### Test when a GCP compute vpn_tunnel was created - - describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do - its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 } - end - -### Test for an expected vpn_tunnel identifier - - describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do - its('id') { should eq 12345567789 } - end - -### Test that a vpn_tunnel peer address is as expected - - describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do - its('peer_ip') { should eq "123.123.123.123" } - end - -### Test that a vpn_tunnel status is as expected - - describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn_tunnel') do - its('status') { should eq "ESTABLISHED" } - end - -## Properties - -Properties that can be accessed from the `google_compute_vpn_tunnel` resource: - -`id` -: The unique identifier for the resource. This identifier is defined by the server. - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`name` -: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - -`description` -: An optional description of this resource. - -`target_vpn_gateway` -: URL of the Target VPN gateway with which this VPN tunnel is associated. - -`vpn_gateway` -: (Beta only) URL of the VPN gateway with which this VPN tunnel is associated. This must be used if a High Availability VPN gateway resource is created. - -`vpn_gateway_interface` -: (Beta only) The interface ID of the VPN gateway with which this VPN tunnel is associated. - -`peer_external_gateway` -: (Beta only) URL of the peer side external VPN gateway to which this VPN tunnel is connected. - -`peer_external_gateway_interface` -: (Beta only) The interface ID of the external VPN gateway to which this VPN tunnel is connected. - -`peer_gcp_gateway` -: (Beta only) URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. If provided, the VPN tunnel will automatically use the same vpn_gateway_interface ID in the peer GCP VPN gateway. - -`router` -: URL of router resource to be used for dynamic routing. - -`peer_ip` -: IP address of the peer VPN gateway. Only IPv4 is supported. - -`shared_secret` -: Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. - -`shared_secret_hash` -: Hash of the shared secret. - -`ike_version` -: IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. - -`local_traffic_selector` -: Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. - -`remote_traffic_selector` -: Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. - -`labels` -: (Beta only) Labels to apply to this VpnTunnel. - -`label_fingerprint` -: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates. - -`region` -: The region where the tunnel is located. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_vpn_tunnels.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_vpn_tunnels.md deleted file mode 100644 index 9dad14eff4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_vpn_tunnels.md +++ /dev/null @@ -1,122 +0,0 @@ -+++ -title = "google_compute_vpn_tunnels resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_vpn_tunnels" - identifier = "inspec/resources/gcp/google_compute_vpn_tunnels.md google_compute_vpn_tunnels resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_vpn_tunnels` is used to test a Google VpnTunnel resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_vpn_tunnels(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('vpn_tunnel_names') { should include 'inspec-vpn-tunnel' } - its('peer_ips') { should include '15.0.0.120' } -end -``` - -### Test that there are no more than a specified number of vpn_tunnels available for the project and region - - describe google_compute_vpn_tunnels(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('count') { should be <= 100} - end - -### Test that an expected vpn_tunnel name is available for the project and region - - describe google_compute_vpn_tunnels(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('vpn_tunnel_names') { should include "vpn_tunnel-name" } - end - -### Test that an expected vpn_tunnel target_vpn_gateways name is not present for the project and region - - describe google_compute_vpn_tunnels(project: 'chef-inspec-gcp', region: 'europe-west2') do - its('vpn_tunnel_target_vpn_gateways') { should not include "gateway-name" } - end - -## Properties - -Properties that can be accessed from the `google_compute_vpn_tunnels` resource: - -See the [google_compute_vpn_tunnel](/inspec/resources/google_compute_vpn_tunnel/#properties) resource for more information. - -`ids` -: an array of `google_compute_vpn_tunnel` id - -`creation_timestamps` -: an array of `google_compute_vpn_tunnel` creation_timestamp - -`vpn_tunnel_names` -: an array of `google_compute_vpn_tunnel` name - -`descriptions` -: an array of `google_compute_vpn_tunnel` description - -`target_vpn_gateways` -: an array of `google_compute_vpn_tunnel` target_vpn_gateway - -`vpn_gateways` -: (Beta only) an array of `google_compute_vpn_tunnel` vpn_gateway - -`vpn_gateway_interfaces` -: (Beta only) an array of `google_compute_vpn_tunnel` vpn_gateway_interface - -`peer_external_gateways` -: (Beta only) an array of `google_compute_vpn_tunnel` peer_external_gateway - -`peer_external_gateway_interfaces` -: (Beta only) an array of `google_compute_vpn_tunnel` peer_external_gateway_interface - -`peer_gcp_gateways` -: (Beta only) an array of `google_compute_vpn_tunnel` peer_gcp_gateway - -`routers` -: an array of `google_compute_vpn_tunnel` router - -`peer_ips` -: an array of `google_compute_vpn_tunnel` peer_ip - -`shared_secrets` -: an array of `google_compute_vpn_tunnel` shared_secret - -`shared_secret_hashes` -: an array of `google_compute_vpn_tunnel` shared_secret_hash - -`ike_versions` -: an array of `google_compute_vpn_tunnel` ike_version - -`local_traffic_selectors` -: an array of `google_compute_vpn_tunnel` local_traffic_selector - -`remote_traffic_selectors` -: an array of `google_compute_vpn_tunnel` remote_traffic_selector - -`labels` -: (Beta only) an array of `google_compute_vpn_tunnel` labels - -`label_fingerprints` -: (Beta only) an array of `google_compute_vpn_tunnel` label_fingerprint - -`regions` -: an array of `google_compute_vpn_tunnel` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_zone.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_zone.md deleted file mode 100644 index 80fbfb41f7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_zone.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "google_compute_zone resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_zone" - identifier = "inspec/resources/gcp/google_compute_zone.md google_compute_zone resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_zone` is used to test a Google Zone resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_compute_zone(project: 'chef-gcp-inspec', name: "us-central1-a") do - it { should exist } - it { should be_up } -end -``` - -### Test that a GCP compute zone exists - - describe google_compute_zone(project: 'chef-inspec-gcp', zone: 'us-east1-b') do - it { should exist } - end - -### Test that a GCP compute zone is in the expected state - - describe google_compute_zone(project: 'chef-inspec-gcp', zone: 'us-east1-b') do - its('status') { should eq 'UP' } - # or equivalently - it { should be_up } - end - -### Test that a GCP compute zone has an expected CPU platform - - describe google_compute_zone(project: 'chef-inspec-gcp', zone: 'us-east1-b') do - its('available_cpu_platforms') { should include "Intel Skylake" } - end - -## Properties - -Properties that can be accessed from the `google_compute_zone` resource: - -`creation_timestamp` -: Creation timestamp in RFC3339 text format. - -`deprecated` -: The deprecation status associated with this machine type. - - `deleted` - : An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it. - - `deprecated` - : An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it. - - `obsolete` - : An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it. - - `replacement` - : The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource. - - `state` - : The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error. - - Possible values: - - - DEPRECATED - - OBSOLETE - - DELETED - -`description` -: An optional textual description of the resource. - -`id` -: The unique identifier for the resource. - -`name` -: Name of the resource. - -`region` -: The region where the zone is located. - -`status` -: The status of the zone. - - Possible values: - - - UP - - DOWN - -`available_cpu_platforms` -: The available CPU platforms in this zone - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_zones.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_zones.md deleted file mode 100644 index 7a52895cd3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_compute_zones.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "google_compute_zones resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_compute_zones" - identifier = "inspec/resources/gcp/google_compute_zones.md google_compute_zones resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_compute_zones` is used to test a Google Zone resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -``` -google_compute_zones(project: 'chef-gcp-inspec').zone_names.each do |zone_name| - describe google_compute_zone(project: 'chef-gcp-inspec', name: zone_name) do - it { should exist } - it { should be_up } - end -end -``` - -### Test that there are no more than a specified number of zones available for the project - - describe google_compute_zones(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test the exact number of zones in the project - - describe google_compute_zones(project: 'chef-inspec-gcp') do - its('zone_ids.count') { should cmp 9 } - end - -### Test that an expected zone is available for the project - - describe google_compute_zones(project: 'chef-inspec-gcp') do - its('zone_names') { should include "us-east1-b" } - end - -### Test whether any zones are in status "DOWN" - - describe google_compute_zones(project: 'chef-inspec-gcp') do - its('zone_statuses') { should_not include "DOWN" } - end - -### Test that a subset of all zones matching "us\*" are "UP" - - google_compute_zones(project: 'chef-inspec-gcp').where(zone_name: /^us/).zone_names.each do |zone_name| - describe google_compute_zone(project: 'chef-inspec-gcp', zone: zone_name) do - it { should exist } - its('status') { should eq 'UP' } - end - end - -## Properties - -Properties that can be accessed from the `google_compute_zones` resource: - -See the [google_compute_zone](/inspec/resources/google_compute_zone/#properties) resource for more information. - -`creation_timestamps` -: an array of `google_compute_zone` creation_timestamp - -`deprecateds` -: an array of `google_compute_zone` deprecated - -`descriptions` -: an array of `google_compute_zone` description - -`zone_ids` -: an array of `google_compute_zone` id - -`zone_names` -: an array of `google_compute_zone` name - -`regions` -: an array of `google_compute_zone` region - -`zone_statuses` -: an array of `google_compute_zone` status - -`available_cpu_platforms` -: an array of `google_compute_zone` available_cpu_platforms - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_cluster.md deleted file mode 100644 index 536b30c9a9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_cluster.md +++ /dev/null @@ -1,408 +0,0 @@ -+++ -title = "google_container_cluster resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_cluster" - identifier = "inspec/resources/gcp/google_container_cluster.md google_container_cluster resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_cluster` is used to test a Google Cluster resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_container_cluster(project: 'chef-gcp-inspec', location: 'europe-west2-a', name: 'gcp-inspec-kube-cluster') do - it { should exist } - its('locations.sort'){ should cmp [ 'europe-west2-a', 'europe-west2-b', 'europe-west2-c' ].sort } - - its('master_auth.username') { should eq 'gcp-inspec-kube-admin' } -end - -describe google_container_cluster(project: 'chef-gcp-inspec', location: 'europe-west2-a', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP container cluster is in a particular state e.g. "RUNNING" - - describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do - its('status') { should eq 'RUNNING' } - end - -### Test that a GCP container cluster has the expected kube master user/password - - describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do - its('master_auth.username'){ should eq "user_name"} - its('master_auth.password'){ should eq "choose_something_strong"} - end - -### Test that the locations where the GCP container cluster is running match those expected - - describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do - its('locations.sort'){should cmp ["europe-west2-a", "europe-west2-b", "europe-west2-c"].sort} - end - -### Test GCP container cluster network and subnetwork settings - - describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do - its('network'){should eq "default"} - its('subnetwork'){should eq "default"} - end - -### Test GCP container cluster node pool configuration settings - - describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do - its('node_config.disk_size_gb'){should eq 100} - its('node_config.image_type'){should eq "COS"} - its('node_config.machine_type'){should eq "n1-standard-1"} - its('node_ipv4_cidr_size'){should eq 24} - its('node_pools.count'){should eq 1} - end - -## Properties - -Properties that can be accessed from the `google_container_cluster` resource: - -`name` -: The name of this cluster. The name must be unique within this project and location, and can be up to 40 characters. Must be Lowercase letters, numbers, and hyphens only. Must start with a letter. Must end with a number or a letter. - -`description` -: An optional description of this cluster. - -`initial_node_count` -: The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "nodeConfig") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. This field has been deprecated. Please use nodePool.initial_node_count instead. - -`node_config` -: Parameters used in creating the cluster's nodes. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "initialNodeCount") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. For responses, this field will be populated with the node configuration of the first node pool. If unspecified, the defaults are used. - -`machine_type` -: The name of a Google Compute Engine machine type (e.g. n1-standard-1). If unspecified, the default machine type is n1-standard-1. - -`disk_size_gb` -: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB. - -`oauth_scopes` -: The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included: https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added. - -`service_account` -: The Google Cloud Platform Service Account to be used by the node VMs. If no Service Account is specified, the "default" service account is used. - -`metadata` -: The metadata key/value pairs assigned to instances in the cluster. Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in length. These are reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the four reserved keys: "instance-template", "kube-env", "startup-script", and "user-data" Values are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on them is that each value's size must be less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -`image_type` -: The image type to use for this node. Note that for a given image type, the latest version of it will be used. - -`labels` -: The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version -- it's best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ . An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -`local_ssd_count` -: The number of local SSD disks to be attached to the node. The limit for this value is dependant upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits for more information. - -`tags` -: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035. - -`preemptible` -: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances. - -`accelerators` -: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs. - - `accelerator_count` - : The number of accelerator cards exposed to an instance. - - `accelerator_type` - : The accelerator type resource name - -`disk_type` -: Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified, the default disk type is 'pd-standard' - -`min_cpu_platform` -: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. - -`taints` -: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - - `key` - : Key for taint - - `value` - : Value for taint - - `effect` - : Effect for taint - - Possible values: - - - EFFECT_UNSPECIFIED - - NO_SCHEDULE - - PREFER_NO_SCHEDULE - - NO_EXECUTE - -`master_auth` -: The authentication information for accessing the master endpoint. - -`username` -: The username to use for HTTP basic authentication to the master endpoint. - -`password` -: The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password with a minimum of 16 characters. - -`client_certificate_config` -: Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued. - - `issue_client_certificate` - : Issue a client certificate. - -`cluster_ca_certificate` -: Base64-encoded public certificate that is the root of trust for the cluster. - -`client_certificate` -: Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. - -`client_key` -: Base64-encoded private key used by clients to authenticate to the cluster endpoint. - -`logging_service` -: The logging service the cluster should use to write logs. Currently available options: logging.googleapis.com - the Google Cloud Logging service. none - no logs will be exported from the cluster. if left as an empty string,logging.googleapis.com will be used. - - Possible values: - - - logging.googleapis.com - - none - -`monitoring_service` -: The monitoring service the cluster should use to write metrics. Currently available options: monitoring.googleapis.com - the Google Cloud Monitoring service. none - no metrics will be exported from the cluster. if left as an empty string, monitoring.googleapis.com will be used. - - Possible values: - - - monitoring.googleapis.com - - none - -`network` -: The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used. - -`private_cluster_config` -: Configuration for a private cluster. - -`enable_private_nodes` -: Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking. - -`enable_private_endpoint` -: Whether the master's internal IP address is used as the cluster endpoint. - -`master_ipv4_cidr_block` -: The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network. - -`private_endpoint` -: The internal IP address of this cluster's master endpoint. - -`public_endpoint` -: The external IP address of this cluster's master endpoint. - -`cluster_ipv4_cidr` -: The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. - -`enable_tpu` -: (Optional) Whether to enable Cloud TPU resources in this cluster. See the official documentation - https://cloud.google.com/tpu/docs/kubernetes-engine-setup - -`tpu_ipv4_cidr_block` -: The IP address range of the Cloud TPUs in this cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation (e.g. `1.2.3.4/29`). - -`addons_config` -: Configurations for the various addons available to run in the cluster. - -`http_load_balancing` -: Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. - - `disabled` - : Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers. - -`horizontal_pod_autoscaling` -: Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. - - `disabled` - : Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. - -`kubernetes_dashboard` -: Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. - - `disabled` - : Whether the Kubernetes Dashboard is enabled for this cluster. - -`network_policy_config` -: Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes. - - `disabled` - : Whether NetworkPolicy is enabled for this cluster. - -`subnetwork` -: The name of the Google Compute Engine subnetwork to which the cluster is connected. - -`locations` -: The list of Google Compute Engine zones in which the cluster's nodes should be located. - -`resource_labels` -: The resource labels for the cluster to use to annotate any related Google Compute Engine resources. - -`label_fingerprint` -: The fingerprint of the set of labels for this cluster. - -`legacy_abac` -: Configuration for the legacy ABAC authorization mode. - - `enabled` - : Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. - -`network_policy` -: Configuration options for the NetworkPolicy feature. - -`provider` -: The selected network policy provider. - - Possible values: - - - PROVIDER_UNSPECIFIED - - CALICO - -`enabled` -: Whether network policy is enabled on the cluster. - -`default_max_pods_constraint` -: The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support. - -`max_pods_per_node` -: Constraint enforced on the max num of pods per node. - -`ip_allocation_policy` -: Configuration for controlling how IPs are allocated in the cluster - -`use_ip_aliases` -: Whether alias IPs will be used for pod IPs in the cluster - -`create_subnetwork` -: Whether a new subnetwork will be created automatically for the cluster - -`subnetwork_name` -: A custom subnetwork name to be used if createSubnetwork is true. If this field is empty, then an automatic name will be chosen for the new subnetwork. - -`cluster_secondary_range_name` -: The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork - -`services_secondary_range_name` -: The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork. - -`cluster_ipv4_cidr_block` -: The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr must be left blank. This field is only applicable when useIpAliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`node_ipv4_cidr_block` -: The IP address range of the instance IPs in this cluster. This is applicable only if createSubnetwork is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`services_ipv4_cidr_block` -: The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size. This field is only applicable when useIpAliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`tpu_ipv4_cidr_block` -: The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size. This field is only applicable when useIpAliases is true. If unspecified, the range will use the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`endpoint` -: The IP address of this cluster's master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/ See the masterAuth property of this resource for username and password information. - -`initial_cluster_version` -: The software version of the master endpoint and kubelets used in the cluster when it was first created. The version can be upgraded over time. - -`current_master_version` -: The current software version of the master endpoint. - -`current_node_version` -: The current version of the node software components. If they are currently at multiple versions because they're in the process of being upgraded, this reflects the minimum version of all nodes. - -`create_time` -: The time the cluster was created, in RFC3339 text format. - -`status` -: The current status of this cluster. - - Possible values: - - - STATUS_UNSPECIFIED - - PROVISIONING - - RUNNING - - RECONCILING - - STOPPING - - ERROR - - DEGRADED - -`status_message` -: Additional information about the current status of this cluster, if available. - -`node_ipv4_cidr_size` -: The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr range. - -`services_ipv4_cidr` -: The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR. - -`current_node_count` -: The number of nodes currently in the cluster. - -`expire_time` -: The time the cluster will be automatically deleted in RFC3339 text format. - -`conditions` -: Which conditions caused the current cluster state. - -`code` -: Machine-friendly representation of the condition - -`message` -: Human-friendly representation of the condition - -`master_authorized_networks_config` -: Configuration for controlling how IPs are allocated in the cluster - -`enabled` -: Whether or not master authorized networks is enabled. - -`cidr_blocks` -: Define up to 50 external networks that could access Kubernetes master through HTTPS. - - `display_name` - : Optional field used to identify cidr blocks - - `cidr_block` - : Block specified in CIDR notation - -`node_pools` -: Node pools belonging to this cluster - -`name` -: Name of the node pool - -`pod_security_policy_config` -: (Beta only) Configuration for the PodSecurityPolicy feature. - -`enabled` -: If enabled, pods must be valid under a PodSecurityPolicy to be created. - -`binary_authorization` -: Configuration for the BinaryAuthorization feature. - -`enabled` -: If enabled, all container images will be validated by Binary Authorization. - -`location` -: The location where the cluster is deployed - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_clusters.md deleted file mode 100644 index 584be5207b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_clusters.md +++ /dev/null @@ -1,184 +0,0 @@ -+++ -title = "google_container_clusters resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_clusters" - identifier = "inspec/resources/gcp/google_container_clusters.md google_container_clusters resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_clusters` is used to test a Google Cluster resource. - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource. - -## Examples - -```ruby -describe google_container_clusters(project: 'chef-gcp-inspec', location: 'europe-west2-a') do - its('cluster_names') { should include 'gcp-inspec-kube-cluster' } -end -``` - -### Test that there are no more than a specified number of clusters available for the project in a particular zone - - describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do - its('count') { should be <= 5} - end - -### Test that an expected cluster is available for the project - - describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do - its('cluster_names') { should include "my-cluster" } - end - -### Test whether any clusters are in status "STOPPING" - - describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do - its('cluster_statuses') { should_not include "STOPPING" } - end - -### Test that a subset of all clusters matching "kube\*" are "RUNNING" - - google_container_clusters(project: gcp_project_id).where(cluster_name: /^kube/).cluster_names.each do |cluster_name| - describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: cluster_name) do - it { should exist } - its('status') { should eq 'RUNNING' } - end - end - -## Properties - -Properties that can be accessed from the `google_container_clusters` resource: - -See the [google_container_cluster](/inspec/resources/google_container_cluster/#properties) resource for more information. - -`cluster_names` -: an array of `google_container_cluster` name - -`descriptions` -: an array of `google_container_cluster` description - -`initial_node_counts` -: an array of `google_container_cluster` initial_node_count - -`node_configs` -: an array of `google_container_cluster` node_config - -`master_auths` -: an array of `google_container_cluster` master_auth - -`logging_services` -: an array of `google_container_cluster` logging_service - -`monitoring_services` -: an array of `google_container_cluster` monitoring_service - -`cluster_networks` -: an array of `google_container_cluster` network - -`private_cluster_configs` -: an array of `google_container_cluster` private_cluster_config - -`cluster_ipv4_cidrs` -: an array of `google_container_cluster` cluster_ipv4_cidr - -`enable_tpus` -: an array of `google_container_cluster` enable_tpu - -`tpu_ipv4_cidr_blocks` -: an array of `google_container_cluster` tpu_ipv4_cidr_block - -`addons_configs` -: an array of `google_container_cluster` addons_config - -`subnetworks` -: an array of `google_container_cluster` subnetwork - -`locations` -: an array of `google_container_cluster` locations - -`resource_labels` -: an array of `google_container_cluster` resource_labels - -`label_fingerprints` -: an array of `google_container_cluster` label_fingerprint - -`legacy_abacs` -: an array of `google_container_cluster` legacy_abac - -`network_policies` -: an array of `google_container_cluster` network_policy - -`default_max_pods_constraints` -: an array of `google_container_cluster` default_max_pods_constraint - -`ip_allocation_policies` -: an array of `google_container_cluster` ip_allocation_policy - -`endpoints` -: an array of `google_container_cluster` endpoint - -`initial_cluster_versions` -: an array of `google_container_cluster` initial_cluster_version - -`current_master_versions` -: an array of `google_container_cluster` current_master_version - -`current_node_versions` -: an array of `google_container_cluster` current_node_version - -`create_times` -: an array of `google_container_cluster` create_time - -`cluster_statuses` -: an array of `google_container_cluster` status - -`status_messages` -: an array of `google_container_cluster` status_message - -`node_ipv4_cidr_sizes` -: an array of `google_container_cluster` node_ipv4_cidr_size - -`services_ipv4_cidrs` -: an array of `google_container_cluster` services_ipv4_cidr - -`current_node_counts` -: an array of `google_container_cluster` current_node_count - -`expire_times` -: an array of `google_container_cluster` expire_time - -`conditions` -: an array of `google_container_cluster` conditions - -`master_authorized_networks_configs` -: an array of `google_container_cluster` master_authorized_networks_config - -`node_pools` -: an array of `google_container_cluster` node_pools - -`pod_security_policy_configs` -: (Beta only) an array of `google_container_cluster` pod_security_policy_config - -`binary_authorizations` -: an array of `google_container_cluster` binary_authorization - -`locations` -: an array of `google_container_cluster` location - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_node_pool.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_node_pool.md deleted file mode 100644 index ff71e90afd..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_node_pool.md +++ /dev/null @@ -1,205 +0,0 @@ -+++ -title = "google_container_node_pool resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_node_pool" - identifier = "inspec/resources/gcp/google_container_node_pool.md google_container_node_pool resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_node_pool` is used to test a Google NodePool resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_container_node_pool(project: 'chef-gcp-inspec', location: 'europe-west2-a', cluster_name: 'gcp-inspec-kube-cluster', nodepool_name: 'inspec-gcp-regional-node-pool') do - it { should exist } - its('initial_node_count') { should eq '1'} -end - -describe google_container_node_pool(project: 'chef-gcp-inspec', location: 'europe-west2-a', cluster_name: 'gcp-inspec-kube-cluster', nodepool_name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP container node pool is in a particular state e.g. "RUNNING" - - describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do - its('status') { should eq 'RUNNING' } - end - -### Test GCP container node pool disk size in GB is as expected - - describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do - its('config.disk_size_gb'){should eq 100} - end - -### Test GCP container node pool machine type is as expected - - describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do - its('config.machine_type'){should eq "n1-standard-1"} - end - -### Test GCP container node pool node image type is as expected - - describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do - its('config.image_type'){should eq "COS"} - end - -### Test GCP container node pool initial node count is as expected - - describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do - its('initial_node_count'){should eq 3} - end - -## Properties - -Properties that can be accessed from the `google_container_node_pool` resource: - -`name` -: The name of the node pool. - -`config` -: The node configuration of the pool. - -* `machine_type` -: The name of a Google Compute Engine machine type (e.g. n1-standard-1). If unspecified, the default machine type is n1-standard-1. - -* `disk_size_gb` -: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB. - -* `oauth_scopes` -: The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included: https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added. - -* `service_account` -: The Google Cloud Platform Service Account to be used by the node VMs. If no Service Account is specified, the "default" service account is used. - -* `metadata` -: The metadata key/value pairs assigned to instances in the cluster. Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in length. These are reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the four reserved keys: "instance-template", "kube-env", "startup-script", and "user-data" Values are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on them is that each value's size must be less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -* `image_type` -: The image type to use for this node. Note that for a given image type, the latest version of it will be used. - -* `labels` -: The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version -- it's best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see: http://kubernetes.io/v1.1/docs/user-guide/labels.html An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -* `local_ssd_count` -: The number of local SSD disks to be attached to the node. The limit for this value is dependant upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits for more information. - -* `tags` -: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035. - -* `preemptible` -: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances. - -* `accelerators` -: A list of hardware accelerators to be attached to each node - - * `accelerator_count` - : The number of the accelerator cards exposed to an instance. - - * `accelerator_type` - : The accelerator type resource name - -* `disk_type` -: Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified, the default disk type is 'pd-standard' - -* `min_cpu_platform` -: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform - -* `taints` -: List of kubernetes taints to be applied to each node. - - * `key` - : Key for taint - - * `value` - : Value for taint - - * `effect` - : Effect for taint - -`initial_node_count` -: The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. - -`status` -: Status of nodes in this pool instance - -`status_message` -: Additional information about the current status of this node pool instance - -`version` -: The version of the Kubernetes of this node. - -`autoscaling` -: Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present. - -* `enabled` -: Is autoscaling enabled for this node pool. - -* `min_node_count` -: Minimum number of nodes in the NodePool. Must be >= 1 and <= maxNodeCount. - -* `max_node_count` -: Maximum number of nodes in the NodePool. Must be >= minNodeCount. There has to enough quota to scale up the cluster. - -`management` -: Management configuration for this NodePool. - -* `auto_upgrade` -: A flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes. - -* `auto_repair` -: A flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered. - -* `upgrade_options` -: Specifies the Auto Upgrade knobs for the node pool. - - * `auto_upgrade_start_time` - : This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format. - - * `description` - : This field is set when upgrades are about to commence with the description of the upgrade. - -`max_pods_constraint` -: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. - -* `max_pods_per_node` -: Constraint enforced on the max num of pods per node. - -`conditions` -: Which conditions caused the current node pool state. - -* `code` -: Machine-friendly representation of the condition. - - Possible values: - - - UNKNOWN - - GCE_STOCKOUT - - GKE_SERVICE_ACCOUNT_DELETED - - GCE_QUOTA_EXCEEDED - - SET_BY_OPERATOR - -`pod_ipv4_cidr_size` -: The pod CIDR block size per node in this node pool. - -`cluster` -: The cluster this node pool belongs to. - -`location` -: The location where the node pool is deployed - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_node_pools.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_node_pools.md deleted file mode 100644 index d198ab3245..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_node_pools.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "google_container_node_pools resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_node_pools" - identifier = "inspec/resources/gcp/google_container_node_pools.md google_container_node_pools resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_node_pools` is used to test a Google NodePool resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_container_node_pools(project: 'chef-gcp-inspec', location: 'europe-west2-a', cluster_name: 'gcp-inspec-kube-cluster') do - its('initial_node_counts') { should include '1'} -end -``` - -### Test that there are no more than a specified number of node pools available for the project - - describe google_container_node_pools(project: 'chef-inspec-gcp') do - its('count') { should be <= 10} - end - -### Test that an expected node pool is available for the project - - describe google_container_node_pools(project: 'chef-inspec-gcp') do - its('node_pool_names') { should include "us-east1-b" } - end - -### Test that a subset of all node pools matching "mypool\*" are "UP" - - google_container_node_pools(project: 'chef-inspec-gcp', location: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster').where(node_pool_name: /^mypool/).node_pool_names.each do |node_pool_name| - describe google_container_node_pool(project: 'chef-inspec-gcp', location: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster', nodepool_name: node_pool_name) do - it { should exist } - its('status') { should eq 'RUNNING' } - end - end - -## Properties - -Properties that can be accessed from the `google_container_node_pools` resource: - -See the [google_container_node_pool](/inspec/resources/google_container_node_pool/#properties) resource for more information. - -`node_pool_names` -: an array of `google_container_node_pool` name - -`configs` -: an array of `google_container_node_pool` config - -`initial_node_counts` -: an array of `google_container_node_pool` initial_node_count - -`node_pool_statuses` -: an array of `google_container_node_pool` status - -`status_messages` -: an array of `google_container_node_pool` status_message - -`versions` -: an array of `google_container_node_pool` version - -`autoscalings` -: an array of `google_container_node_pool` autoscaling - -`managements` -: an array of `google_container_node_pool` management - -`max_pods_constraints` -: an array of `google_container_node_pool` max_pods_constraint - -`conditions` -: an array of `google_container_node_pool` conditions - -`pod_ipv4_cidr_sizes` -: an array of `google_container_node_pool` pod_ipv4_cidr_size - -`clusters` -: an array of `google_container_node_pool` cluster - -`locations` -: an array of `google_container_node_pool` location - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_cluster.md deleted file mode 100644 index 00dae061ba..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_cluster.md +++ /dev/null @@ -1,317 +0,0 @@ -+++ -title = "google_container_regional_cluster resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_regional_cluster" - identifier = "inspec/resources/gcp/google_container_regional_cluster.md google_container_regional_cluster resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_regional_cluster` is used to test a Google RegionalCluster resource - -## Examples - -```ruby -describe google_container_regional_cluster(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'inspec-gcp-regional-cluster') do - it { should exist } - its('initial_node_count') { should eq '1'} - its('location') { should eq 'europe-west2'} -end - -describe google_container_regional_cluster(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_container_regional_cluster` resource: - -`name` -: The name of this cluster. The name must be unique within this project and location, and can be up to 40 characters. Must be Lowercase letters, numbers, and hyphens only. Must start with a letter. Must end with a number or a letter. - -`description` -: An optional description of this cluster. - -`initial_node_count` -: The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "nodeConfig") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. This field has been deprecated. Please use nodePool.initial_node_count instead. - -`node_config` -: Parameters used in creating the cluster's nodes. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "initialNodeCount") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. For responses, this field will be populated with the node configuration of the first node pool. If unspecified, the defaults are used. - -`machine_type` -: The name of a Google Compute Engine machine type (e.g. n1-standard-1). If unspecified, the default machine type is n1-standard-1. - -`disk_size_gb` -: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB. - -`oauth_scopes` -: The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included: https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added. - -`service_account` -: The Google Cloud Platform Service Account to be used by the node VMs. If no Service Account is specified, the "default" service account is used. - -`metadata` -: The metadata key/value pairs assigned to instances in the cluster. Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in length. These are reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the four reserved keys: "instance-template", "kube-env", "startup-script", and "user-data" Values are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on them is that each value's size must be less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -`image_type` -: The image type to use for this node. Note that for a given image type, the latest version of it will be used. - -`labels` -: The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version -- it's best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see: http://kubernetes.io/v1.1/docs/user-guide/labels.html An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -`local_ssd_count` -: The number of local SSD disks to be attached to the node. The limit for this value is dependant upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits for more information. - -`tags` -: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035. - -`preemptible` -: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances. - -`accelerators` -: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs. - - `accelerator_count` - : The number of accelerator cards exposed to an instance. - - `accelerator_type` - : The accelerator type resource name - -`disk_type` -: Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified, the default disk type is 'pd-standard' - -`min_cpu_platform` -: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. - -`taints` -: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - - `key` - : Key for taint - - `value` - : Value for taint - - `effect` - : Effect for taint - -`master_auth` -: The authentication information for accessing the master endpoint. - - `username` - : The username to use for HTTP basic authentication to the master endpoint. - - `password` - : The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password with a minimum of 16 characters. - - `client_certificate_config` - : Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued. - - `issue_client_certificate` - : Issue a client certificate. - - `cluster_ca_certificate` - : Base64-encoded public certificate that is the root of trust for the cluster. - - `client_certificate` - : Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. - - `client_key` - : Base64-encoded private key used by clients to authenticate to the cluster endpoint. - -`logging_service` -: The logging service the cluster should use to write logs. Currently available options: logging.googleapis.com - the Google Cloud Logging service. none - no logs will be exported from the cluster. if left as an empty string,logging.googleapis.com will be used. - -`monitoring_service` -: The monitoring service the cluster should use to write metrics. Currently available options: monitoring.googleapis.com - the Google Cloud Monitoring service. none - no metrics will be exported from the cluster. if left as an empty string, monitoring.googleapis.com will be used. - -`network` -: The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used. - -`private_cluster_config` -: Configuration for a private cluster. - -`enable_private_nodes` -: Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking. - -`enable_private_endpoint` -: Whether the master's internal IP address is used as the cluster endpoint. - -`master_ipv4_cidr_block` -: The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network. - -`private_endpoint` -: The internal IP address of this cluster's master endpoint. - -`public_endpoint` -: The external IP address of this cluster's master endpoint. - -`cluster_ipv4_cidr` -: The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. - -`enable_tpu` -: (Optional) Whether to enable Cloud TPU resources in this cluster. See the official documentation - https://cloud.google.com/tpu/docs/kubernetes-engine-setup - -`tpu_ipv4_cidr_block` -: The IP address range of the Cloud TPUs in this cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation (e.g. `1.2.3.4/29`). - -`addons_config` -: Configurations for the various addons available to run in the cluster. - -`http_load_balancing` -: Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. - - `disabled` - : Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers. - -`horizontal_pod_autoscaling` -: Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. - - `disabled` - : Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. - -`kubernetes_dashboard` -: Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. - - `disabled` - : Whether the Kubernetes Dashboard is enabled for this cluster. - -`network_policy_config` -: Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes. - - `disabled` - : Whether NetworkPolicy is enabled for this cluster. - -`subnetwork` -: The name of the Google Compute Engine subnetwork to which the cluster is connected. - -`locations` -: The list of Google Compute Engine zones in which the cluster's nodes should be located. - -`resource_labels` -: The resource labels for the cluster to use to annotate any related Google Compute Engine resources. - -`label_fingerprint` -: The fingerprint of the set of labels for this cluster. - -`legacy_abac` -: Configuration for the legacy ABAC authorization mode. - -`enabled` -: Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. - -`network_policy` -: Configuration options for the NetworkPolicy feature. - -`provider` -: The selected network policy provider. - -`enabled` -: Whether network policy is enabled on the cluster. - -`default_max_pods_constraint` -: The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support. - -`max_pods_per_node` -: Constraint enforced on the max num of pods per node. - -`ip_allocation_policy` -: Configuration for controlling how IPs are allocated in the cluster - -`use_ip_aliases` -: Whether alias IPs will be used for pod IPs in the cluster - -`create_subnetwork` -: Whether a new subnetwork will be created automatically for the cluster - -`subnetwork_name` -: A custom subnetwork name to be used if createSubnetwork is true. If this field is empty, then an automatic name will be chosen for the new subnetwork. - -`cluster_secondary_range_name` -: The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork - -`services_secondary_range_name` -: The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork. - -`cluster_ipv4_cidr_block` -: The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr must be left blank. This field is only applicable when useIpAliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`node_ipv4_cidr_block` -: The IP address range of the instance IPs in this cluster. This is applicable only if createSubnetwork is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`services_ipv4_cidr_block` -: The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size. This field is only applicable when useIpAliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`tpu_ipv4_cidr_block` -: The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size. This field is only applicable when useIpAliases is true. If unspecified, the range will use the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. - -`endpoint` -: The IP address of this cluster's master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/ See the masterAuth property of this resource for username and password information. - -`initial_cluster_version` -: The software version of the master endpoint and kubelets used in the cluster when it was first created. The version can be upgraded over time. - -`current_master_version` -: The current software version of the master endpoint. - -`current_node_version` -: The current version of the node software components. If they are currently at multiple versions because they're in the process of being upgraded, this reflects the minimum version of all nodes. - -`create_time` -: The time the cluster was created, in RFC3339 text format. - -`status` -: The current status of this cluster. - -`status_message` -: Additional information about the current status of this cluster, if available. - -`node_ipv4_cidr_size` -: The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr range. - -`services_ipv4_cidr` -: The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR. - -`current_node_count` -: The number of nodes currently in the cluster. - -`expire_time` -: The time the cluster will be automatically deleted in RFC3339 text format. - -`conditions` -: Which conditions caused the current cluster state. - -`code` -: Machine-friendly representation of the condition - -`message` -: Human-friendly representation of the condition - -`master_authorized_networks_config` -: Configuration for controlling how IPs are allocated in the cluster - -`enabled` -: Whether or not master authorized networks is enabled. - -`cidr_blocks` -: Define up to 50 external networks that could access Kubernetes master through HTTPS. - - `display_name` - : Optional field used to identify cidr blocks - - `cidr_block` - : Block specified in CIDR notation - -`location` -: The location where the cluster is deployed - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_clusters.md deleted file mode 100644 index 7824ea7fde..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_clusters.md +++ /dev/null @@ -1,146 +0,0 @@ -+++ -title = "google_container_regional_clusters resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_regional_clusters" - identifier = "inspec/resources/gcp/google_container_regional_clusters.md google_container_regional_clusters resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_regional_clusters` is used to test a Google RegionalCluster resource - -## Examples - -```ruby -describe google_container_regional_clusters(project: 'chef-gcp-inspec', location: 'europe-west2') do - its('count') { should be >= 1 } - its('names') { should include 'inspec-gcp-regional-cluster' } - its('initial_node_counts') { should include '1'} -end -``` - -## Properties - -Properties that can be accessed from the `google_container_regional_clusters` resource: - -See the [google_container_regional_cluster](/inspec/resources/google_container_regional_cluster/#properties) resource for more information. - -`names` -: an array of `google_container_regional_cluster` name - -`descriptions` -: an array of `google_container_regional_cluster` description - -`initial_node_counts` -: an array of `google_container_regional_cluster` initial_node_count - -`node_configs` -: an array of `google_container_regional_cluster` node_config - -`master_auths` -: an array of `google_container_regional_cluster` master_auth - -`logging_services` -: an array of `google_container_regional_cluster` logging_service - -`monitoring_services` -: an array of `google_container_regional_cluster` monitoring_service - -`networks` -: an array of `google_container_regional_cluster` network - -`private_cluster_configs` -: an array of `google_container_regional_cluster` private_cluster_config - -`cluster_ipv4_cidrs` -: an array of `google_container_regional_cluster` cluster_ipv4_cidr - -`enable_tpus` -: an array of `google_container_regional_cluster` enable_tpu - -`tpu_ipv4_cidr_blocks` -: an array of `google_container_regional_cluster` tpu_ipv4_cidr_block - -`addons_configs` -: an array of `google_container_regional_cluster` addons_config - -`subnetworks` -: an array of `google_container_regional_cluster` subnetwork - -`locations` -: an array of `google_container_regional_cluster` locations - -`resource_labels` -: an array of `google_container_regional_cluster` resource_labels - -`label_fingerprints` -: an array of `google_container_regional_cluster` label_fingerprint - -`legacy_abacs` -: an array of `google_container_regional_cluster` legacy_abac - -`network_policies` -: an array of `google_container_regional_cluster` network_policy - -`default_max_pods_constraints` -: an array of `google_container_regional_cluster` default_max_pods_constraint - -`ip_allocation_policies` -: an array of `google_container_regional_cluster` ip_allocation_policy - -`endpoints` -: an array of `google_container_regional_cluster` endpoint - -`initial_cluster_versions` -: an array of `google_container_regional_cluster` initial_cluster_version - -`current_master_versions` -: an array of `google_container_regional_cluster` current_master_version - -`current_node_versions` -: an array of `google_container_regional_cluster` current_node_version - -`create_times` -: an array of `google_container_regional_cluster` create_time - -`statuses` -: an array of `google_container_regional_cluster` status - -`status_messages` -: an array of `google_container_regional_cluster` status_message - -`node_ipv4_cidr_sizes` -: an array of `google_container_regional_cluster` node_ipv4_cidr_size - -`services_ipv4_cidrs` -: an array of `google_container_regional_cluster` services_ipv4_cidr - -`current_node_counts` -: an array of `google_container_regional_cluster` current_node_count - -`expire_times` -: an array of `google_container_regional_cluster` expire_time - -`conditions` -: an array of `google_container_regional_cluster` conditions - -`master_authorized_networks_configs` -: an array of `google_container_regional_cluster` master_authorized_networks_config - -`locations` -: an array of `google_container_regional_cluster` location - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_node_pool.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_node_pool.md deleted file mode 100644 index a443f1e9ec..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_node_pool.md +++ /dev/null @@ -1,163 +0,0 @@ -+++ -title = "google_container_regional_node_pool resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_regional_node_pool" - identifier = "inspec/resources/gcp/google_container_regional_node_pool.md google_container_regional_node_pool resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_regional_node_pool` is used to test a Google RegionalNodePool resource - -## Examples - -```ruby -describe google_container_regional_node_pool(project: 'chef-gcp-inspec', location: 'europe-west2', cluster: 'inspec-gcp-regional-cluster', name: 'inspec-gcp-regional-node-pool') do - it { should exist } - its('initial_node_count') { should eq '1'} -end - -describe google_container_regional_node_pool(project: 'chef-gcp-inspec', location: 'europe-west2', cluster: 'inspec-gcp-regional-cluster', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_container_regional_node_pool` resource: - -`name` -: The name of the node pool. - -`config` -: The node configuration of the pool. - - `machine_type` - : The name of a Google Compute Engine machine type (e.g. n1-standard-1). If unspecified, the default machine type is n1-standard-1. - - `disk_size_gb` - : Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB. - - `oauth_scopes` - : The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included: https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added. - - `service_account` - : The Google Cloud Platform Service Account to be used by the node VMs. If no Service Account is specified, the "default" service account is used. - - `metadata` - : The metadata key/value pairs assigned to instances in the cluster. Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in length. These are reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the four reserved keys: "instance-template", "kube-env", "startup-script", and "user-data" Values are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on them is that each value's size must be less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - `image_type` - : The image type to use for this node. Note that for a given image type, the latest version of it will be used. - - `labels` - : The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version -- it's best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see: http://kubernetes.io/v1.1/docs/user-guide/labels.html An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - `local_ssd_count` - : The number of local SSD disks to be attached to the node. The limit for this value is dependant upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits for more information. - - `tags` - : The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035. - - `preemptible` - : Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances. - - `accelerators` - : A list of hardware accelerators to be attached to each node - - `accelerator_count` - : The number of the accelerator cards exposed to an instance. - - `accelerator_type` - : The accelerator type resource name - - `disk_type` - : Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified, the default disk type is 'pd-standard' - - `min_cpu_platform` - : Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform - - `taints` - : List of kubernetes taints to be applied to each node. - - `key` - : Key for taint - - `value` - : Value for taint - - `effect` - : Effect for taint - -`initial_node_count` -: The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. - -`status` -: Status of nodes in this pool instance - -`status_message` -: Additional information about the current status of this node pool instance - -`version` -: The version of the Kubernetes of this node. - -`autoscaling` -: Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present. - - `enabled` - : Is autoscaling enabled for this node pool. - - `min_node_count` - : Minimum number of nodes in the NodePool. Must be >= 1 and <= maxNodeCount. - - `max_node_count` - : Maximum number of nodes in the NodePool. Must be >= minNodeCount. There has to enough quota to scale up the cluster. - -`management` -: Management configuration for this NodePool. - - `auto_upgrade` - : A flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes. - - `auto_repair` - : A flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered. - - `upgrade_options` - : Specifies the Auto Upgrade knobs for the node pool. - - `auto_upgrade_start_time` - : This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format. - - `description` - : This field is set when upgrades are about to commence with the description of the upgrade. - -`max_pods_constraint` -: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. - - `max_pods_per_node` - : Constraint enforced on the max num of pods per node. - -`conditions` -: Which conditions caused the current node pool state. - - `code` - : Machine-friendly representation of the condition - -`pod_ipv4_cidr_size` -: The pod CIDR block size per node in this node pool. - -`cluster` -: The cluster this node pool belongs to. - -`location` -: The location where the node pool is deployed - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_node_pools.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_node_pools.md deleted file mode 100644 index 930270688e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_container_regional_node_pools.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_container_regional_node_pools resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_container_regional_node_pools" - identifier = "inspec/resources/gcp/google_container_regional_node_pools.md google_container_regional_node_pools resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_container_regional_node_pools` is used to test a Google RegionalNodePool resource - -## Examples - -```ruby -describe google_container_regional_node_pools(project: 'chef-gcp-inspec', location: 'europe-west2', cluster: 'inspec-gcp-regional-cluster') do - its('initial_node_counts') { should include '1'} -end -``` - -## Properties - -Properties that can be accessed from the `google_container_regional_node_pools` resource: - -See the [google_container_regional_node_pool](/inspec/resources/google_container_regional_node_pool/#properties) resource for more information. - -`names` -: an array of `google_container_regional_node_pool` name - -`configs` -: an array of `google_container_regional_node_pool` config - -`initial_node_counts` -: an array of `google_container_regional_node_pool` initial_node_count - -`statuses` -: an array of `google_container_regional_node_pool` status - -`status_messages` -: an array of `google_container_regional_node_pool` status_message - -`versions` -: an array of `google_container_regional_node_pool` version - -`autoscalings` -: an array of `google_container_regional_node_pool` autoscaling - -`managements` -: an array of `google_container_regional_node_pool` management - -`max_pods_constraints` -: an array of `google_container_regional_node_pool` max_pods_constraint - -`conditions` -: an array of `google_container_regional_node_pool` conditions - -`pod_ipv4_cidr_sizes` -: an array of `google_container_regional_node_pool` pod_ipv4_cidr_size - -`clusters` -: an array of `google_container_regional_node_pool` cluster - -`locations` -: an array of `google_container_regional_node_pool` location - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dataproc_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dataproc_cluster.md deleted file mode 100644 index 5c548ef308..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dataproc_cluster.md +++ /dev/null @@ -1,284 +0,0 @@ -+++ -title = "google_dataproc_cluster resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_dataproc_cluster" - identifier = "inspec/resources/gcp/google_dataproc_cluster.md google_dataproc_cluster resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_dataproc_cluster` is used to test a Google Cluster resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_dataproc_cluster(project: 'chef-gcp-inspec', region: 'europe-west2', cluster_name: 'inspec-dataproc-cluster') do - it { should exist } - its('labels') { should include('label' => 'value') } - its('config.master_config.num_instances') { should cmp '1' } - its('config.worker_config.num_instances') { should cmp '2' } - its('config.master_config.machine_type_uri') { should match 'n1-standard-1' } - its('config.worker_config.machine_type_uri') { should match 'n1-standard-1' } - its('config.software_config.properties') { should include('dataproc:dataproc.allow.zero.workers' => 'true') } -end - -describe google_dataproc_cluster(project: 'chef-gcp-inspec', region: 'europe-west2', cluster_name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_dataproc_cluster` resource: - -`cluster_name` -: The name of the cluster, unique within the project and region. - -`labels` -: Labels to apply to this cluster. A list of key->value pairs. - -`config` -: Configuration for the cluster - - `config_bucket` - : The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. - - `gce_cluster_config` - : Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster. - - `zone_uri` - : The zone where the Compute Engine cluster will be located - - `network_uri` - : The Compute Engine network to be used for machine communications - - `subnetwork_uri` - : The Compute Engine subnetwork to be used for machine communications - - `internal_ip_only` - : If true, all instances int he cluster will only have internal IP addresses - - `service_account_scopes` - : The URIs of service account scopes to be included in Compute Engine instances The following base set of scopes is always included: https://www.googleapis.com/auth/cloud.useraccounts.readonly https://www.googleapis.com/auth/devstorage.read_write https://www.googleapis.com/auth/logging.write - - `tags` - : The Compute Engine tags to add to all instances - - `metadata` - : The map of metadata entries to add to all instances - - `master_config` - : The config settings for Compute Engine resources in an instance group, such as a master or worker group. - - `num_instances` - : The number of VM instances in the instance group. For master instance groups, must be set to 1. - - `instance_names` - : The list of instance names. - - `image_uri` - : The Compute Engine image resource used for cluster instances. - - `machine_type_uri` - : The Compute Engine machine type used for cluster instances - - `disk_config` - : Disk option config settings - - `boot_disk_type` - : Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" - - `boot_disk_size_gb` - : Size in GB of the boot disk. - - `num_local_ssds` - : Number of attached SSDs, from 0 to 4. - - `is_preemptible` - : Specifies if this instance group contains preemptible instances. - - `managed_group_config` - : The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. - - `instance_template_name` - : The name of the Instance Template used for the Managed Instance Group. - - `instance_group_manager_name` - : The name of the Instance Group Manager for this group - - `worker_config` - : The config settings for Compute Engine resources in an instance group, such as a master or worker group. - - `num_instances` - : The number of VM instances in the instance group. For master instance groups, must be set to 1. - - `instance_names` - : The list of instance names. - - `image_uri` - : The Compute Engine image resource used for cluster instances. - - `machine_type_uri` - : The Compute Engine machine type used for cluster instances - - `disk_config` - : Disk option config settings - - `boot_disk_type` - : Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" - - `boot_disk_size_gb` - : Size in GB of the boot disk. - - `num_local_ssds` - : Number of attached SSDs, from 0 to 4. - - `is_preemptible` - : Specifies if this instance group contains preemptible instances. - - `managed_group_config` - : The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. - - `instance_template_name` - : The name of the Instance Template used for the Managed Instance Group. - - `instance_group_manager_name` - : The name of the Instance Group Manager for this group - - `secondary_worker_config` - : The config settings for Compute Engine resources in an instance group, such as a master or worker group. - - `num_instances` - : The number of VM instances in the instance group. For master instance groups, must be set to 1. - - `instance_names` - : The list of instance names. - - `image_uri` - : The Compute Engine image resource used for cluster instances. - - `machine_type_uri` - : The Compute Engine machine type used for cluster instances - - `disk_config` - : Disk option config settings - - `boot_disk_type` - : Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" - - `boot_disk_size_gb` - : Size in GB of the boot disk. - - `num_local_ssds` - : Number of attached SSDs, from 0 to 4. - - `is_preemptible` - : Specifies if this instance group contains preemptible instances. - - `managed_group_config` - : The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. - - `instance_template_name` - : The name of the Instance Template used for the Managed Instance Group. - - `instance_group_manager_name` - : The name of the Instance Group Manager for this group - - `software_config` - : Specifies the selection and config of software inside the cluster - - `image_version` - : The version of software inside the cluster. It must be one of the supported Cloud Dataproc Versions, such as "1.2" (including a subminor version, such as "1.2.29"), or the "preview" version. - - `properties` - : The properties to set on daemon config files. Property keys are specified in the prefix:property format, for example `core:hadoop.tmp.dir` - - `optional_components` - : The set of optional components to activate on the cluster. - - Possible values: - - COMPONENT_UNSPECIFIED - - ANACONDA - - HBASE - - RANGER - - SOLR - - HIVE_WEBHCAT - - JUPYTER - - ZEPPELIN - - `initialization_actions` - : Specifies an executable to run on a fully configured node and a timeout period for executable completion. - - `executable_file` - : Cloud Storage URI of the executable file - - `execution_timeout` - : Amount of time executable has to complete - - `encryption_config` - : Encryption settings for the cluster. - - `gce_pd_kms_key_name` - : The Cloud KMS key name to use for PD disk encyption for all instances in the cluster. - - `security_config` - : Kerberos config holder. - - `kerberos_config` - : Kerberos related configuration. - - `enable_kerberos` - : Flag to indicate whether to Kerberize the cluster. - - `rootprincipal_password_uri` - : The cloud Storage URI of a KMS encrypted file containing the root principal password. - - `kms_key_uri` - : The uri of the KMS key used to encrypt various sensitive files. - - `keystore_uri` - : The Cloud Storage URI of the keystore file used for SSL encryption. - - `truststore_uri` - : The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. - - `key_password_uri` - : The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. - - `truststore_password_uri` - : The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. - - `cross_realm_trust_realm` - : The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust. - - `cross_realm_trust_admin_server` - : The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship. - - `cross_realm_trust_shared_password_uri` - : The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship. - - `kdc_db_key_uri` - : The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. - - `tgt_lifetime_hours` - : The lifetime of the ticket granting ticket, in hours. - - `realm` - : The name of the on-cluster Kerberos realm. - -`region` -: The region in which the cluster and associated nodes will be created in. - -## GCP Permissions - -Ensure the [Cloud Dataproc API](https://console.cloud.google.com/apis/library/dataproc.googleapis.com) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dataproc_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dataproc_clusters.md deleted file mode 100644 index 23470fa851..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dataproc_clusters.md +++ /dev/null @@ -1,56 +0,0 @@ -+++ -title = "google_dataproc_clusters resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_dataproc_clusters" - identifier = "inspec/resources/gcp/google_dataproc_clusters.md google_dataproc_clusters resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_dataproc_clusters` is used to test a Google Cluster resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_dataproc_clusters(project: 'chef-gcp-inspec', region: 'europe-west2') do - its('count') { should be >= 1 } - its('cluster_names') { should include 'inspec-dataproc-cluster' } -end -``` - -## Properties - -Properties that can be accessed from the `google_dataproc_clusters` resource: - -See the [google_dataproc_cluster](/inspec/resources/google_dataproc_cluster/#properties) resource for more information. - -`cluster_names` -: an array of `google_dataproc_cluster` cluster_name - -`labels` -: an array of `google_dataproc_cluster` labels - -`configs` -: an array of `google_dataproc_cluster` config - -`regions` -: an array of `google_dataproc_cluster` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Dataproc API](https://console.cloud.google.com/apis/library/dataproc.googleapis.com) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_managed_zone.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_managed_zone.md deleted file mode 100644 index 9b6115c5f7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_managed_zone.md +++ /dev/null @@ -1,189 +0,0 @@ -+++ -title = "google_dns_managed_zone resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_dns_managed_zone" - identifier = "inspec/resources/gcp/google_dns_managed_zone.md google_dns_managed_zone resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_dns_managed_zone` is used to test a Google ManagedZone resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_dns_managed_zone(project: 'chef-gcp-inspec', zone: 'example-zone') do - it { should exist } - its('dns_name') { should cmp 'dns-zone-name.com.' } - - its('description') { should cmp 'example description' } - its('zone_signing_key_algorithm') { should cmp 'rsasha256' } - its('key_signing_key_algorithm') { should cmp 'rsasha512' } -end - -describe google_dns_managed_zone(project: 'chef-gcp-inspec', zone: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP compute zone exists - - describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: 'zone-name') do - it { should exist } - end - -### Test that a GCP DNS managed zone has the expected DNS name - - describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: 'zone-name') do - its('dns_name') { should match 'mydomain.com' } - end - -### Test that a GCP DNS managed zone has expected name server - - describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: 'zone-name') do - its('name_servers') { should include 'ns-cloud-d1.googledomains.com.' } - end - -## Properties - -Properties that can be accessed from the `google_dns_managed_zone` resource: - -`description` -: A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the managed zone's function. - -`dns_name` -: The DNS name of this managed zone, for instance "example.com.". - -`dnssec_config` -: DNSSEC configuration - - `kind` - : Identifies what kind of resource this is - - `non_existence` - : Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is `off`. - - Possible values: - - nsec - - nsec3 - - `state` - : Specifies whether DNSSEC is enabled, and what mode it is in - - Possible values: - - off - - on - - transfer - - `default_key_specs` - : Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is `off`. - - `algorithm` - : String mnemonic specifying the DNSSEC algorithm of this key - - Possible values: - - ecdsap256sha256 - - ecdsap384sha384 - - rsasha1 - - rsasha256 - - rsasha512 - - `key_length` - : Length of the keys in bits - - `key_type` - : Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. - - Possible values: - - keySigning - - zoneSigning - - `kind` - : Identifies what kind of resource this is - -`id` -: Unique identifier for the resource; defined by the server. - -`name` -: User assigned name for this resource. Must be unique within the project. - -`name_servers` -: Delegate your managed_zone to these virtual name servers; defined by the server - -`name_server_set` -: Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users will leave this field unset. - -`creation_time` -: The time that this resource was created on the server. This is in RFC3339 text format. - -`labels` -: A set of key/value label pairs to assign to this ManagedZone. - -`visibility` -: The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. - - Possible values: - - - private - - public - - -`private_visibility_config` -: For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. - - `networks` - : The list of VPC networks that can see this zone. - - `network_url` - : The fully qualified URL of the VPC network to bind to. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` - -`forwarding_config` -: (Beta only) The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. - - `target_name_servers` - : List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. - - `ipv4_address` - : IPv4 address of a target name server. - - `forwarding_path` - : Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target - - Possible values: - - default - - private - -`peering_config` -: (Beta only) The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with. - - `target_network` - : The network with which to peer. - - `network_url` - : The fully qualified URL of the VPC network to forward queries to. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` - -`reverse_lookup` -: (Beta only) Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under `private_visibility_config`. - -`service_directory_config` -: (Beta only) The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone. - - `namespace` - : The namespace associated with the zone. - - `namespace_url` - : The fully qualified URL of the service directory namespace that should be associated with the zone. Ignored for `public` visibility zones. - -## GCP Permissions - -Ensure the [Google Cloud DNS API](https://console.cloud.google.com/apis/library/dns.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_managed_zones.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_managed_zones.md deleted file mode 100644 index 8d6f38bbc7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_managed_zones.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "google_dns_managed_zones resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_dns_managed_zones" - identifier = "inspec/resources/gcp/google_dns_managed_zones.md google_dns_managed_zones resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_dns_managed_zones` is used to test a Google ManagedZone resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_dns_managed_zones(project: 'chef-gcp-inspec') do - it { should exist } - its('zone_names') { should include 'example-zone' } - its('zone_dns_names') { should include 'dns-zone-name.com.' } -end -``` - -### Test that there are no more than a specified number of zones available for the project - - describe google_dns_managed_zones(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected, named managed zone is available for the project - - describe google_dns_managed_zones(project: 'chef-inspec-gcp') do - its('zone_names') { should include "zone-name" } - end - -### Test that a subset of all zones matching "myzone\*" exist - - google_dns_managed_zones(project: 'chef-inspec-gcp').where(zone_name: /^myzone/).zone_names.each do |zone_name| - describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: zone_name) do - it { should exist } - end - end - -## Properties - -Properties that can be accessed from the `google_dns_managed_zones` resource: - -See the [google_dns_managed_zone](/inspec/resources/google_dns_managed_zone/#properties) resource for more information. - -`descriptions` -: an array of `google_dns_managed_zone` description - -`zone_dns_names` -: an array of `google_dns_managed_zone` dns_name - -`dnssec_configs` -: an array of `google_dns_managed_zone` dnssec_config - -`zone_ids` -: an array of `google_dns_managed_zone` id - -`zone_names` -: an array of `google_dns_managed_zone` name - -`name_servers` -: an array of `google_dns_managed_zone` name_servers - -`name_server_sets` -: an array of `google_dns_managed_zone` name_server_set - -`creation_times` -: an array of `google_dns_managed_zone` creation_time - -`labels` -: an array of `google_dns_managed_zone` labels - -`visibilities` -: an array of `google_dns_managed_zone` visibility - -`private_visibility_configs` -: an array of `google_dns_managed_zone` private_visibility_config - -`forwarding_configs` -: (Beta only) an array of `google_dns_managed_zone` forwarding_config - -`peering_configs` -: (Beta only) an array of `google_dns_managed_zone` peering_config - -`reverse_lookups` -: (Beta only) an array of `google_dns_managed_zone` reverse_lookup - -`service_directory_configs` -: (Beta only) an array of `google_dns_managed_zone` service_directory_config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Google Cloud DNS API](https://console.cloud.google.com/apis/library/dns.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_resource_record_set.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_resource_record_set.md deleted file mode 100644 index ee8bd098b2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_resource_record_set.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "google_dns_resource_record_set resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_dns_resource_record_set" - identifier = "inspec/resources/gcp/google_dns_resource_record_set.md google_dns_resource_record_set resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_dns_resource_record_set` is used to test a Google ResourceRecordSet resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_dns_resource_record_set(project: 'chef-gcp-inspec', name: 'backend.my.domain.com.', type: 'A', managed_zone: 'inspec-gcp-managed-zone') do - it { should exist } - its('type') { should eq 'A' } - its('ttl') { should eq '300' } - its('target') { should include '8.8.8.8' } - its('target') { should include '8.8.4.4' } -end -``` - -## Properties - -Properties that can be accessed from the `google_dns_resource_record_set` resource: - -`name` -: For example, `www.example.com`. - -`type` -: One of valid DNS resource types. - - Possible values: - - - A - - AAAA - - CAA - - CNAME - - MX - - NAPTR - - NS - - PTR - - SOA - - SPF - - SRV - - TLSA - - TXT - -`ttl` -: Number of seconds that this ResourceRecordSet can be cached by resolvers. - -`target` -: As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1) - -`managed_zone` -: Identifies the managed zone addressed by this request. - -## GCP Permissions - -Ensure the [Google Cloud DNS API](https://console.cloud.google.com/apis/library/dns.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_resource_record_sets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_resource_record_sets.md deleted file mode 100644 index 552ad6c5a4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_dns_resource_record_sets.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "google_dns_resource_record_sets resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_dns_resource_record_sets" - identifier = "inspec/resources/gcp/google_dns_resource_record_sets.md google_dns_resource_record_sets resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_dns_resource_record_sets` is used to test a Google ResourceRecordSet resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_dns_resource_record_sets(project: 'chef-gcp-inspec', name: 'backend.my.domain.com.', managed_zone: 'inspec-gcp-managed-zone') do - its('count') { should eq 3 } - its('types') { should include 'A' } - its('ttls') { should include '300' } - its('targets.flatten') { should include '8.8.8.8' } - its('targets.flatten') { should include '8.8.4.4' } -end -``` - -## Properties - -Properties that can be accessed from the `google_dns_resource_record_sets` resource: - -See the [google_dns_resource_record_set](/inspec/resources/google_dns_resource_record_set/#properties) resource for more information. - -`names` -: an array of `google_dns_resource_record_set` name - -`types` -: an array of `google_dns_resource_record_set` type - -`ttls` -: an array of `google_dns_resource_record_set` ttl - -`targets` -: an array of `google_dns_resource_record_set` target - -`managed_zones` -: an array of `google_dns_resource_record_set` managed_zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Google Cloud DNS API](https://console.cloud.google.com/apis/library/dns.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_filestore_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_filestore_instance.md deleted file mode 100644 index 9eec52ed45..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_filestore_instance.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "google_filestore_instance resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_filestore_instance" - identifier = "inspec/resources/gcp/google_filestore_instance.md google_filestore_instance resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_filestore_instance` is used to test a Google Instance resource - -## Examples - -```ruby -describe google_filestore_instance(project: 'chef-gcp-inspec', zone: 'us-central1-b', name: 'inspecgcp') do - it { should exist } - its('tier') { should cmp 'PREMIUM' } - its('file_shares.count') { should cmp 1 } - its('file_shares.first.capacity_gb') { should cmp '2660' } - its('file_shares.first.name') { should cmp 'inspecgcp' } - its('networks.count') { should cmp 1 } - its('networks.first.network') { should cmp 'default' } - its('networks.first.modes') { should include 'MODE_IPV4' } -end - -describe google_filestore_instance(project: 'chef-gcp-inspec', zone: 'us-central1-b', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_filestore_instance` resource: - -`name` -: The resource name of the instance. - -`description` -: A description of the instance. - -`create_time` -: Creation timestamp in RFC3339 text format. - -`tier` -: The service tier of the instance. - - Possible values: - - - TIER_UNSPECIFIED - - STANDARD - - PREMIUM - -`labels` -: Resource labels to represent user-provided metadata. - -`file_shares` -: File system shares on the instance. For this version, only a single file share is supported. - - `name` - : The name of the fileshare (16 characters or less) - - `capacity_gb` - : File share capacity in GiB. This must be at least 1024 GiB for the standard tier, or 2560 GiB for the premium tier. - -`networks` -: VPC networks to which the instance is connected. For this version, only a single network is supported. - - `network` - : The name of the GCE VPC network to which the instance is connected. - - `modes` - : IP versions for which the instance has IP addresses assigned. - - `reserved_ip_range` - : A /29 CIDR block that identifies the range of IP addresses reserved for this instance. - - `ip_addresses` - : A list of IPv4 or IPv6 addresses. - -`etag` -: Server-specified ETag for the instance resource to prevent simultaneous updates from overwriting each other. - -`zone` -: The name of the Filestore zone of the instance. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_filestore_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_filestore_instances.md deleted file mode 100644 index 06239346c8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_filestore_instances.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "google_filestore_instances resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_filestore_instances" - identifier = "inspec/resources/gcp/google_filestore_instances.md google_filestore_instances resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_filestore_instances` is used to test a Google Instance resource - -## Examples - -```ruby -describe google_filestore_instances(project: 'chef-gcp-inspec', zone: 'us-central1-b') do - its('tiers') { should include 'PREMIUM' } -end -``` - -## Properties - -Properties that can be accessed from the `google_filestore_instances` resource: - -See the [google_filestore_instance](/inspec/resources/google_filestore_instance/#properties) resource for more information. - -`names` -: an array of `google_filestore_instance` name - -`descriptions` -: an array of `google_filestore_instance` description - -`create_times` -: an array of `google_filestore_instance` create_time - -`tiers` -: an array of `google_filestore_instance` tier - -`labels` -: an array of `google_filestore_instance` labels - -`file_shares` -: an array of `google_filestore_instance` file_shares - -`networks` -: an array of `google_filestore_instance` networks - -`etags` -: an array of `google_filestore_instance` etag - -`zones` -: an array of `google_filestore_instance` zone - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_custom_role.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_custom_role.md deleted file mode 100644 index 9f3f290ebf..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_custom_role.md +++ /dev/null @@ -1,56 +0,0 @@ -+++ -title = "google_iam_custom_role resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_custom_role" - identifier = "inspec/resources/gcp/google_iam_custom_role.md google_iam_custom_role resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_custom_role` is used to test a Google CustomRole resource - -## Examples - -```ruby -describe google_iam_custom_role(project: 'chef-gcp-inspec', name: 'admin-role') do - it { should exist } - its('stage') { should eq 'GA' } - its('included_permissions') { should eq ["iam.roles.list"] } -end - -describe google_iam_custom_role(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_custom_role` resource: - -`name` -: The name of the role. - -`title` -: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes. - -`description` -: Human-readable description for the role - -`included_permissions` -: Names of permissions this role grants when bound in an IAM policy. - -`stage` -: The current launch stage of the role. - -`deleted` -: The current deleted state of the role - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_custom_roles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_custom_roles.md deleted file mode 100644 index c272ba476f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_custom_roles.md +++ /dev/null @@ -1,57 +0,0 @@ -+++ -title = "google_iam_custom_roles resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_custom_roles" - identifier = "inspec/resources/gcp/google_iam_custom_roles.md google_iam_custom_roles resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_custom_roles` is used to test a Google CustomRole resource - -## Examples - -```ruby -describe google_iam_custom_roles(project: 'chef-gcp-inspec') do - its('names') { should include "projects/project-id/roles/role-id" } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_custom_roles` resource: - -See the [google_iam_custom_role](/inspec/resources/google_iam_custom_role/#properties) resource for more information. - -`names` -: an array of `google_iam_custom_role` name - -`titles` -: an array of `google_iam_custom_role` title - -`descriptions` -: an array of `google_iam_custom_role` description - -`included_permissions` -: an array of `google_iam_custom_role` included_permissions - -`stages` -: an array of `google_iam_custom_role` stage - -`deleteds` -: an array of `google_iam_custom_role` deleted - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_organization_custom_role.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_organization_custom_role.md deleted file mode 100644 index be3d4145b9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_organization_custom_role.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_iam_organization_custom_role resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_organization_custom_role" - identifier = "inspec/resources/gcp/google_iam_organization_custom_role.md google_iam_organization_custom_role resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_organization_custom_role` is used to test a Google OrganizationCustomRole resource - -## Examples - -```ruby -describe google_iam_organization_custom_role(org_id: '12345', name: 'org-role') do - it { should exist } - its('stage') { should eq 'GA' } - its('included_permissions') { should eq ["iam.roles.list"] } -end - -describe google_iam_organization_custom_role(org_id: '12345', name: 'org-role', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_organization_custom_role` resource: - -`name` -: The name of the role. - -`title` -: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes. - -`description` -: Human-readable description for the role - -`included_permissions` -: Names of permissions this role grants when bound in an IAM policy. - -`stage` -: The current launch stage of the role. - - Possible values: - - - ALPHA - - BETA - - GA - - DEPRECATED - - DISABLED - - EAP - - -`deleted` -: The current deleted state of the role - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_organization_custom_roles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_organization_custom_roles.md deleted file mode 100644 index 4208f4dcf4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_organization_custom_roles.md +++ /dev/null @@ -1,57 +0,0 @@ -+++ -title = "google_iam_organization_custom_roles resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_organization_custom_roles" - identifier = "inspec/resources/gcp/google_iam_organization_custom_roles.md google_iam_organization_custom_roles resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_organization_custom_roles` is used to test a Google OrganizationCustomRole resource - -## Examples - -```ruby -describe google_iam_organization_custom_roles(org_id: '190694428152') do - its('names') { should include "organizations/123456/roles/role-id" } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_organization_custom_roles` resource: - -See the [google_iam_organization_custom_role](/inspec/resources/google_iam_organization_custom_role/#properties) resource for more information. - -`names` -: an array of `google_iam_organization_custom_role` name - -`titles` -: an array of `google_iam_organization_custom_role` title - -`descriptions` -: an array of `google_iam_organization_custom_role` description - -`included_permissions` -: an array of `google_iam_organization_custom_role` included_permissions - -`stages` -: an array of `google_iam_organization_custom_role` stage - -`deleteds` -: an array of `google_iam_organization_custom_role` deleted - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account.md deleted file mode 100644 index e63f9f1cdd..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account.md +++ /dev/null @@ -1,55 +0,0 @@ -+++ -title = "google_iam_service_account resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_service_account" - identifier = "inspec/resources/gcp/google_iam_service_account.md google_iam_service_account resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_service_account` is used to test a Google ServiceAccount resource - -## Examples - -```ruby -describe google_iam_service_account(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do - it { should exist } - its('display_name') { should cmp '' } -end - -describe google_iam_service_account(project: 'chef-gcp-inspec', name: "nonexistent@project-id.iam.gserviceaccount.com") do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_service_account` resource: - -`name` -: The name of the service account. - -`project_id` -: Id of the project that owns the service account. - -`unique_id` -: Unique and stable id of the service account - -`email` -: Email address of the service account. - -`display_name` -: User specified description of service account. - -`oauth2_client_id` -: OAuth2 client id for the service account. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account_key.md deleted file mode 100644 index f04a5a3579..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account_key.md +++ /dev/null @@ -1,67 +0,0 @@ -+++ -title = "google_iam_service_account_key resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_service_account_key" - identifier = "inspec/resources/gcp/google_iam_service_account_key.md google_iam_service_account_key resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_service_account_key` is used to test a Google ServiceAccountKey resource - -## Examples - -```ruby -google_iam_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name| - describe -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_service_account_key` resource: - -`name` -: The name of the key. - -`private_key_type` -: Output format for the service account key. - -`key_algorithm` -: Specifies the algorithm for the key. - -`private_key_data` -: Private key data. Base-64 encoded. - -`public_key_data` -: Public key data. Base-64 encoded. - -`valid_after_time` -: Key can only be used after this time. - -`valid_before_time` -: Key can only be used before this time. - -`key_type` -: Specifies the type of the key. - - Possible values include: - - KEY_TYPE_UNSPECIFIED - - USER_MANAGED - - SYSTEM_MANAGED - -`service_account` -: The name of the serviceAccount. - -`path` -: The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account_keys.md deleted file mode 100644 index 47d19e2483..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_account_keys.md +++ /dev/null @@ -1,69 +0,0 @@ -+++ -title = "google_iam_service_account_keys resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_service_account_keys" - identifier = "inspec/resources/gcp/google_iam_service_account_keys.md google_iam_service_account_keys resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_service_account_keys` is used to test a Google ServiceAccountKey resource - -## Examples - -```ruby -describe google_iam_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do - its('count') { should be <= 1000 } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_service_account_keys` resource: - -See the [google_iam_service_account_key](/inspec/resources/google_iam_service_account_key/#properties) resource for more information. - -`key_names` -: an array of `google_iam_service_account_key` name - -`private_key_types` -: an array of `google_iam_service_account_key` private_key_type - -`key_algorithms` -: an array of `google_iam_service_account_key` key_algorithm - -`private_key_data` -: an array of `google_iam_service_account_key` private_key_data - -`public_key_data` -: an array of `google_iam_service_account_key` public_key_data - -`valid_after_times` -: an array of `google_iam_service_account_key` valid_after_time - -`valid_before_times` -: an array of `google_iam_service_account_key` valid_before_time - -`key_types` -: an array of `google_iam_service_account_key` key_type - -`service_accounts` -: an array of `google_iam_service_account_key` service_account - -`paths` -: an array of `google_iam_service_account_key` path - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_accounts.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_accounts.md deleted file mode 100644 index 9b23c022c3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_iam_service_accounts.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_iam_service_accounts resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_iam_service_accounts" - identifier = "inspec/resources/gcp/google_iam_service_accounts.md google_iam_service_accounts resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_iam_service_accounts` is used to test a Google ServiceAccount resource - -## Examples - -```ruby -describe google_iam_service_accounts(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do - its('service_account_emails') { should include "display-name@project-id.iam.gserviceaccount.com" } - its('count') { should be <= 1000 } -end -``` - -## Properties - -Properties that can be accessed from the `google_iam_service_accounts` resource: - -See the [google_iam_service_account](/inspec/resources/google_iam_service_account/#properties) resource for more information. - -`service_account_names` -: an array of `google_iam_service_account` name - -`project_ids` -: an array of `google_iam_service_account` project_id - -`service_account_ids` -: an array of `google_iam_service_account` unique_id - -`service_account_emails` -: an array of `google_iam_service_account` email - -`service_account_display_names` -: an array of `google_iam_service_account` display_name - -`oauth2_client_ids` -: an array of `google_iam_service_account` oauth2_client_id - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key.md deleted file mode 100644 index 140a29a516..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "google_kms_crypto_key resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_crypto_key" - identifier = "inspec/resources/gcp/google_kms_crypto_key.md google_kms_crypto_key resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_crypto_key` is used to test a Google CryptoKey resource - -## Examples - -```ruby -describe google_kms_crypto_key(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring_name: 'kms-key-ring', name: 'kms-key') do - it { should exist } - its('crypto_key_name') { should cmp 'kms-key' } - its('primary_state') { should eq "ENABLED" } - its('purpose') { should eq "ENCRYPT_DECRYPT" } - its('next_rotation_time') { should be > Time.now - 100000 } - its('create_time') { should be > Time.now - 365*60*60*24*10 } -end - -describe google_kms_crypto_key(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring_name: 'kms-key-ring', name: "nonexistent") do - it { should_not exist } -end -``` - -### Test that a GCP KMS crypto key was created recently - - describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do - its('create_time_date') { should be > Time.now - 365*60*60*24*10 } - end - -### Test when the next rotation time for a GCP KMS crypto key is scheduled - - describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do - its('next_rotation_time_date') { should be > Time.now - 100000 } - end - -### Check that the crypto key purpose is as expected - - describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do - its('purpose') { should eq "ENCRYPT_DECRYPT" } - end - -### Check that the crypto key primary is in "ENABLED" state - - describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do - its('primary_state') { should eq "ENABLED" } - end - -## Properties - -Properties that can be accessed from the `google_kms_crypto_key` resource: - -`crypto_key_name` -: The resource name for the CryptoKey. - -`create_time` -: The time that this resource was created on the server. This is in RFC3339 text format. - -`labels` -: Labels with user-defined metadata to apply to this resource. - -`purpose` -: The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs. - - Possible values: - - - ENCRYPT_DECRYPT - - ASYMMETRIC_SIGN - - ASYMMETRIC_DECRYPT - -`rotation_period` -: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter `s` (seconds). It must be greater than a day (ie, 86400). - -`version_template` -: A template describing settings for new crypto key versions. - - `algorithm` - : The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - - `protection_level` - : The protection level to use when creating a version based on this template. - - Possible values: - - SOFTWARE - - HSM - -`next_rotation_time` -: The time when KMS will create a new version of this Crypto Key. - -`key_ring` -: The KeyRing that this key belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_binding.md deleted file mode 100644 index 83be717f8e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_kms_crypto_key_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_crypto_key_iam_binding" - identifier = "inspec/resources/gcp/google_kms_crypto_key_iam_binding.md google_kms_crypto_key_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_crypto_key_iam_binding` is used to test a Google CryptoKey Iam Bindings - -## Examples - -```ruby -describe google_kms_crypto_key_iam_binding(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "crypto_key_name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_kms_crypto_key_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_bindings.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_bindings.md deleted file mode 100644 index 15ea85ee37..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_bindings.md +++ /dev/null @@ -1,67 +0,0 @@ -+++ -title = "google_kms_crypto_key_iam_bindings resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_crypto_key_iam_bindings" - identifier = "inspec/resources/gcp/google_kms_crypto_key_iam_bindings.md google_kms_crypto_key_iam_bindings resource" - parent = "inspec/resources/gcp" -+++ - -**This resource is deprecated. Please use google_kms_crypto_key_iam_policy instead** - -Use the `google_kms_crypto_key_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP KMS Crypto Key IAM Bindings. - -## Syntax - -A `google_kms_crypto_key_iam_bindings` resource block collects GCP KMS Crypto Key IAM Bindings then tests that group. - - describe google_kms_crypto_key_iam_bindings(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name') do - it { should exist } - end - -Use this InSpec resource to enumerate roles then test in-depth using `google_kms_key_ring_iam_binding`. - - google_kms_crypto_key_iam_bindings(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name').iam_binding_roles.each do |iam_binding_role| - describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name', role: "roles/owner") do - it { should exist } - its('members') {should include 'user:someuser@domain.com' } - end - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that there are no more than a specified number of IAM bindings roles available for the crypto key - - describe google_kms_crypto_key_iam_bindings(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name') do - its('count') { should be <= 100} - end - -### Test that an expected IAM binding is available for the crypto key - - describe google_kms_crypto_key_iam_bindings(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name') do - its('iam_binding_roles') { should include "roles/storage.admin" } - end - -### Test that a particular role does not exist using filtering of the plural resource - - describe google_kms_crypto_key_iam_bindings(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name').where(iam_binding_role: "roles/iam.securityReviewer") do - it { should_not exist } - end - -## Filter Criteria - -This resource supports the following filter criteria: `iam_binding_role`. This may be used with `where`, as a block or as a method. - -## Properties - -- `iam_binding_roles` - an array of google_kms_crypto_key_iam_binding role strings e.g. `["roles/compute.admin", "roles/owner"]` - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.s diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_policy.md deleted file mode 100644 index 7145e6b381..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_key_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_kms_crypto_key_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_crypto_key_iam_policy" - identifier = "inspec/resources/gcp/google_kms_crypto_key_iam_policy.md google_kms_crypto_key_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_crypto_key_iam_policy` is used to test a Google CryptoKey Iam Policy resource - -## Examples - -```ruby -describe google_kms_crypto_key_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "crypto_key_name") do - it { should exist } -end - -google_kms_crypto_key_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "crypto_key_name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_kms_crypto_key_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_keys.md deleted file mode 100644 index e132a10ec6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_crypto_keys.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "google_kms_crypto_keys resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_crypto_keys" - identifier = "inspec/resources/gcp/google_kms_crypto_keys.md google_kms_crypto_keys resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_crypto_keys` is used to test a Google CryptoKey resource - -## Examples - -```ruby -describe google_kms_crypto_keys(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring_name: 'kms-key-ring') do - its('count') { should be >= 1 } - its('crypto_key_names') { should include 'kms-key' } -end -``` - -### Test that there are no more than a specified number of keys in the key ring - - describe google_kms_crypto_keys(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring') do - its('count') { should be <= 100} - end - -### Test that an expected key name is present in the key ring - - describe google_kms_crypto_keys(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring') do - its('crypto_key_names') { should include "my-crypto-key-name" } - end - -## Properties - -Properties that can be accessed from the `google_kms_crypto_keys` resource: - -See the [google_kms_crypto_key](/inspec/resources/google_kms_crypto_key/#properties) resource for more information. - -`crypto_key_names` -: an array of `google_kms_crypto_key` crypto_key_name - -`create_times` -: an array of `google_kms_crypto_key` create_time - -`labels` -: an array of `google_kms_crypto_key` labels - -`purposes` -: an array of `google_kms_crypto_key` purpose - -`rotation_periods` -: an array of `google_kms_crypto_key` rotation_period - -`version_templates` -: an array of `google_kms_crypto_key` version_template - -`next_rotation_times` -: an array of `google_kms_crypto_key` next_rotation_time - -`key_rings` -: an array of `google_kms_crypto_key` key_ring - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring.md deleted file mode 100644 index a5e2564a4b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "google_kms_key_ring resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_key_ring" - identifier = "inspec/resources/gcp/google_kms_key_ring.md google_kms_key_ring resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_key_ring` is used to test a Google KeyRing resource - -## Examples - -```ruby -describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'kms-key-ring') do - it { should exist } - its('create_time') { should be > Time.now - 365*60*60*24*10 } - its('key_ring_name'){ should eq 'kms-key-ring' } - its('key_ring_url'){ should match 'kms-key-ring' } -end - -describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: "nonexistent") do - it { should_not exist } -end -``` - -### Test that a GCP kms key ring exists - - describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', name: 'key-ring-name') do - it { should exist } - end - -### Test that a GCP kms key ring is in the expected state - -For any existing key ring, below should definitely be true! - - describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', name: 'key-ring-name') do - its('create_time_date') { should be > Time.now - 365*60*60*24*50 } - end - -## Properties - -Properties that can be accessed from the `google_kms_key_ring` resource: - -`create_time` -: The time that this resource was created on the server. This is in RFC3339 text format. - -`key_ring_url` -: The full resource name for the KeyRing - -`location` -: The location for the KeyRing. A full list of valid locations can be found by running `gcloud kms locations list`. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_binding.md deleted file mode 100644 index 8b9687a40d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_kms_key_ring_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_key_ring_iam_binding" - identifier = "inspec/resources/gcp/google_kms_key_ring_iam_binding.md google_kms_key_ring_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_key_ring_iam_binding` is used to test a Google KeyRing Iam Bindings - -## Examples - -```ruby -describe google_kms_key_ring_iam_binding(project: "project", location: "location", key_ring_name: "key_ring_name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_kms_key_ring_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_bindings.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_bindings.md deleted file mode 100644 index ea3aae4956..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_bindings.md +++ /dev/null @@ -1,67 +0,0 @@ -+++ -title = "google_kms_key_ring_iam_bindings resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_key_ring_iam_bindings" - identifier = "inspec/resources/gcp/google_kms_key_ring_iam_bindings.md google_kms_key_ring_iam_bindings resource" - parent = "inspec/resources/gcp" -+++ - -**This resource is deprecated. Please use `google_kms_key_ring_iam_policy` instead** - -Use the `google_kms_key_ring_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP KMS key ring IAM bindings. - -## Syntax - -A `google_kms_key_ring_iam_bindings` resource block collects GCP KMS key ring IAM bindings then tests that group. - - describe google_kms_key_ring_iam_bindings(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring') do - it { should exist } - end - -Use this InSpec resource to enumerate roles then test in-depth using `google_kms_key_ring_iam_binding`. - - google_kms_key_ring_iam_bindings(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring').iam_binding_roles.each do |iam_binding_role| - describe google_kms_key_ring_iam_binding(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring', role: "roles/owner") do - it { should exist } - its('members') {should include 'user:someuser@domain.com' } - end - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that there are no more than a specified number of IAM bindings roles available for the key ring - - describe google_kms_key_ring_iam_bindings(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring') do - its('count') { should be <= 100} - end - -### Test that an expected IAM binding is available for the key ring - - describe google_kms_key_ring_iam_bindings(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring') do - its('iam_binding_roles') { should include "roles/storage.admin" } - end - -### Test that a particular role does not exist using filtering of the plural resource - - describe google_kms_key_ring_iam_bindings(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring').where(iam_binding_role: "roles/iam.securityReviewer") do - it { should_not exist } - end - -## Filter Criteria - -This resource supports the following filter criteria: `iam_binding_role`. This may be used with `where`, as a block or as a method. - -## Properties - -- `iam_binding_roles` - an array of google_kms_key_ring_iam_binding role strings e.g. `["roles/compute.admin", "roles/owner"]` - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.s diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_policy.md deleted file mode 100644 index 3a7fcc7912..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_ring_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_kms_key_ring_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_key_ring_iam_policy" - identifier = "inspec/resources/gcp/google_kms_key_ring_iam_policy.md google_kms_key_ring_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_key_ring_iam_policy` is used to test a Google KeyRing Iam Policy resource - -## Examples - -```ruby -describe google_kms_key_ring_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name") do - it { should exist } -end - -google_kms_key_ring_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_kms_key_ring_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_rings.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_rings.md deleted file mode 100644 index 42fb71252f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_kms_key_rings.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "google_kms_key_rings resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_kms_key_rings" - identifier = "inspec/resources/gcp/google_kms_key_rings.md google_kms_key_rings resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_kms_key_rings` is used to test a Google KeyRing resource - -## Examples - -```ruby -describe google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2') do - its('key_ring_names'){ should include 'kms-key-ring' } -end - -describe.one do - google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2').key_ring_urls do |url| - describe url do - it { should match 'kms-key-ring' } - end - end -end -``` - -### Test that there are no more than a specified number of kms_key_rings available for the project - - describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do - its('count') { should be <= 200} - end - -### Test that an expected kms_key_ring is available for the project - - describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do - its('key_ring_names') { should include "a-named-key" } - end - -### Test that all KMS key rings were created in the past year - - describe google_kms_key_rings(project: gcp_project_id, location: 'us-east1').key_ring_names.each do |key_ring_name| - describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', 'name: key_ring_name) do - it { should exist } - its('create_time_date') { should be > Time.now - 365*60*60*24 } - end - end - -## Properties - -Properties that can be accessed from the `google_kms_key_rings` resource: - -See the [google_kms_key_ring](/inspec/resources/google_kms_key_ring/#properties) resource for more information. - -`create_times` -: an array of `google_kms_key_ring` create_time - -`key_ring_urls` -: an array of `google_kms_key_ring` key_ring_url - -`locations` -: an array of `google_kms_key_ring` location - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_exclusion.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_exclusion.md deleted file mode 100644 index 83ccd67ff9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_exclusion.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_logging_folder_exclusion resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_folder_exclusion" - identifier = "inspec/resources/gcp/google_logging_folder_exclusion.md google_logging_folder_exclusion resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_folder_exclusion` is used to test a Google FolderExclusion resource - -## Examples - -```ruby -# Getting folder exclusions is complicated due to the name being generated by the server. -# This can be drastically simplified if you have the name when writing the test -describe.one do - google_resourcemanager_folders(parent: 'organizations/12345').names.each do |folder_name| - # name on a folder is in the form `folders/12345` - google_logging_folder_exclusions(folder: folder_name.split('/')[1]).names.each do |exclusion_name| - describe google_logging_folder_exclusion(folder: folder_name.split('/')[1], name: exclusion_name) do - its('name'){ should cmp 'inspec-folder-exclusion' } - its('description'){ should cmp 'My folder exclusion description' } - its('filter'){ should cmp 'resource.type = gce_instance AND severity <= DEBUG' } - end - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_folder_exclusion` resource: - -`folder` -: Id of the folder that this exclusion applies to. - -`name` -: Name of the exclusion, specified by the server during create. - -`description` -: A user provided description of this exclusion. - -`filter` -: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter. - -`disabled` -: If set to true then this exclusion is disabled and it does not exclude any log entries. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_exclusions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_exclusions.md deleted file mode 100644 index 5cb3d7ecd5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_exclusions.md +++ /dev/null @@ -1,63 +0,0 @@ -+++ -title = "google_logging_folder_exclusions resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_folder_exclusions" - identifier = "inspec/resources/gcp/google_logging_folder_exclusions.md google_logging_folder_exclusions resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_folder_exclusions` is used to test a Google FolderExclusion resource - -## Examples - -```ruby -# Getting folder exclusions is complicated due to the name being generated by the server. -# This can be drastically simplified if you have the name when writing the test -describe.one do - google_resourcemanager_folders(parent: 'organizations/12345').names.each do |name| - # name on a folder is in the form `folders/12345` - describe google_logging_folder_exclusions(folder: name.split('/')[1]) do - its('names'){ should include 'inspec-folder-exclusion' } - its('descriptions'){ should include 'My folder exclusion description' } - its('filters'){ should include 'resource.type = gce_instance AND severity <= DEBUG' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_folder_exclusions` resource: - -See the [google_logging_folder_exclusion](/inspec/resources/google_logging_folder_exclusion/#properties) resource for more information. - -`folders` -: an array of `google_logging_folder_exclusion` folder - -`names` -: an array of `google_logging_folder_exclusion` name - -`descriptions` -: an array of `google_logging_folder_exclusion` description - -`filters` -: an array of `google_logging_folder_exclusion` filter - -`disableds` -: an array of `google_logging_folder_exclusion` disabled - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_log_sink.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_log_sink.md deleted file mode 100644 index d274596527..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_log_sink.md +++ /dev/null @@ -1,59 +0,0 @@ -+++ -title = "google_logging_folder_log_sink resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_folder_log_sink" - identifier = "inspec/resources/gcp/google_logging_folder_log_sink.md google_logging_folder_log_sink resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_folder_log_sink` is used to test a Google FolderLogSink resource - -## Examples - -```ruby -# Getting folder sinks is complicated due to the name being generated by the server. -# This can be drastically simplified if you have the folder name when writing the test -describe.one do - google_resourcemanager_folders(parent: 'organizations/12345').names.each do |folder_name| - # name on a folder is in the form `folders/12345` - describe google_logging_folder_log_sink(folder: folder_name.split('/')[1], name: 'inspec-gcp-folder-sink') do - it { should exist } - its('filter') { should cmp 'resource.type = gce_instance AND severity >= ERROR' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_folder_log_sink` resource: - -`folder` -: Id of the folder that this sink belongs to - - -`name` -: Name of the log sink. - -`filter` -: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter. - -`destination` -: The export destination. - -`writer_identity` -: An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink's destination. This field is set by sinks.create and sinks.update based on the value of uniqueWriterIdentity in those methods. - -`include_children` -: If the field is false, the default, only the logs owned by the sink's parent resource are available for export. If the field is true, then logs from all the projects, folders, and billing accounts contained in the sink's parent resource are also available for export. Whether a particular log entry from the children is exported depends on the sink's filter expression. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_log_sinks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_log_sinks.md deleted file mode 100644 index 83579d93cd..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_folder_log_sinks.md +++ /dev/null @@ -1,65 +0,0 @@ -+++ -title = "google_logging_folder_log_sinks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_folder_log_sinks" - identifier = "inspec/resources/gcp/google_logging_folder_log_sinks.md google_logging_folder_log_sinks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_folder_log_sinks` is used to test a Google FolderLogSink resource - -## Examples - -```ruby -# Getting folder sinks is complicated due to the name being generated by the server. -# This can be drastically simplified if you have the folder name when writing the test -describe.one do - google_resourcemanager_folders(parent: 'organizations/12345').names.each do |folder_name| - # name on a folder is in the form `folders/12345` - describe google_logging_folder_log_sinks(folder: folder_name.split('/')[1]) do - its('names') { should include 'inspec-gcp-folder-sink' } - its('filters') { should include 'resource.type = gce_instance AND severity >= ERROR' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_folder_log_sinks` resource: - -See the [google_logging_folder_log_sink](/inspec/resources/google_logging_folder_log_sink/#properties) resource for more information. - -`folders` -: an array of `google_logging_folder_log_sink` folder - -`names` -: an array of `google_logging_folder_log_sink` name - -`filters` -: an array of `google_logging_folder_log_sink` filter - -`destinations` -: an array of `google_logging_folder_log_sink` destination - -`writer_identities` -: an array of `google_logging_folder_log_sink` writer_identity - -`include_children` -: an array of `google_logging_folder_log_sink` include_children - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_organization_log_sink.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_organization_log_sink.md deleted file mode 100644 index c2166f18d5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_organization_log_sink.md +++ /dev/null @@ -1,55 +0,0 @@ -+++ -title = "google_logging_organization_log_sink resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_organization_log_sink" - identifier = "inspec/resources/gcp/google_logging_organization_log_sink.md google_logging_organization_log_sink resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_organization_log_sink` is used to test a Google OrganizationLogSink resource - -## Examples - -```ruby -describe google_logging_organization_log_sink(organization: '190694428152', name: 'inspec-gcp-org-sink') do - it { should exist } - its('filter') { should cmp 'resource.type = gce_instance' } -end - -describe google_logging_organization_log_sink(organization: '190694428152', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_organization_log_sink` resource: - -`organization` -: Id of the organization that this sink belongs to. - -`name` -: Name of the log sink. - -`filter` -: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter. - -`destination` -: The export destination. - -`writer_identity` -: An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink's destination. This field is set by sinks.create and sinks.update based on the value of uniqueWriterIdentity in those methods. - -`include_children` -: If the field is false, the default, only the logs owned by the sink's parent resource are available for export. If the field is true, then logs from all the projects, folders, and billing accounts contained in the sink's parent resource are also available for export. Whether a particular log entry from the children is exported depends on the sink's filter expression. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_organization_log_sinks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_organization_log_sinks.md deleted file mode 100644 index 8f33991610..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_organization_log_sinks.md +++ /dev/null @@ -1,57 +0,0 @@ -+++ -title = "google_logging_organization_log_sinks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_organization_log_sinks" - identifier = "inspec/resources/gcp/google_logging_organization_log_sinks.md google_logging_organization_log_sinks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_organization_log_sinks` is used to test a Google OrganizationLogSink resource - -## Examples - -```ruby -describe google_logging_organization_log_sinks(organization: '190694428152') do - its('names') { should include 'inspec-gcp-org-sink' } -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_organization_log_sinks` resource: - -See the [google_logging_organization_log_sink](/inspec/resources/google_logging_organization_log_sink/#properties) resource for more information. - -`organizations` -: an array of `google_logging_organization_log_sink` organization - -`names` -: an array of `google_logging_organization_log_sink` name - -`filters` -: an array of `google_logging_organization_log_sink` filter - -`destinations` -: an array of `google_logging_organization_log_sink` destination - -`writer_identities` -: an array of `google_logging_organization_log_sink` writer_identity - -`include_children` -: an array of `google_logging_organization_log_sink` include_children - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_exclusion.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_exclusion.md deleted file mode 100644 index 3c4a03c2a2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_exclusion.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_logging_project_exclusion resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_project_exclusion" - identifier = "inspec/resources/gcp/google_logging_project_exclusion.md google_logging_project_exclusion resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_project_exclusion` is used to test a Google ProjectExclusion resource - -## Examples - -```ruby - -describe google_logging_project_exclusion(project: 'chef-gcp-inspec', name: 'inspec-project-exclusion') do - it { should exist } - its('description'){ should cmp 'My project exclusion description' } - its('filter'){ should cmp 'resource.type = gce_instance AND severity <= DEBUG' } -end - -describe google_logging_project_exclusion(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP project logging exclusion name is as expected - - describe google_logging_project_exclusion(project: 'chef-inspec-gcp', exclusion: 'exclusion-name-abcd') do - its('name') { should eq 'exclusion-name-abcd' } - end - -### Test that a GCP project logging exclusion filter is set correctly - - describe google_logging_project_exclusion(project: 'chef-inspec-gcp', exclusion: 'exclusion-name-abcd') do - its('filter') { should eq 'resource.type = gce_instance AND severity <= DEBUG' } - end - -### Test that a GCP project logging exclusion description is as expected - - describe google_logging_project_exclusion(project: 'chef-inspec-gcp', exclusion: 'exclusion-name-abcd') do - its('description') { should eq 'Exclude GCE instance debug logs' } - end - -## Properties - -Properties that can be accessed from the `google_logging_project_exclusion` resource: - -`project` -: Id of the project that this exclusion applies to. - -`name` -: Name of the exclusion, specified by the server during create. - -`description` -: A user provided description of this exclusion. - -`filter` -: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter. - -`disabled` -: If set to true then this exclusion is disabled and it does not exclude any log entries. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_exclusions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_exclusions.md deleted file mode 100644 index e499a1133f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_exclusions.md +++ /dev/null @@ -1,55 +0,0 @@ -+++ -title = "google_logging_project_exclusions resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_project_exclusions" - identifier = "inspec/resources/gcp/google_logging_project_exclusions.md google_logging_project_exclusions resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_project_exclusions` is used to test a Google ProjectExclusion resource - -## Examples - -```ruby - -describe google_logging_project_exclusions(project: 'chef-gcp-inspec') do - its('names'){ should include 'inspec-folder-exclusion' } -end -``` - -## Properties - -Properties that can be accessed from the `google_logging_project_exclusions` resource: - -See the [google_logging_project_exclusion](/inspec/resources/google_logging_project_exclusion/#properties) resource for more information. - -`projects` -: an array of `google_logging_project_exclusion` project - -`names` -: an array of `google_logging_project_exclusion` name - -`descriptions` -: an array of `google_logging_project_exclusion` description - -`filters` -: an array of `google_logging_project_exclusion` filter - -`disableds` -: an array of `google_logging_project_exclusion` disabled - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_sink.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_sink.md deleted file mode 100644 index ee3291409e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_sink.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "google_logging_project_sink resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_project_sink" - identifier = "inspec/resources/gcp/google_logging_project_sink.md google_logging_project_sink resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_project_sink` is used to test a Google ProjectSink resource - -## Examples - -```ruby -describe google_logging_project_sink(project: 'chef-gcp-inspec', name: 'inspec-gcp-org-sink') do - it { should exist } - its('filter') { should cmp 'resource.type = gce_instance AND severity = DEBUG' } -end - -describe google_logging_project_sink(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP project logging sink destination is correct - - describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: 'sink-name-abcd') do - its('destination') { should eq 'storage.googleapis.com/gcp-inspec-logging-bucket' } - end - -### Test that a GCP project logging sink filter is correct - - describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: 'sink-name-abcd') do - its('filter') { should eq "resource.type = gce_instance AND resource.labels.instance_id = \"12345678910123123\"" } - end - -### Test a GCP project logging sink output version format - - describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: 'sink-name-abcd') do - its('output_version_format') { should eq "V2" } - end - -### Test a GCP project logging sink writer identity is as expected - - describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: 'sink-name-abcd') do - its('writer_identity') { should eq "serviceAccount:my-logging-service-account.iam.gserviceaccount.com" } - end - -## Properties - -Properties that can be accessed from the `google_logging_project_sink` resource: - -`project` -: Id of the project that this sink belongs to. - -`name` -: Name of the log sink. - -`filter` -: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter. - -`destination` -: The export destination. - -`writer_identity` -: An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink's destination. This field is set by sinks.create and sinks.update based on the value of uniqueWriterIdentity in those methods. - -`include_children` -: If the field is false, the default, only the logs owned by the sink's parent resource are available for export. If the field is true, then logs from all the projects, folders, and billing accounts contained in the sink's parent resource are also available for export. Whether a particular log entry from the children is exported depends on the sink's filter expression. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_sinks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_sinks.md deleted file mode 100644 index 380d0581e2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_logging_project_sinks.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "google_logging_project_sinks resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_logging_project_sinks" - identifier = "inspec/resources/gcp/google_logging_project_sinks.md google_logging_project_sinks resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_logging_project_sinks` is used to test a Google ProjectSink resource - -## Examples - -```ruby -describe google_logging_project_sinks(project: 'chef-gcp-inspec') do - its('names') { should include 'inspec-gcp-org-sink' } -end -``` - -### Test that there are no more than a specified number of sinks available for the project - - describe google_logging_project_sinks(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected sink name is available for the project - - describe google_logging_project_sinks(project: 'chef-inspec-gcp') do - its('sink_names') { should include "my-sink" } - end - -### Test that an expected sink destination is available for the project - - describe google_logging_project_sinks(project: 'chef-inspec-gcp') do - its('sink_destinations') { should include "storage.googleapis.com/a-logging-bucket" } - end - -### Test that a subset of all sinks matching "project\*" have a particular writer identity - - google_logging_project_sinks(project: 'chef-inspec-gcp').where(sink_name: /project/).sink_names.each do |sink_name| - describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: sink_name) do - its('writer_identity') { should eq "serviceAccount:my-logging-service-account.iam.gserviceaccount.com" } - end - end - -## Properties - -Properties that can be accessed from the `google_logging_project_sinks` resource: - -See the [google_logging_project_sink](/inspec/resources/google_logging_project_sink/#properties) resource for more information. - -`projects` -: an array of `google_logging_project_sink` project - -`names` -: an array of `google_logging_project_sink` name - -`filters` -: an array of `google_logging_project_sink` filter - -`destinations` -: an array of `google_logging_project_sink` destination - -`writer_identities` -: an array of `google_logging_project_sink` writer_identity - -`include_children` -: an array of `google_logging_project_sink` include_children - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_ml_engine_model.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_ml_engine_model.md deleted file mode 100644 index caa11527f3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_ml_engine_model.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "google_ml_engine_model resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_ml_engine_model" - identifier = "inspec/resources/gcp/google_ml_engine_model.md google_ml_engine_model resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_ml_engine_model` is used to test a Google Model resource - -## Examples - -```ruby -describe google_ml_engine_model(project: 'chef-gcp-inspec', name: 'ml_model') do - it { should exist } - its('description') { should cmp 'My awesome ML model' } - its('regions') { should include 'us-central1' } - its('online_prediction_logging') { should cmp 'true' } - its('online_prediction_console_logging') { should cmp 'true' } -end - -describe google_ml_engine_model(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_ml_engine_model` resource: - -`name` -: The name specified for the model. - -`description` -: The description specified for the model when it was created. - -`default_version` -: The default version of the model. This version will be used to handle prediction requests that do not specify a version. - - `name` - : The name specified for the version when it was created. - -`regions` -: The list of regions where the model is going to be deployed. Currently only one region per model is supported - -`online_prediction_logging` -: If true, online prediction access logs are sent to StackDriver Logging. - -`online_prediction_console_logging` -: If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging - -`labels` -: One or more labels that you can add, to organize your models. - -## GCP Permissions - -Ensure the [Cloud ML](https://console.cloud.google.com/apis/library/ml.googleapis.com) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_ml_engine_models.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_ml_engine_models.md deleted file mode 100644 index 098edf7965..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_ml_engine_models.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "google_ml_engine_models resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_ml_engine_models" - identifier = "inspec/resources/gcp/google_ml_engine_models.md google_ml_engine_models resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_ml_engine_models` is used to test a Google Model resource - -## Examples - -```ruby -describe google_ml_engine_models(project: 'chef-gcp-inspec') do - its('descriptions') { should include 'My awesome ML model' } - its('online_prediction_loggings') { should include 'true' } - its('online_prediction_console_loggings') { should include 'true' } -end -``` - -## Properties - -Properties that can be accessed from the `google_ml_engine_models` resource: - -See the [google_ml_engine_model](/inspec/resources/google_ml_engine_model/#properties) resource for more information. - -`names` -: an array of `google_ml_engine_model` name - -`descriptions` -: an array of `google_ml_engine_model` description - -`default_versions` -: an array of `google_ml_engine_model` default_version - -`regions` -: an array of `google_ml_engine_model` regions - -`online_prediction_loggings` -: an array of `google_ml_engine_model` online_prediction_logging - -`online_prediction_console_loggings` -: an array of `google_ml_engine_model` online_prediction_console_logging - -`labels` -: an array of `google_ml_engine_model` labels - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud ML](https://console.cloud.google.com/apis/library/ml.googleapis.com) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization.md deleted file mode 100644 index 633a43a17b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization.md +++ /dev/null @@ -1,70 +0,0 @@ -+++ -title = "google_organization resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_organization" - identifier = "inspec/resources/gcp/google_organization.md google_organization resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_organization` is used to test a Google Organization resource - -## Examples - -```ruby - -describe google_organization(name: "organizations/123456") do - its('name') { should eq "organizations/123456" } - its('lifecycle_state') { should cmp 'ACTIVE' } -end -``` - -### Test that a GCP organization has the expected name - - describe google_organization(name: 'organizations/1234') do - its('name') { should eq 'organizations/1234' } - end - -### Test that a GCP organization has the expected lifecycle state e.g. "ACTIVE" - - describe google_organization(display_name: 'google.com') do - its('lifecycle_state') { should eq "ACTIVE" } - end - -## Properties - -Properties that can be accessed from the `google_organization` resource: - -`name` -: The resource name of the organization. This is the organization's relative path in the API. Its format is "organizations/[organizationId]". For example, "organizations/1234". - -`display_name` -: A human-readable string that refers to the Organization in the GCP Console UI. This string is set by the server and cannot be changed. The string will be set to the primary domain (for example, "google.com") of the G Suite customer that owns the organization. - -`lifecycle_state` -: The lifecycle state of the folder. Updates to the lifecycleState must be performed via folders.delete and folders.undelete. - - Possible values: - - - LIFECYCLE_STATE_UNSPECIFIED - - ACTIVE - - DELETE_REQUESTED - -`creation_time` -: Timestamp when the Organization was created. Assigned by the server. - -`owner` -: The entity that owns the Organization - - `directory_customer_id` - : The G Suite customer id used in the Directory API - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_iam_binding.md deleted file mode 100644 index b87994bb04..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_organization_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_organization_iam_binding" - identifier = "inspec/resources/gcp/google_organization_iam_binding.md google_organization_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_organization_iam_binding` is used to test a Google Organization Iam Bindings - -## Examples - -```ruby -describe google_organization_iam_binding(name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_organization_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_iam_policy.md deleted file mode 100644 index f8d018550d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_organization_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_organization_iam_policy" - identifier = "inspec/resources/gcp/google_organization_iam_policy.md google_organization_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_organization_iam_policy` is used to test a Google Organization Iam Policy resource - -## Examples - -```ruby -describe google_organization_iam_policy(name: "name") do - it { should exist } -end - -google_organization_iam_policy(name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_organization_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_policy.md deleted file mode 100644 index 84a120262e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organization_policy.md +++ /dev/null @@ -1,69 +0,0 @@ -+++ -title = "google_organization_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_organization_policy" - identifier = "inspec/resources/gcp/google_organization_policy.md google_organization_policy resource" - parent = "inspec/resources/gcp" -+++ - -Use the `google_organization_policy` InSpec audit resource to test constraints set on a GCP organization. - -## Syntax - -Google organization policies can restrict certain GCP services. For more information see https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints - -A `google_organization_policy` resource block declares the tests for a single GCP organization constraint identified by the pair of the `name` of the organization and the `constraint`: - - describe google_organization_policy(name: 'organizations/123456', constraint: 'constraints/compute.disableGuestAttributesAccess') do - it { should exist } - its('boolean_policy.enforced') { should be true } - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that a GCP organization has a specific constraint enforced - - describe google_organization_policy(name: 'organizations/123456', constraint: 'constraints/compute.disableGuestAttributesAccess') do - it { should exist } - its('boolean_policy.enforced') { should be true } - end - -### Test that a GCP organization has certain values allowed for a list constraint - - describe google_organization_policy(name: 'organizations/123456', constraint: 'constraints/someListConstraint') do - it { should exist } - its('list_policy.allowed_values') { should include 'included_val' } - its('list_policy.allowed_values') { should_not include 'excluded' } - its('list_policy.denied_values') { should include 'denied' } - end - -## Properties - -`update_time` -: The time stamp this policy was last updated. - -`boolean_policy` -: Only available for constraints that are boolean policies. - - `enforced` - : Boolean for if this policy is enforced. - -`list_policy` -: Available for list policies. - - `allowed_values` - : List of values allowed at this resource. - - `denied_values` - : List of values denied at this resource. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organizations.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organizations.md deleted file mode 100644 index c31d25b7b7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_organizations.md +++ /dev/null @@ -1,87 +0,0 @@ -+++ -title = "google_organizations resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_organizations" - identifier = "inspec/resources/gcp/google_organizations.md google_organizations resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_organizations` is used to test a Google Organization resource - -## Examples - -```ruby - -describe google_organizations do - its('names') { should include "organizations/123456" } -end -``` - -### Test that there are no more than a specified number of organizations available - - describe google_organizations do - its('count') { should be <= 100} - end - -### Test that an expected organization name is available - - describe google_organizations do - its('names') { should include "organization/1234" } - end - -### Test that an expected organization display name is available - - describe google_organizations do - its('display_names') { should include "google.com" } - end - -### Test that all organizations are ACTIVE - - describe google_organizations do - its('lifecycle_state'){ should eq 'ACTIVE' } - end - -### Test that a particular subset of ACTIVE organizations with display name 'goog\*' exist - - google_organizations.where(display_name: /^goog/, lifecycle_state: 'ACTIVE').names.each do |name| - describe google_organization(name: name) do - it { should exist } - end - end - -## Properties - -Properties that can be accessed from the `google_organizations` resource: - -See the [google_organization](/inspec/resources/google_organization/#properties) resource for more information. - -`names` -: an array of `google_organization` name - -`display_names` -: an array of `google_organization` display_name - -`lifecycle_states` -: an array of `google_organization` lifecycle_state - -`creation_times` -: an array of `google_organization` creation_time - -`owners` -: an array of `google_organization` owner - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project.md deleted file mode 100644 index 61ff714f53..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project.md +++ /dev/null @@ -1,87 +0,0 @@ -+++ -title = "google_project resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project" - identifier = "inspec/resources/gcp/google_project.md google_project resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project` is used to test a Google Project resource - -## Examples - -```ruby -describe google_project(project: 'chef-gcp-inspec') do - it { should exist } - its('project_id') { should cmp 'chef-gcp-inspec' } - its('lifecycle_state') { should cmp 'ACTIVE' } -end -``` - -### Test that a GCP project has the expected project number - - describe google_project(project: 'chef-inspec-gcp') do - its('project_number') { should eq 12345678 } - end - -### Test that a GCP project has the expected lifecycle state e.g. "ACTIVE" - - describe google_project(project: 'chef-inspec-gcp') do - its('lifecycle_state') { should eq "ACTIVE" } - end - -### Validate that a GCP project has some arbitrary label with expected content (for example defined by regexp ) - - describe google_project(project: 'chef-inspec-gcp').label_value_by_key('season') do - it {should match '^(winter|spring|summer|autumn)$' } - end - -## Properties - -Properties that can be accessed from the `google_project` resource: - -`number` -: Number uniquely identifying the project. - -`lifecycle_state` -: The Project lifecycle state. - - Possible values: - - - LIFECYCLE_STATE_UNSPECIFIED - - ACTIVE - - DELETE_REQUESTED - - DELETE_IN_PROGRESS - - -`name` -: The user-assigned display name of the Project. It must be 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. - -`create_time` -: Time of creation - -`labels` -: The labels associated with this Project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 256 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed - -`parent` -: A parent organization - - `type` - : Must be organization. - - `id` - : Id of the organization - -`project_id` -: The unique, user-assigned ID of the Project. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policies.md deleted file mode 100644 index e489ccd210..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policies.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "google_project_alert_policies resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_alert_policies" - identifier = "inspec/resources/gcp/google_project_alert_policies.md google_project_alert_policies resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_alert_policies` is used to test a Google AlertPolicy resource - -## Examples - -```ruby -describe google_project_alert_policies(project: 'chef-gcp-inspec') do - it { should exist } - its('policy_display_names') { should include 'Display'} - its('combiners') { should include 'OR'} -end -``` - -### Test that there are no more than a specified number of project alert policies available for the project - - describe google_project_alert_policies(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected policy name is available for the project - - describe google_project_alert_policies(project: 'chef-inspec-gcp') do - its('policy_names') { should include 'projects/spaterson-project/alertPolicies/9271751234503117449' } - end - -### Test whether any expected policy display name is available for the project - - describe google_project_alert_policies(project: 'chef-inspec-gcp') do - its('policy_display_names') { should_not include 'banned policy' } - end - -### Ensure no existing policies are inactive - - describe google_project_alert_policies(project: 'chef-inspec-gcp') do - its('policy_enabled_states') { should_not include false } - end - -## Properties - -Properties that can be accessed from the `google_project_alert_policies` resource: - -See the [google_project_alert_policy](/inspec/resources/google_project_alert_policy/#properties) resource for more information. - -`policy_names` -: an array of `google_project_alert_policy` name - -`policy_display_names` -: an array of `google_project_alert_policy` display_name - -`combiners` -: an array of `google_project_alert_policy` combiner - -`creation_records` -: an array of `google_project_alert_policy` creation_record - -`policy_enabled_states` -: an array of `google_project_alert_policy` enabled - -`conditions` -: an array of `google_project_alert_policy` conditions - -`notification_channels` -: an array of `google_project_alert_policy` notification_channels - -`user_labels` -: an array of `google_project_alert_policy` user_labels - -`documentations` -: an array of `google_project_alert_policy` documentation - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Monitoring API](https://console.cloud.google.com/apis/library/monitoring.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policy.md deleted file mode 100644 index 58aa6bf9c0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policy.md +++ /dev/null @@ -1,318 +0,0 @@ -+++ -title = "google_project_alert_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_alert_policy" - identifier = "inspec/resources/gcp/google_project_alert_policy.md google_project_alert_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_alert_policy` is used to test a Google AlertPolicy resource - -## Examples - -```ruby -describe.one do - google_project_alert_policies(project: 'chef-gcp-inspec').policy_names.each do |policy_name| - describe google_project_alert_policy(project: 'chef-gcp-inspec', name: policy_name.split('/').last) do - it { should exist } - its('display_name') { should cmp 'Display'} - its('combiner') { should cmp 'OR'} - it { should be_enabled } - end - end -end -``` - -### Test that a GCP alert policy is enabled - - describe google_project_alert_policy(policy: 'spaterson', name: '9271751234503117449') do - it { should be_enabled } - end - -### Test that a GCP compute alert policy display name is correct - - describe google_project_alert_policy(policy: 'spaterson-project', name: '9271751234503117449') do - its('display_name') { should eq 'policy name' } - end - -## Properties - -Properties that can be accessed from the `google_project_alert_policy` resource: - -`name` -: The unique resource name for this policy. Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID] - -`display_name` -: A short name or phrase used to identify the policy in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple policies in the same project. The name is limited to 512 Unicode characters. - -`combiner` -: How to combine the results of multiple conditions to determine if an incident should be opened. - - Possible values: - - - AND - - OR - - AND_WITH_MATCHING_RESOURCE - -`creation_record` -: A read-only record of the creation of the alerting policy. If provided in a call to create or update, this field will be ignored. - - `mutate_time` - : When the change occurred. - - `mutated_by` - : The email address of the user making the change. - -`enabled` -: Whether or not the policy is enabled. The default is true. - -`conditions` -: A list of conditions for the policy. The conditions are combined by AND or OR according to the combiner field. If the combined conditions evaluate to true, then an incident is created. A policy can have from one to six conditions. - - `condition_absent` - : A condition that checks that a time series continues to receive new data points. - - `aggregations` - : Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources). Multiple aggregations are applied in the order specified. - - `per_series_aligner` - : The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. - - Possible values: - - - ALIGN_NONE - - ALIGN_DELTA - - ALIGN_RATE - - ALIGN_INTERPOLATE - - ALIGN_NEXT_OLDER - - ALIGN_MIN - - ALIGN_MAX - - ALIGN_MEAN - - ALIGN_COUNT - - ALIGN_SUM - - ALIGN_STDDEV - - ALIGN_COUNT_TRUE - - ALIGN_COUNT_FALSE - - ALIGN_FRACTION_TRUE - - ALIGN_PERCENTILE_99 - - ALIGN_PERCENTILE_95 - - ALIGN_PERCENTILE_50 - - ALIGN_PERCENTILE_05 - - ALIGN_PERCENT_CHANGE - - `group_by_fields` - : The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored. - - `alignment_period` - : The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned. - - `cross_series_reducer` - : The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. - - Possible values: - - - REDUCE_NONE - - REDUCE_MEAN - - REDUCE_MIN - - REDUCE_MAX - - REDUCE_SUM - - REDUCE_STDDEV - - REDUCE_COUNT - - REDUCE_COUNT_TRUE - - REDUCE_COUNT_FALSE - - REDUCE_FRACTION_TRUE - - REDUCE_PERCENTILE_99 - - REDUCE_PERCENTILE_95 - - REDUCE_PERCENTILE_50 - - REDUCE_PERCENTILE_05 - - `trigger` - : The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations. - - `percent` - : The percentage of time series that must fail the predicate for the condition to be triggered. - - `count` - : The absolute number of time series that must fail the predicate for the condition to be triggered. - - `duration` - : The amount of time that a time series must fail to report new data to be considered failing. Currently, only values that are a multiple of a minute--e.g. 60s, 120s, or 300s --are supported. - - `filter` - : A filter that identifies which time series should be compared with the threshold.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length. - - `name` - : The unique resource name for this condition. Its syntax is: projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] [CONDITION_ID] is assigned by Stackdriver Monitoring when the condition is created as part of a new or updated alerting policy. - - `condition_threshold` - : A condition that compares a time series against a threshold. - - `threshold_value` - : A value against which to compare the time series. - - `denominator_filter` - : A filter that identifies a time series that should be used as the denominator of a ratio that will be compared with the threshold. If a denominator_filter is specified, the time series specified by the filter field will be used as the numerator.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length. - - `denominator_aggregations` - : Specifies the alignment of data points in individual time series selected by denominatorFilter as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources).When computing ratios, the aggregations and denominator_aggregations fields must use the same alignment period and produce time series that have the same periodicity and labels.This field is similar to the one in the MetricService.ListTimeSeries request. It is advisable to use the ListTimeSeries method when debugging this field. - - `per_series_aligner` - : The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. - - Possible values: - - - ALIGN_NONE - - ALIGN_DELTA - - ALIGN_RATE - - ALIGN_INTERPOLATE - - ALIGN_NEXT_OLDER - - ALIGN_MIN - - ALIGN_MAX - - ALIGN_MEAN - - ALIGN_COUNT - - ALIGN_SUM - - ALIGN_STDDEV - - ALIGN_COUNT_TRUE - - ALIGN_COUNT_FALSE - - ALIGN_FRACTION_TRUE - - ALIGN_PERCENTILE_99 - - ALIGN_PERCENTILE_95 - - ALIGN_PERCENTILE_50 - - ALIGN_PERCENTILE_05 - - ALIGN_PERCENT_CHANGE - - `group_by_fields` - : The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored. - - `alignment_period` - : The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned. - - `cross_series_reducer` - : The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. - - Possible values: - - - REDUCE_NONE - - REDUCE_MEAN - - REDUCE_MIN - - REDUCE_MAX - - REDUCE_SUM - - REDUCE_STDDEV - - REDUCE_COUNT - - REDUCE_COUNT_TRUE - - REDUCE_COUNT_FALSE - - REDUCE_FRACTION_TRUE - - REDUCE_PERCENTILE_99 - - REDUCE_PERCENTILE_95 - - REDUCE_PERCENTILE_50 - - REDUCE_PERCENTILE_05 - - `duration` - : The amount of time that a time series must violate the threshold to be considered failing. Currently, only values that are a multiple of a minute--e.g., 0, 60, 120, or 300 seconds--are supported. If an invalid value is given, an error will be returned. When choosing a duration, it is useful to keep in mind the frequency of the underlying time series data (which may also be affected by any alignments specified in the aggregations field); a good duration is long enough so that a single outlier does not generate spurious alerts, but short enough that unhealthy states are detected and alerted on quickly. - - `comparison` - : The comparison to apply between the time series (indicated by filter and aggregation) and the threshold (indicated by threshold_value). The comparison is applied on each time series, with the time series on the left-hand side and the threshold on the right-hand side. Only COMPARISON_LT and COMPARISON_GT are supported currently. - - Possible values: - - - COMPARISON_GT - - COMPARISON_GE - - COMPARISON_LT - - COMPARISON_LE - - COMPARISON_EQ - - COMPARISON_NE - - `trigger` - : The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations, or by the ratio, if denominator_filter and denominator_aggregations are specified. - - `percent` - : The percentage of time series that must fail the predicate for the condition to be triggered. - - `count` - : The absolute number of time series that must fail the predicate for the condition to be triggered. - - `aggregations` - : Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources). Multiple aggregations are applied in the order specified.This field is similar to the one in the MetricService.ListTimeSeries request. It is advisable to use the ListTimeSeries method when debugging this field. - - `per_series_aligner` - : The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. - - Possible values: - - - ALIGN_NONE - - ALIGN_DELTA - - ALIGN_RATE - - ALIGN_INTERPOLATE - - ALIGN_NEXT_OLDER - - ALIGN_MIN - - ALIGN_MAX - - ALIGN_MEAN - - ALIGN_COUNT - - ALIGN_SUM - - ALIGN_STDDEV - - ALIGN_COUNT_TRUE - - ALIGN_COUNT_FALSE - - ALIGN_FRACTION_TRUE - - ALIGN_PERCENTILE_99 - - ALIGN_PERCENTILE_95 - - ALIGN_PERCENTILE_50 - - ALIGN_PERCENTILE_05 - - ALIGN_PERCENT_CHANGE - - `group_by_fields` - : The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored. - - `alignment_period` - : The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned. - - `cross_series_reducer` - : The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. - - Possible values: - - - REDUCE_NONE - - REDUCE_MEAN - - REDUCE_MIN - - REDUCE_MAX - - REDUCE_SUM - - REDUCE_STDDEV - - REDUCE_COUNT - - REDUCE_COUNT_TRUE - - REDUCE_COUNT_FALSE - - REDUCE_FRACTION_TRUE - - REDUCE_PERCENTILE_99 - - REDUCE_PERCENTILE_95 - - REDUCE_PERCENTILE_50 - - REDUCE_PERCENTILE_05 - - `filter` - : A filter that identifies which time series should be compared with the threshold.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length. - - `display_name` - : A short name or phrase used to identify the condition in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple conditions in the same policy. - -`notification_channels` -: Identifies the notification channels to which notifications should be sent when incidents are opened or closed or when new violations occur on an already opened incident. Each element of this array corresponds to the name field in each of the NotificationChannel objects that are returned from the notificationChannels.list method. The syntax of the entries in this field is `projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]` - -`user_labels` -: This field is intended to be used for organizing and identifying the AlertPolicy objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. - -`documentation` -: A short name or phrase used to identify the policy in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple policies in the same project. The name is limited to 512 Unicode characters. - - `content` - : The text of the documentation, interpreted according to mimeType. The content may not exceed 8,192 Unicode characters and may not exceed more than 10,240 bytes when encoded in UTF-8 format, whichever is smaller. - - `mime_type` - : The format of the content field. Presently, only the value "text/markdown" is supported. - -## GCP Permissions - -Ensure the [Stackdriver Monitoring API](https://console.cloud.google.com/apis/library/monitoring.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policy_condition.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policy_condition.md deleted file mode 100644 index 17b5117446..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_alert_policy_condition.md +++ /dev/null @@ -1,46 +0,0 @@ -+++ -title = "google_project_alert_policy_condition resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_alert_policy_condition" - identifier = "inspec/resources/gcp/google_project_alert_policy_condition.md google_project_alert_policy_condition resource" - parent = "inspec/resources/gcp" -+++ - -Use the `google_project_alert_policy_condition` InSpec audit resource to test properties of a single GCP project alert policy condition. - -## Syntax - -A `google_project_alert_policy_condition` resource block declares the tests for a single GCP project alert policy condition by name and filter. - - describe google_project_alert_policy_condition(name: 'projects/spaterson-project/alertPolicies/9271751234503117449', filter 'project=\"spaterson-project\"') do - it { should exist } - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that a GCP project alert policy condition has a particular threshold value - - describe google_project_alert_policy_condition(name: 'projects/spaterson-project/alertPolicies/9271751234503117449', filter 'project=\"spaterson-project\"') do - its('condition_threshold_value'){ should eq 0.001 } - end - -### Test that a GCP project alert policy condition has a particular aggregation alignment period - - describe google_project_alert_policy_condition(name: 'projects/spaterson-project/alertPolicies/9271751234503117449', filter 'project=\"spaterson-project\"') do - its('aggregation_alignment_period'){ should eq '60s' } - end - -## Properties - -- `condition_threshold_value`, `aggregation_alignment_period`, `aggregation_per_series_aligner`, `aggregation_cross_series_reducer` - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_binding.md deleted file mode 100644 index 7bf70a867a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_binding.md +++ /dev/null @@ -1,63 +0,0 @@ -+++ -title = "google_project_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_iam_binding" - identifier = "inspec/resources/gcp/google_project_iam_binding.md google_project_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_iam_binding` is used to test a Google Project Iam Bindings - -## Examples - -```ruby -describe google_project_iam_binding(project: "project", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -This resource supports [IAM conditions](https://cloud.google.com/iam/docs/conditions-overview). Specifying a `condition` in the constructor matches only bindings with that condition. `condition` has three possible fields, `title`, `expression` and `description`. If any of these fields are unspecified they will not be matched. - -``` -describe google_project_iam_binding(project: "project", role: "roles/browser", condition: { title: "my title" }) do - it { should exist } - its('members.count'){ should cmp 1 } - its('members') { should include 'user:testuser@example.com' } - its('condition.title') {should cmp 'my title' } - its('condition.expression') { should cmp "request.time < timestamp('2020-10-01T00:00:00.000Z')" } -end -``` - -## Properties - -Properties that can be accessed from the `google_project_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -`condition` -: Contains information about when this binding is to be applied. - -`expression` -: Textual representation of an expression in Common Expression Language syntax. - -`title` -: An optional title for the expression, i.e. a short string describing its purpose. - -`description` -: An optional description of the expression. This is a longer text which describes the expression. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_bindings.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_bindings.md deleted file mode 100644 index a8095edfc7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_bindings.md +++ /dev/null @@ -1,67 +0,0 @@ -+++ -title = "google_project_iam_bindings resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_iam_bindings" - identifier = "inspec/resources/gcp/google_project_iam_bindings.md google_project_iam_bindings resource" - parent = "inspec/resources/gcp" -+++ - -**This resource is deprecated. Please use `google_project_iam_policy` instead** - -Use the `google_project_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP project IAM bindings. - -## Syntax - -A `google_project_iam_bindings` resource block collects GCP project IAM bindings then tests that group. - - describe google_project_iam_bindings(project: 'chef-inspec-gcp') do - it { should exist } - end - -Use this InSpec resource to enumerate roles then test in-depth using `google_project_iam_binding`. - - google_project_iam_bindings(project: 'chef-inspec-gcp').iam_binding_roles.each do |iam_binding_role| - describe google_project_iam_binding(project: 'chef-inspec-gcp', role: iam_binding_role) do - it { should exist } - its('members') {should include 'user:someuser@domain.com' } - end - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that there are no more than a specified number of IAM bindings roles available for the project - - describe google_project_iam_bindings(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected role is available for the project - - describe google_project_iam_bindings(project: 'chef-inspec-gcp') do - its('iam_binding_roles') { should include "roles/storage.admin" } - end - -### Test that a particular role does not exist using filtering of the plural resource - - describe google_project_iam_bindings(project: 'chef-inspec-gcp').where(iam_binding_role: "roles/iam.securityReviewer") do - it { should_not exist } - end - -## Filter Criteria - -This resource supports the following filter criteria: `iam_binding_role`. This may be used with `where`, as a block or as a method. - -## Properties - -- `iam_binding_roles` - an array of google_project_iam_binding role strings e.g. `["roles/compute.admin", "roles/owner"]` - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_custom_role.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_custom_role.md deleted file mode 100644 index e5b22fe6df..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_custom_role.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_project_iam_custom_role resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_iam_custom_role" - identifier = "inspec/resources/gcp/google_project_iam_custom_role.md google_project_iam_custom_role resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_iam_custom_role` is used to test a Google CustomRole resource - -## Examples - -```ruby -describe google_project_iam_custom_role(project: 'chef-gcp-inspec', name: 'admin-role') do - it { should exist } - its('stage') { should eq 'GA' } - its('included_permissions') { should eq ["iam.roles.list"] } -end - -describe google_project_iam_custom_role(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP project IAM custom role has the expected stage in the launch lifecycle - - describe google_project_iam_custom_role(project: 'chef-inspec-gcp', name: 'chef-inspec-gcp-role-abcd') do - its('stage') { should eq "GA" } - end - -### Test that a GCP project IAM custom role has the expected included permissions - - describe google_project_iam_custom_role(project: 'chef-inspec-gcp', name: 'chef-inspec-gcp-role-abcd') do - its('included_permissions') { should eq ["iam.roles.list"] } - end - -## Properties - -Properties that can be accessed from the `google_project_iam_custom_role` resource: - -`name` -: The name of the role. - -`title` -: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes. - -`description` -: Human-readable description for the role - -`included_permissions` -: Names of permissions this role grants when bound in an IAM policy. - -`stage` -: The current launch stage of the role. - - Possible values: - - - ALPHA - - BETA - - GA - - DEPRECATED - - DISABLED - - EAP - - -`deleted` -: The current deleted state of the role - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_custom_roles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_custom_roles.md deleted file mode 100644 index ccbbc117e0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_custom_roles.md +++ /dev/null @@ -1,57 +0,0 @@ -+++ -title = "google_project_iam_custom_roles resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_iam_custom_roles" - identifier = "inspec/resources/gcp/google_project_iam_custom_roles.md google_project_iam_custom_roles resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_iam_custom_roles` is used to test a Google CustomRole resource - -## Examples - -```ruby -describe google_project_iam_custom_roles(project: 'chef-gcp-inspec') do - its('names') { should include "projects/project-id/roles/role-id" } -end -``` - -## Properties - -Properties that can be accessed from the `google_project_iam_custom_roles` resource: - -See the [google_project_iam_custom_role](/inspec/resources/google_project_iam_custom_role/#properties) resource for more information. - -`names` -: an array of `google_project_iam_custom_role` name - -`titles` -: an array of `google_project_iam_custom_role` title - -`descriptions` -: an array of `google_project_iam_custom_role` description - -`included_permissions` -: an array of `google_project_iam_custom_role` included_permissions - -`stages` -: an array of `google_project_iam_custom_role` stage - -`deleteds` -: an array of `google_project_iam_custom_role` deleted - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_policy.md deleted file mode 100644 index bdc4aea375..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_iam_policy.md +++ /dev/null @@ -1,80 +0,0 @@ -+++ -title = "google_project_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_iam_policy" - identifier = "inspec/resources/gcp/google_project_iam_policy.md google_project_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_iam_policy` is used to test a Google Project Iam Policy resource - -## Examples - -```ruby -describe google_project_iam_policy(project: "project") do - it { should exist } -end - -google_project_iam_policy(project: "project").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -This resource supports [IAM conditions](https://cloud.google.com/iam/docs/conditions-overview). - -## Properties - -Properties that can be accessed from the `google_project_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - - `condition` - : Contains information about when this binding is to be applied. - - `expression` - : Textual representation of an expression in Common Expression Language syntax. - - `title` - : An optional title for the expression, i.e. a short string describing its purpose. - - `description` - : An optional description of the expression. This is a longer text which describes the expression. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_logging_audit_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_logging_audit_config.md deleted file mode 100644 index 1f24a5854a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_logging_audit_config.md +++ /dev/null @@ -1,46 +0,0 @@ -+++ -title = "google_project_logging_audit_config resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_logging_audit_config" - identifier = "inspec/resources/gcp/google_project_logging_audit_config.md google_project_logging_audit_config resource" - parent = "inspec/resources/gcp" -+++ - -Use the `google_compute_zone` InSpec audit resource to test properties of a single GCP compute zone. - -## Syntax - -A `google_project_logging_audit_config` resource block declares the tests for a single GCP zone by project and name. - - describe google_project_logging_audit_config(project: 'chef-inspec-gcp') do - it { should exist } - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that a GCP project logging audit configuration has a default type defined - - describe google_project_logging_audit_config(project: 'chef-inspec-gcp') do - its('default_types') { should include 'ADMIN_READ' } - end - -### Test that a GCP project logging audit configuration has default exempted members - - describe google_compute_zone(project: 'chef-inspec-gcp', zone: 'us-east1-b') do - it { should_not have_default_exempted_members } - end - -## Properties - -- `default_types`, `default_exempted_members` - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_metric.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_metric.md deleted file mode 100644 index be6a47328c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_metric.md +++ /dev/null @@ -1,147 +0,0 @@ -+++ -title = "google_project_metric resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_metric" - identifier = "inspec/resources/gcp/google_project_metric.md google_project_metric resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_metric` is used to test a Google Metric resource - -## Examples - -```ruby -describe google_project_metric(project: 'chef-gcp-inspec', name: 'some/metric') do - it { should exist } - its('filter') { should cmp 'resource.type=gae_app AND severity>=ERROR' } - its('metric_descriptor.metric_kind') { should cmp 'DELTA' } - its('metric_descriptor.value_type') { should cmp 'INT64' } -end - -describe google_project_metric(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -### Test that a GCP project metric exists - - describe google_project_metric(project: 'chef-inspec-gcp', metric: 'metric_name') do - it { should exist } - end - -### Test that a GCP compute zone has an expected CPU platform - - describe google_project_metric(project: 'chef-inspec-gcp', metric: 'metric_name') do - its('filter') { should eq "(protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\")" } - end - -## Properties - -Properties that can be accessed from the `google_project_metric` resource: - -`name` -: The client-assigned metric identifier. Examples - "error*count", "nginx/requests". Metric identifiers are limited to 100 characters and can include only the following characters A-Z, a-z, 0-9, and the special characters *-.,+!\*',()%/. The forward-slash character (/) denotes a hierarchy of name pieces, and it cannot be the first character of the name. - -`description` -: A description of this metric, which is used in documentation. The maximum length of the description is 8000 characters. - -`filter` -: An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which is used to match log entries. - -`metric_descriptor` -: The metric descriptor associated with the logs-based metric. - - `unit` - : The unit in which the metric value is reported. It is only applicable if the valueType is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The supported units are a subset of [The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard - - `value_type` - : Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. For counter metrics, set this to INT64. - - Possible values: - - BOOL - - INT64 - - DOUBLE - - STRING - - DISTRIBUTION - - MONEY - - `metric_kind` - : Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. For counter metrics, set this to DELTA. - - Possible values: - - DELTA - - GAUGE - - CUMULATIVE - - `labels` - : The set of labels that can be used to describe a specific instance of this metric type. For example, the appengine.googleapis.com/http/server/response_latencies metric type has a label for the HTTP response code, response_code, so you can look at latencies for successful responses or just for responses that failed. - - `key` - : The label key. - - `description` - : A human-readable description for the label. - - `value_type` - : The type of data that can be assigned to the label. - - Possible values: - - BOOL - - INT64 - - STRING - - `display_name` - : A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota. - - `type` - : The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. - -`label_extractors` -: A map from a label key string to an extractor expression which is used to extract data from a log entry field and assign as the label value. Each label key specified in the LabelDescriptor must have an associated extractor expression in this map. The syntax of the extractor expression is the same as for the valueExtractor field. - -`value_extractor` -: A valueExtractor is required when using a distribution logs-based metric to extract the values to record from a log entry. Two functions are supported for value extraction - EXTRACT(field) or REGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which the value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified log entry field. The value of the field is converted to a string before applying the regex. It is an error to specify a regex that does not include exactly one capture group. - -`bucket_options` -: The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it describes the bucket boundaries used to create a histogram of the extracted values. - - `linear_buckets` - : Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). Each bucket represents a constant absolute uncertainty on the specific value in the bucket. - - `num_finite_buckets` - : Must be greater than 0. - - `width` - : Must be greater than 0. - - `offset` - : Lower bound of the first bucket. - - `exponential_buckets` - : Specifies an exponential sequence of buckets that have a width that is proportional to the value of the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket. - - `num_finite_buckets` - : Must be greater than 0. - - `growth_factor` - : Must be greater than 1. - - `scale` - : Must be greater than 0. - - `explicit_buckets` - : Specifies a set of buckets with arbitrary widths. - - `bounds` - : The values must be monotonically increasing. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_metrics.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_metrics.md deleted file mode 100644 index 6427c47d00..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_metrics.md +++ /dev/null @@ -1,90 +0,0 @@ -+++ -title = "google_project_metrics resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_metrics" - identifier = "inspec/resources/gcp/google_project_metrics.md google_project_metrics resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_metrics` is used to test a Google Metric resource - -## Examples - -```ruby -describe google_project_metrics(project: 'chef-gcp-inspec') do - it { should exist } - its('metric_filters') { should include 'resource.type=gae_app AND severity>=ERROR' } - its('metric_names') { should include 'some/metric' } -end - -describe.one do - google_project_metrics(project: 'chef-gcp-inspec').metric_types.each do |metric_type| - describe metric_type do - it { should match 'some/metric' } - end - end -end -``` - -### Test that there are no more than a specified number of metrics available for the project - - describe google_project_metrics(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that an expected metric name is available for the project - - describe google_project_metrics(project: 'chef-inspec-gcp') do - its('metric_names') { should include "metric-name" } - end - -### Test that a subset of all metrics with name matching "_project_" have a particular writer identity - - google_project_metrics(project: 'chef-inspec-gcp').where(metric_name: /project/).metric_names.each do |metric_name| - describe google_project_metric(project: 'chef-inspec-gcp', metric: metric_name) do - its('filter') { should eq "(protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\")" } - end - end - -## Properties - -Properties that can be accessed from the `google_project_metrics` resource: - -See the [google_project_metric](/inspec/resources/google_project_metric/#properties) resource for more information. - -`metric_names` -: an array of `google_project_metric` name - -`descriptions` -: an array of `google_project_metric` description - -`metric_filters` -: an array of `google_project_metric` filter - -`metric_descriptors` -: an array of `google_project_metric` metric_descriptor - -`label_extractors` -: an array of `google_project_metric` label_extractors - -`value_extractors` -: an array of `google_project_metric` value_extractor - -`bucket_options` -: an array of `google_project_metric` bucket_options - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_service.md deleted file mode 100644 index 822753ab8d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_service.md +++ /dev/null @@ -1,73 +0,0 @@ -+++ -title = "google_project_service resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_service" - identifier = "inspec/resources/gcp/google_project_service.md google_project_service resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_service` is used to test a Google Service resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_project_service(project: 'chef-gcp-inspec', name: 'maps-android-backend.googleapis.com') do - it { should exist } - its('state') { should cmp "ENABLED" } -end -``` - -## Properties - -Properties that can be accessed from the `google_project_service` resource: - -`name` -: The resource name of the service - -`parent` -: The name of the parent of this service. For example 'projects/123' - -`state` -: Whether or not the service has been enabled for use by the consumer. - - Possible values: - - - STATE_UNSPECIFIED - - DISABLED - - ENABLED - -`disable_dependent_services` -: Indicates if dependent services should also be disabled. Can only be turned on if service is disabled. - -`config` -: The service configuration of the available service. - - `name` - : The DNS address at which this service is available. - - `title` - : The product title for this service - - `apis` - : The list of API interfaces exported by this service. - - `name` - : Name of the API - - `version` - : The version of the API - -## GCP Permissions - -Ensure the [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_services.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_services.md deleted file mode 100644 index 9c7ff95417..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_project_services.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "google_project_services resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_project_services" - identifier = "inspec/resources/gcp/google_project_services.md google_project_services resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_project_services` is used to test a Google Service resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe.one do - google_project_services(project: 'chef-gcp-inspec').names.each do |name| - describe name do - it { should match 'maps-android-backend.googleapis.com' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_project_services` resource: - -See the [google_project_service](/inspec/resources/google_project_service/#properties) resource for more information. - -`names` -: an array of `google_project_service` name - -`parents` -: an array of `google_project_service` parent - -`states` -: an array of `google_project_service` state - -`disable_dependent_services` -: an array of `google_project_service` disable_dependent_services - -`configs` -: an array of `google_project_service` config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_projects.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_projects.md deleted file mode 100644 index ef98128b32..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_projects.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "google_projects resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_projects" - identifier = "inspec/resources/gcp/google_projects.md google_projects resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_projects` is used to test a Google Project resource - -## Examples - -```ruby -describe google_projects() do - its('count') { should be >= 1 } - its('project_ids') { should include 'chef-gcp-inspec' } - its('lifecycle_states') { should include 'ACTIVE' } -end -``` - -### Test that there are no more than a specified number of projects available for the project - - describe google_projects do - its('count') { should be <= 100} - end - -### Test that an expected named project is available - - describe google_projects do - its('project_names'){ should include "GCP Project Name" } - end - -### Test that an expected project identifier is available - - describe google_projects do - its('project_ids'){ should include "gcp_project_id" } - end - -### Test that an expected project number is available - - describe google_projects do - its('project_numbers'){ should include 1122334455 } - end - -### Test that a particular subset of projects with id 'prod\*' are in ACTIVE lifecycle state - - google_projects.where(project_id: /^prod/).project_ids.each do |gcp_project_id| - describe google_project(project: gcp_project_id) do - it { should exist } - its('lifecycle_state') { should eq "ACTIVE" } - end - end - -### Test that a particular subset of ACTIVE projects with id 'prod\*' exist - - google_projects.where(project_id: /^prod/, lifecycle_state: 'ACTIVE').project_ids.each do |gcp_project_id| - describe google_project(project: gcp_project_id) do - it { should exist } - end - end - -## Properties - -Properties that can be accessed from the `google_projects` resource: - -See the [google_project](/inspec/resources/google_project/#properties) resource for more information. - -`project_numbers` -: an array of `google_project` number - -`lifecycle_states` -: an array of `google_project` lifecycle_state - -`project_names` -: an array of `google_project` name - -`create_times` -: an array of `google_project` create_time - -`labels` -: an array of `google_project` labels - -`parents` -: an array of `google_project` parent - -`project_ids` -: an array of `google_project` project_id - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription.md deleted file mode 100644 index d279a6704d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription.md +++ /dev/null @@ -1,87 +0,0 @@ -+++ -title = "google_pubsub_subscription resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_subscription" - identifier = "inspec/resources/gcp/google_pubsub_subscription.md google_pubsub_subscription resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_subscription` is used to test a Google Subscription resource - -## Examples - -```ruby -describe google_pubsub_subscription(project: 'chef-gcp-inspec', name: 'inspec-gcp-subscription') do - it { should exist } -end - -describe google_pubsub_subscription(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_subscription` resource: - -`name` -: Name of the subscription. - -`topic` -: A reference to a Topic resource. - -`labels` -: A set of key/value label pairs to assign to this Subscription. - -`push_config` -: If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods. - - `oidc_token` - : If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization header in the HTTP request for every pushed message. - - `service_account_email` - : Service account email to be used for generating the OIDC token. The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig RPCs) must have the iam.serviceAccounts.actAs permission for the service account. - - `audience` - : Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. The audience value is a single case-sensitive string. Having multiple values (array) for the audience field is not supported. More info about the OIDC JWT token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 Note: if not specified, the Push endpoint URL will be used. - - `push_endpoint` - : A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push". - - `attributes` - : Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is x-goog-version, which you can use to change the format of the pushed message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the pushed message (i.e., its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the subscriptions.create call, it will default to the version of the API used to make such call. If not present during a subscriptions.modifyPushConfig call, its value will not be changed. subscriptions.get calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - -`ack_deadline_seconds` -: This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes). If this parameter is 0, a default value of 10 seconds is used. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. - -`message_retention_duration` -: How long to retain unacknowledged messages in the subscription's backlog, from the moment a message is published. If retainAckedMessages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more than 7 days (`"604800s"`) or less than 10 minutes (`"600s"`). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: `"600.5s"`. - -`retain_acked_messages` -: Indicates whether to retain acknowledged messages. If `true`, then messages are not expunged from the subscription's backlog, even if they are acknowledged, until they fall out of the messageRetentionDuration window. - -`expiration_policy` -: A policy that specifies the conditions for this subscription's expiration. A subscription is considered active as long as any connected subscriber is successfully consuming messages from the subscription or is issuing operations on the subscription. If expirationPolicy is not set, a default policy with ttl of 31 days will be used. If it is set but ttl is "", the resource never expires. The minimum allowed value for expirationPolicy.ttl is 1 day. - - `ttl` - : Specifies the "time-to-live" duration for an associated resource. The resource expires if it is not active for a period of ttl. If ttl is not set, the associated resource never expires. A duration in seconds with up to nine fractional digits, terminated by 's'. Example - "3.5s". - -`dead_letter_policy` -: A policy that specifies the conditions for dead lettering messages in this subscription. If dead_letter_policy is not set, dead lettering is disabled. The Cloud Pub/Sub service account associated with this subscriptions's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Acknowledge() messages on this subscription. - - `dead_letter_topic` - : The name of the topic to which dead letter messages should be published. Format is `projects/{project}/topics/{topic}`. The Cloud Pub/Sub service\naccount associated with the enclosing subscription's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Publish() to this topic. The operation will fail if the topic does not exist. Users should ensure that there is a subscription attached to this topic since messages published to a topic with no subscriptions are lost. - - `max_delivery_attempts` - : The maximum number of delivery attempts for any message. The value must be between 5 and 100. The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message). A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines. This field will be honored on a best effort basis. If this parameter is 0, a default value of 5 is used. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription_iam_binding.md deleted file mode 100644 index 09711fdcd6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_pubsub_subscription_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_subscription_iam_binding" - identifier = "inspec/resources/gcp/google_pubsub_subscription_iam_binding.md google_pubsub_subscription_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_subscription_iam_binding` is used to test a Google Subscription Iam Bindings - -## Examples - -```ruby -describe google_pubsub_subscription_iam_binding(project: "project", name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_subscription_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription_iam_policy.md deleted file mode 100644 index de805a6c29..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscription_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_pubsub_subscription_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_subscription_iam_policy" - identifier = "inspec/resources/gcp/google_pubsub_subscription_iam_policy.md google_pubsub_subscription_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_subscription_iam_policy` is used to test a Google Subscription Iam Policy resource - -## Examples - -```ruby -describe google_pubsub_subscription_iam_policy(project: "project", name: "name") do - it { should exist } -end - -google_pubsub_subscription_iam_policy(project: "project", name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_subscription_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscriptions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscriptions.md deleted file mode 100644 index 5a57083db4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_subscriptions.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "google_pubsub_subscriptions resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_subscriptions" - identifier = "inspec/resources/gcp/google_pubsub_subscriptions.md google_pubsub_subscriptions resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_subscriptions` is used to test a Google Subscription resource - -## Examples - -```ruby -describe google_pubsub_subscriptions(project: 'chef-gcp-inspec') do - its('count') { should be >= 1 } -end - -google_pubsub_subscriptions(project: 'chef-gcp-inspec').names.each do |subscription_name| - describe google_pubsub_subscription(project: 'chef-gcp-inspec', name: subscription_name) do - it { should exist } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_subscriptions` resource: - -See the [google_pubsub_subscription](/inspec/resources/google_pubsub_subscription/#properties) resource for more information. - -`names` -: an array of `google_pubsub_subscription` name - -`topics` -: an array of `google_pubsub_subscription` topic - -`labels` -: an array of `google_pubsub_subscription` labels - -`push_configs` -: an array of `google_pubsub_subscription` push_config - -`ack_deadline_seconds` -: an array of `google_pubsub_subscription` ack_deadline_seconds - -`message_retention_durations` -: an array of `google_pubsub_subscription` message_retention_duration - -`retain_acked_messages` -: an array of `google_pubsub_subscription` retain_acked_messages - -`expiration_policies` -: an array of `google_pubsub_subscription` expiration_policy - -`dead_letter_policies` -: an array of `google_pubsub_subscription` dead_letter_policy - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic.md deleted file mode 100644 index a1c00ca7be..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic.md +++ /dev/null @@ -1,51 +0,0 @@ -+++ -title = "google_pubsub_topic resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_topic" - identifier = "inspec/resources/gcp/google_pubsub_topic.md google_pubsub_topic resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_topic` is used to test a Google Topic resource - -## Examples - -```ruby -describe google_pubsub_topic(project: 'chef-gcp-inspec', name: 'inspec-gcp-topic') do - it { should exist } -end - -describe google_pubsub_topic(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_topic` resource: - -`name` -: Name of the topic. - -`kms_key_name` -: The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. Your project's PubSub service account (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*` - -`labels` -: A set of key/value label pairs to assign to this Topic. - -`message_storage_policy` -: Policy constraining the set of Google Cloud Platform regions where messages published to the topic may be stored. If not present, then no constraints are in effect. - - `allowed_persistence_regions` - : A list of IDs of GCP regions where messages that are published to the topic may be persisted in storage. Messages published by publishers running in non-allowed GCP regions (or running outside of GCP altogether) will be routed for storage in one of the allowed regions. An empty list means that no regions are allowed, and is not a valid configuration. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic_iam_binding.md deleted file mode 100644 index affdffbc31..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_pubsub_topic_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_topic_iam_binding" - identifier = "inspec/resources/gcp/google_pubsub_topic_iam_binding.md google_pubsub_topic_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_topic_iam_binding` is used to test a Google Topic Iam Bindings - -## Examples - -```ruby -describe google_pubsub_topic_iam_binding(project: "project", name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_topic_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic_iam_policy.md deleted file mode 100644 index ff0dd7f9e5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topic_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_pubsub_topic_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_topic_iam_policy" - identifier = "inspec/resources/gcp/google_pubsub_topic_iam_policy.md google_pubsub_topic_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_topic_iam_policy` is used to test a Google Topic Iam Policy resource - -## Examples - -```ruby -describe google_pubsub_topic_iam_policy(project: "project", name: "name") do - it { should exist } -end - -google_pubsub_topic_iam_policy(project: "project", name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_topic_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topics.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topics.md deleted file mode 100644 index e7986a8410..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_pubsub_topics.md +++ /dev/null @@ -1,61 +0,0 @@ -+++ -title = "google_pubsub_topics resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_pubsub_topics" - identifier = "inspec/resources/gcp/google_pubsub_topics.md google_pubsub_topics resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_pubsub_topics` is used to test a Google Topic resource - -## Examples - -```ruby -describe google_pubsub_topics(project: 'chef-gcp-inspec') do - it { should exist } - its('names') { should include 'inspec-gcp-topic' } - its('count') { should be >=1 } -end - -describe.one do - google_pubsub_topics(project: 'chef-gcp-inspec').names.each do |topic_name| - describe google_pubsub_topic(project: 'chef-gcp-inspec', name: topic_name) do - it { should exist } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_pubsub_topics` resource: - -See the [google_pubsub_topic](/inspec/resources/google_pubsub_topic/#properties) resource for more information. - -`names` -: an array of `google_pubsub_topic` name - -`kms_key_names` -: an array of `google_pubsub_topic` kms_key_name - -`labels` -: an array of `google_pubsub_topic` labels - -`message_storage_policies` -: an array of `google_pubsub_topic` message_storage_policy - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_redis_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_redis_instance.md deleted file mode 100644 index 54de4c98bf..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_redis_instance.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "google_redis_instance resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_redis_instance" - identifier = "inspec/resources/gcp/google_redis_instance.md google_redis_instance resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_redis_instance` is used to test a Google Instance resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_redis_instance(project: 'chef-gcp-inspec', region: 'us-central1', name: 'my-redis-cache') do - it { should exist } - its('tier') { should cmp 'STANDARD_HA' } - its('memory_size_gb') { should cmp '1' } - its('alternative_location_id') { should cmp 'us-central1-f' } - its('redis_version') { should cmp 'REDIS_3_2' } - its('display_name') { should cmp 'InSpec test instance' } - its('reserved_ip_range') { should cmp '192.168.0.0/29' } - its('labels') { should include('key' => 'value') } -end - -describe google_redis_instance(project: 'chef-gcp-inspec', region: 'us-central1', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_redis_instance` resource: - -`alternative_location_id` -: Only applicable to STANDARD_HA tier which protects the instance against zonal failures by provisioning it across two zones. If provided, it must be a different zone from the one provided in [locationId]. - -`authorized_network` -: The full name of the Google Compute Engine network to which the instance is connected. If left unspecified, the default network will be used. - -`connect_mode` -: The connection mode of the Redis instance. - - Possible values: - - - DIRECT_PEERING - - PRIVATE_SERVICE_ACCESS - - -`create_time` -: The time the instance was created in RFC3339 UTC"Zulu" format, accurate to nanoseconds. - -`current_location_id` -: The current zone where the Redis endpoint is placed. For Basic Tier instances, this will always be the same as the [locationId] provided by the user at creation time. For Standard Tier instances, this can be either [locationId] or [alternativeLocationId] and can change after a failover event. - -`display_name` -: An arbitrary and optional user-provided name for the instance. - -`host` -: Hostname or IP address of the exposed Redis endpoint used by clients to connect to the service. - -`labels` -: Resource labels to represent user provided metadata. - -`redis_configs` -: Redis configuration parameters, according to http://redis.io/topics/config. Please check Memorystore documentation for the list of supported parameters: https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs - -`location_id` -: The zone where the instance will be provisioned. If not provided, the service will choose a zone for the instance. For STANDARD_HA tier, instances will be created across two zones for protection against zonal failures. If [alternativeLocationId] is also provided, it must be different from [locationId]. - -`name` -: The ID of the instance or a fully qualified identifier for the instance. - -`memory_size_gb` -: Redis memory size in GiB. - -`port` -: The port number of the exposed Redis endpoint. - -`redis_version` -: The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: - REDIS_4_0 for Redis 4.0 compatibility - REDIS_3_2 for Redis 3.2 compatibility - -`reserved_ip_range` -: The CIDR range of internal addresses that are reserved for this instance. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be unique and non-overlapping with existing subnets in an authorized network. - -`tier` -: The service tier of the instance. Must be one of these values: - BASIC: standalone instance - STANDARD_HA: highly available primary/replica instances - - Possible values: - - - BASIC - - STANDARD_HA - - -`region` -: The name of the Redis region of the instance. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_redis_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_redis_instances.md deleted file mode 100644 index e29cdc4119..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_redis_instances.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "google_redis_instances resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_redis_instances" - identifier = "inspec/resources/gcp/google_redis_instances.md google_redis_instances resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_redis_instances` is used to test a Google Instance resource - -## Beta Resource - -This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource - -## Examples - -```ruby -describe google_redis_instances(project: 'chef-gcp-inspec', region: 'us-central1') do - its('tiers') { should include 'STANDARD_HA' } - its('memory_size_gbs') { should include '1' } - its('alternative_location_ids') { should include 'us-central1-f' } - its('redis_versions') { should include 'REDIS_3_2' } - its('display_names') { should include 'InSpec test instance' } - its('reserved_ip_ranges') { should include '192.168.0.0/29' } -end -``` - -## Properties - -Properties that can be accessed from the `google_redis_instances` resource: - -See the [google_redis_instance](/inspec/resources/google_redis_instance/#properties) resource for more information. - -`alternative_location_ids` -: an array of `google_redis_instance` alternative_location_id - -`authorized_networks` -: an array of `google_redis_instance` authorized_network - -`connect_modes` -: an array of `google_redis_instance` connect_mode - -`create_times` -: an array of `google_redis_instance` create_time - -`current_location_ids` -: an array of `google_redis_instance` current_location_id - -`display_names` -: an array of `google_redis_instance` display_name - -`hosts` -: an array of `google_redis_instance` host - -`labels` -: an array of `google_redis_instance` labels - -`redis_configs` -: an array of `google_redis_instance` redis_configs - -`location_ids` -: an array of `google_redis_instance` location_id - -`names` -: an array of `google_redis_instance` name - -`memory_size_gbs` -: an array of `google_redis_instance` memory_size_gb - -`ports` -: an array of `google_redis_instance` port - -`redis_versions` -: an array of `google_redis_instance` redis_version - -`reserved_ip_ranges` -: an array of `google_redis_instance` reserved_ip_range - -`tiers` -: an array of `google_redis_instance` tier - -`regions` -: an array of `google_redis_instance` region - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder.md deleted file mode 100644 index df3925976d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_resourcemanager_folder resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_folder" - identifier = "inspec/resources/gcp/google_resourcemanager_folder.md google_resourcemanager_folder resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_folder` is used to test a Google Folder resource - -## Examples - -```ruby -describe.one do - google_resourcemanager_folders(parent: 'organizations/12345').names.each do |name| - describe google_resourcemanager_folder(name: name) do - it { should exist } - its('display_name') { should eq 'inspec-gcp-folder' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_folder` resource: - -`name` -: The resource name of the Folder. Its format is folders/{folder_id}, for example: "folders/1234". - -`lifecycle_state` -: The lifecycle state of the folder. Updates to the lifecycleState must be performed via folders.delete and folders.undelete. - - Possible values: - - - LIFECYCLE_STATE_UNSPECIFIED - - ACTIVE - - DELETE_REQUESTED - -`create_time` -: Time of creation - -`parent` -: The Folder’s parent's resource name. Updates to the folder's parent must be performed via folders.move. - -`display_name` -: The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder_iam_binding.md deleted file mode 100644 index 0ee7f75e67..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_resourcemanager_folder_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_folder_iam_binding" - identifier = "inspec/resources/gcp/google_resourcemanager_folder_iam_binding.md google_resourcemanager_folder_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_folder_iam_binding` is used to test a Google Folder Iam Bindings - -## Examples - -```ruby -describe google_resourcemanager_folder_iam_binding(name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_folder_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder_iam_policy.md deleted file mode 100644 index 1ef8634ce6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folder_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_resourcemanager_folder_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_folder_iam_policy" - identifier = "inspec/resources/gcp/google_resourcemanager_folder_iam_policy.md google_resourcemanager_folder_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_folder_iam_policy` is used to test a Google Folder Iam Policy resource - -## Examples - -```ruby -describe google_resourcemanager_folder_iam_policy(name: "name") do - it { should exist } -end - -google_resourcemanager_folder_iam_policy(name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_folder_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folders.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folders.md deleted file mode 100644 index ad2d474727..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_folders.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_resourcemanager_folders resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_folders" - identifier = "inspec/resources/gcp/google_resourcemanager_folders.md google_resourcemanager_folders resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_folders` is used to test a Google Folder resource - -## Examples - -```ruby -describe.one do - google_resourcemanager_folders(parent: 'organizations/12345').display_names.each do |display_name| - describe display_name do - it { should eq 'inspec-gcp-folder' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_folders` resource: - -See the [google_resourcemanager_folder](/inspec/resources/google_resourcemanager_folder/#properties) resource for more information. - -`names` -: an array of `google_resourcemanager_folder` name - -`lifecycle_states` -: an array of `google_resourcemanager_folder` lifecycle_state - -`create_times` -: an array of `google_resourcemanager_folder` create_time - -`parents` -: an array of `google_resourcemanager_folder` parent - -`display_names` -: an array of `google_resourcemanager_folder` display_name - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_organization_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_organization_policy.md deleted file mode 100644 index 9b0106036e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_organization_policy.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_resourcemanager_organization_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_organization_policy" - identifier = "inspec/resources/gcp/google_resourcemanager_organization_policy.md google_resourcemanager_organization_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_organization_policy` is used to test organization policy constraints. More information can be found here [Organization Policy Constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints) - -## Examples - -```ruby -describe google_resourcemanager_organization_policy(organization_name: "organizations/123456789", constraint: "constraints/compute.disableSerialPortAccess") do - it { should exist } - its('constraint') { should eq 'constraints/compute.disableSerialPortAccess' } - its('boolean_policy.enforced') { should be true } -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_organization_policy` resource: - -`version` -: The version of the policy. - -`constraint` -: The name of the constraint the policy is configuring. - -`update_time` -: The time stamp the policy was previously updated. - -`list_policy` -: List of values either allowed or disallowed - - `allowed_values` - : List of values allowed - - `denied_values` - : List of values denied - -`boolean_policy` -: Used to specify how a boolean policy will behave - - `enforced` - : If true then the policy is enforced. If false then any configuration is acceptable - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_project_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_project_iam_binding.md deleted file mode 100644 index 692e4569b0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_project_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_resourcemanager_project_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_project_iam_binding" - identifier = "inspec/resources/gcp/google_resourcemanager_project_iam_binding.md google_resourcemanager_project_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_project_iam_binding` is used to test a Google Project Iam Bindings - -## Examples - -```ruby -describe google_resourcemanager_project_iam_binding(project_id: "projectId", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_project_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_project_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_project_iam_policy.md deleted file mode 100644 index 4cd613bce3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_resourcemanager_project_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_resourcemanager_project_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_resourcemanager_project_iam_policy" - identifier = "inspec/resources/gcp/google_resourcemanager_project_iam_policy.md google_resourcemanager_project_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_resourcemanager_project_iam_policy` is used to test a Google Project Iam Policy resource - -## Examples - -```ruby -describe google_resourcemanager_project_iam_policy(project_id: "projectId") do - it { should exist } -end - -google_resourcemanager_project_iam_policy(project_id: "projectId").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_resourcemanager_project_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config.md deleted file mode 100644 index 6ad1a805d3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config.md +++ /dev/null @@ -1,43 +0,0 @@ -+++ -title = "google_runtime_config_config resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_runtime_config_config" - identifier = "inspec/resources/gcp/google_runtime_config_config.md google_runtime_config_config resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_runtime_config_config` is used to test a Google Config resource - -## Examples - -```ruby -describe google_runtime_config_config(project: 'chef-gcp-inspec', name: 'inspec-gcp-runtime-config') do - it { should exist } - its('description') { should cmp 'My runtime configurations' } -end - -describe google_runtime_config_config(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_runtime_config_config` resource: - -`description` -: The description to associate with the runtime config. - -`name` -: The name of the runtime config. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config_iam_binding.md deleted file mode 100644 index 570b94879d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_runtime_config_config_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_runtime_config_config_iam_binding" - identifier = "inspec/resources/gcp/google_runtime_config_config_iam_binding.md google_runtime_config_config_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_runtime_config_config_iam_binding` is used to test a Google Config Iam Bindings - -## Examples - -```ruby -describe google_runtime_config_config_iam_binding(project: "project", name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_runtime_config_config_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config_iam_policy.md deleted file mode 100644 index 9a47287380..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_config_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_runtime_config_config_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_runtime_config_config_iam_policy" - identifier = "inspec/resources/gcp/google_runtime_config_config_iam_policy.md google_runtime_config_config_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_runtime_config_config_iam_policy` is used to test a Google Config IAM Policy resource - -## Examples - -```ruby -describe google_runtime_config_config_iam_policy(project: "project", name: "name") do - it { should exist } -end - -google_runtime_config_config_iam_policy(project: "project", name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_runtime_config_config_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_configs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_configs.md deleted file mode 100644 index eaec1c6c78..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_configs.md +++ /dev/null @@ -1,45 +0,0 @@ -+++ -title = "google_runtime_config_configs resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_runtime_config_configs" - identifier = "inspec/resources/gcp/google_runtime_config_configs.md google_runtime_config_configs resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_runtime_config_configs` is used to test a Google Config resource - -## Examples - -```ruby -describe google_runtime_config_configs(project: 'chef-gcp-inspec') do - its('descriptions') { should include 'My runtime configurations' } -end -``` - -## Properties - -Properties that can be accessed from the `google_runtime_config_configs` resource: - -See the [google_runtime_config_config](/inspec/resources/google_runtime_config_config/#properties) resource for more information. - -`descriptions` -: an array of `google_runtime_config_config` description - -`names` -: an array of `google_runtime_config_config` name - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_variable.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_variable.md deleted file mode 100644 index 8f11ce5380..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_variable.md +++ /dev/null @@ -1,49 +0,0 @@ -+++ -title = "google_runtime_config_variable resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_runtime_config_variable" - identifier = "inspec/resources/gcp/google_runtime_config_variable.md google_runtime_config_variable resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_runtime_config_variable` is used to test a Google Variable resource - -## Examples - -```ruby -describe google_runtime_config_variable(project: 'chef-gcp-inspec', config: 'inspec-gcp-runtime-config', name: 'prod-variables/hostname') do - it { should exist } - its('text') { should cmp 'example.com' } -end - -describe google_runtime_config_variable(project: 'chef-gcp-inspec', config: 'inspec-gcp-runtime-config', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_runtime_config_variable` resource: - -`value` -: The binary value of the variable. Either this or `text` can be set. - -`text` -: The string value of the variable. Either this or `value` can be set. - -`name` -: The name of the variable resource. - -`config` -: The name of the runtime config that this variable belongs to. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_variables.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_variables.md deleted file mode 100644 index 1904336fdd..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_runtime_config_variables.md +++ /dev/null @@ -1,51 +0,0 @@ -+++ -title = "google_runtime_config_variables resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_runtime_config_variables" - identifier = "inspec/resources/gcp/google_runtime_config_variables.md google_runtime_config_variables resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_runtime_config_variables` is used to test a Google Variable resource - -## Examples - -```ruby -describe google_runtime_config_variables(project: 'chef-gcp-inspec', config: 'inspec-gcp-runtime-config') do - its('texts') { should include 'example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_runtime_config_variables` resource: - -See the [google_runtime_config_variable](/inspec/resources/google_runtime_config_variable/#properties) resource for more information. - -`values` -: an array of `google_runtime_config_variable` value - -`texts` -: an array of `google_runtime_config_variable` text - -`names` -: an array of `google_runtime_config_variable` name - -`configs` -: an array of `google_runtime_config_variable` config - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account.md deleted file mode 100644 index ea510a48dc..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "google_service_account resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_service_account" - identifier = "inspec/resources/gcp/google_service_account.md google_service_account resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_service_account` is used to test a Google ServiceAccount resource - -## Examples - -```ruby -describe google_service_account(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do - it { should exist } - its('display_name') { should cmp '' } -end - -describe google_service_account(project: 'chef-gcp-inspec', name: "nonexistent@project-id.iam.gserviceaccount.com") do - it { should_not exist } -end -``` - -### Test that a GCP project IAM service account has the expected unique identifier - -```ruby -describe google_service_account(project: 'sample-project', name: 'sample-account@sample-project.iam.gserviceaccount.com') do - its('unique_id') { should eq 12345678 } -end -``` - -### Test that a GCP project IAM service account has the expected oauth2 client identifier - -```ruby -describe google_service_account(project: 'sample-project', name: 'sample-account@sample-project.iam.gserviceaccount.com') do - its('oauth2_client_id') { should eq 12345678 } -end -``` - -### Test that a GCP project IAM service account does not have user managed keys - -```ruby -describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do - its('key_types') { should_not include 'USER_MANAGED' } -end -``` - -## Properties - -Properties that can be accessed from the `google_service_account` resource: - -`name` -: The name of the service account. - -`project_id` -: Id of the project that owns the service account. - -`unique_id` -: Unique and stable id of the service account - -`email` -: Email address of the service account. - -`display_name` -: User specified description of service account. - -`oauth2_client_id` -: OAuth2 client id for the service account. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account_key.md deleted file mode 100644 index 00364e1df2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account_key.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "google_service_account_key resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_service_account_key" - identifier = "inspec/resources/gcp/google_service_account_key.md google_service_account_key resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_service_account_key` is used to test a Google ServiceAccountKey resource - -## Examples - -```ruby -google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name| - describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do - it { should exist } - its('key_type') { should_not cmp 'USER_MANAGED' } - end -end -``` - -### Test that a GCP project IAM service account key has the expected key algorithm - - describe google_service_account_key(name: "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" ) do - its('key_algorithm') { should eq "KEY_ALG_RSA_2048" } - end - -## Properties - -Properties that can be accessed from the `google_service_account_key` resource: - -`name` -: The name of the key. - -`private_key_type` -: Output format for the service account key. - - Possible values: - - - TYPE_UNSPECIFIED - - TYPE_PKCS12_FILE - - TYPE_GOOGLE_CREDENTIALS_FILE - -`key_algorithm` -: Specifies the algorithm for the key. - - Possible values: - - - KEY_ALG_UNSPECIFIED - - KEY_ALG_RSA_1024 - - KEY_ALG_RSA_2048 - -`private_key_data` -: Private key data. Base-64 encoded. - -`public_key_data` -: Public key data. Base-64 encoded. - -`valid_after_time` -: Key can only be used after this time. - -`valid_before_time` -: Key can only be used before this time. - -`key_type` -: Specifies the type of the key. - - Possible values: - - - KEY_TYPE_UNSPECIFIED - - USER_MANAGED - - SYSTEM_MANAGED - -`service_account` -: The name of the serviceAccount. - -`path` -: The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account_keys.md deleted file mode 100644 index e1d110090e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_account_keys.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "google_service_account_keys resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_service_account_keys" - identifier = "inspec/resources/gcp/google_service_account_keys.md google_service_account_keys resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_service_account_keys` is used to test a Google ServiceAccountKey resource - -## Examples - -```ruby -describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do - its('count') { should be <= 1000 } - its('key_types') { should_not include 'USER_MANAGED' } -end -``` - -### Test that there are no more than a specified number of keys for the service account - - describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do - its('count') { should be <= 1000} - end - -### Test that a service account with expected name is available - - describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do - its('key_names'){ should include "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" } - end - -## Properties - -Properties that can be accessed from the `google_service_account_keys` resource: - -See the [google_service_account_key](/inspec/resources/google_service_account_key/#properties) resource for more information. - -`key_names` -: an array of `google_service_account_key` name - -`private_key_types` -: an array of `google_service_account_key` private_key_type - -`key_algorithms` -: an array of `google_service_account_key` key_algorithm - -`private_key_data` -: an array of `google_service_account_key` private_key_data - -`public_key_data` -: an array of `google_service_account_key` public_key_data - -`valid_after_times` -: an array of `google_service_account_key` valid_after_time - -`valid_before_times` -: an array of `google_service_account_key` valid_before_time - -`key_types` -: an array of `google_service_account_key` key_type - -`service_accounts` -: an array of `google_service_account_key` service_account - -`paths` -: an array of `google_service_account_key` path - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_accounts.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_accounts.md deleted file mode 100644 index 829035b9c1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_service_accounts.md +++ /dev/null @@ -1,90 +0,0 @@ -+++ -title = "google_service_accounts resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_service_accounts" - identifier = "inspec/resources/gcp/google_service_accounts.md google_service_accounts resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_service_accounts` is used to test a Google ServiceAccount resource - -## Examples - -```ruby -describe google_service_accounts(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do - its('service_account_emails') { should include "display-name@project-id.iam.gserviceaccount.com" } - its('count') { should be <= 1000 } -end -``` - -### Test that there are no more than a specified number of service accounts for the project - - describe google_service_accounts(project: 'chef-inspec-gcp') do - its('count') { should be <= 1000} - end - -### Test that an expected service account display name is available - - describe google_service_accounts(project: 'chef-inspec-gcp') do - its('service_account_display_names'){ should include "gcp_sa_name" } - end - -### Test that an expected service account unique identifier is available - - describe google_service_accounts(project: 'chef-inspec-gcp') do - its('service_account_ids'){ should include 12345678 } - end - -### Test that a service account with expected name is available - - describe google_service_accounts(project: 'dummy-project') do - its('service_account_names'){ should include "projects/dummy-project/serviceAccounts/dummy-acct@dummy-project.iam.gserviceaccount.com" } - end - -### Use filtering to retrieve a particular service account - - google_service_accounts(project: 'chef-inspec-gcp').where(service_account_display_names: /^dummyaccount/).service_account_names.each do |sa_name| - describe google_service_account(name: sa_name) do - it { should exist } - end - end - -## Properties - -Properties that can be accessed from the `google_service_accounts` resource: - -See the [google_service_account](/inspec/resources/google_service_account/#properties) resource for more information. - -`service_account_names` -: an array of `google_service_account` name - -`project_ids` -: an array of `google_service_account` project_id - -`service_account_ids` -: an array of `google_service_account` unique_id - -`service_account_emails` -: an array of `google_service_account` email - -`service_account_display_names` -: an array of `google_service_account` display_name - -`oauth2_client_ids` -: an array of `google_service_account` oauth2_client_id - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sourcerepo_repositories.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sourcerepo_repositories.md deleted file mode 100644 index ebe1af27c9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sourcerepo_repositories.md +++ /dev/null @@ -1,56 +0,0 @@ -+++ -title = "google_sourcerepo_repositories resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_sourcerepo_repositories" - identifier = "inspec/resources/gcp/google_sourcerepo_repositories.md google_sourcerepo_repositories resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_sourcerepo_repositories` is used to test a Google Repository resource - -## Examples - -```ruby -repo_name = 'inspec-gcp-repository' -describe.one do - google_sourcerepo_repositories(project: 'chef-gcp-inspec').names.each do |name| - describe name do - it { should match /\/repos\/#{repo_name}$/ } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_sourcerepo_repositories` resource: - -See the [google_sourcerepo_repository](/inspec/resources/google_sourcerepo_repository/#properties) resource for more information. - -`names` -: an array of `google_sourcerepo_repository` name - -`urls` -: an array of `google_sourcerepo_repository` url - -`sizes` -: an array of `google_sourcerepo_repository` size - -`pubsub_configs` -: an array of `google_sourcerepo_repository` pubsub_configs - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Source Repositories API](https://console.cloud.google.com/apis/library/sourcerepo.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sourcerepo_repository.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sourcerepo_repository.md deleted file mode 100644 index bce7b6fe00..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sourcerepo_repository.md +++ /dev/null @@ -1,48 +0,0 @@ -+++ -title = "google_sourcerepo_repository resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_sourcerepo_repository" - identifier = "inspec/resources/gcp/google_sourcerepo_repository.md google_sourcerepo_repository resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_sourcerepo_repository` is used to test a Google Repository resource - -## Examples - -```ruby -describe google_sourcerepo_repository(project: 'chef-gcp-inspec', name: 'inspec-gcp-repository') do - it { should exist } -end - -describe google_sourcerepo_repository(project: 'chef-gcp-inspec', name: 'nonexistent') do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_sourcerepo_repository` resource: - -`name` -: Resource name of the repository, of the form projects/{{project}}/repos/{{repo}}. The repo name may contain slashes. E.g., projects/myproject/repos/name/with/slash - -`url` -: URL to clone the repository from Google Cloud Source Repositories. - -`size` -: The disk usage of the repo, in bytes. - -`pubsub_configs` -: How this repository publishes a change in the repository through Cloud Pub/Sub. Keyed by the topic names. - -## GCP Permissions - -Ensure the [Cloud Source Repositories API](https://console.cloud.google.com/apis/library/sourcerepo.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_database.md deleted file mode 100644 index c574f67be3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_database.md +++ /dev/null @@ -1,40 +0,0 @@ -+++ -title = "google_spanner_database resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_spanner_database" - identifier = "inspec/resources/gcp/google_spanner_database.md google_spanner_database resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_spanner_database` is used to test a Google Database resource - -## Examples - -```ruby - -describe google_spanner_database(project: 'chef-gcp-inspec', instance: 'spinstance', name: 'spdatabase') do - it { should exist } - its('name') { should match 'spdatabase' } -end -``` - -## Properties - -Properties that can be accessed from the `google_spanner_database` resource: - -`name` -: A unique identifier for the database, which cannot be changed after the instance is created. Values are of the form [a-z][-a-z0-9]\*[a-z0-9]. - -`instance` -: The instance to create the database on. - -## GCP Permissions - -Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_databases.md deleted file mode 100644 index 476732e640..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_databases.md +++ /dev/null @@ -1,49 +0,0 @@ -+++ -title = "google_spanner_databases resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_spanner_databases" - identifier = "inspec/resources/gcp/google_spanner_databases.md google_spanner_databases resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_spanner_databases` is used to test a Google Database resource - -## Examples - -```ruby -describe.one do - google_spanner_databases(project: 'chef-gcp-inspec', instance: 'spinstance').names.each do |name| - describe name do - it { should match 'spdatabase' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_spanner_databases` resource: - -See the [google_spanner_database](/inspec/resources/google_spanner_database/#properties) resource for more information. - -`names` -: an array of `google_spanner_database` name - -`instances` -: an array of `google_spanner_database` instance - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance.md deleted file mode 100644 index 0e4650dbc9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance.md +++ /dev/null @@ -1,53 +0,0 @@ -+++ -title = "google_spanner_instance resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_spanner_instance" - identifier = "inspec/resources/gcp/google_spanner_instance.md google_spanner_instance resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_spanner_instance` is used to test a Google Instance resource - -## Examples - -```ruby - -describe google_spanner_instance(project: 'chef-gcp-inspec', name: 'spinstance', config: 'regional-us-east1') do - it { should exist } - its('config') { should match 'regional-us-east1' } - its('name') { should match 'spinstance' } - its('display_name') { should eq 'inspectest' } - its('node_count') { should eq '1' } - its('labels') { should include('env' => 'test') } -end -``` - -## Properties - -Properties that can be accessed from the `google_spanner_instance` resource: - -`name` -: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - -`config` -: The name of the instance's configuration (similar but not quite the same as a region) which defines defines the geographic placement and replication of your databases in this instance. It determines where your data is stored. Values are typically of the form `regional-europe-west1` , `us-central` etc. In order to obtain a valid list please consult the [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). - -`display_name` -: The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. - -`node_count` -: The number of nodes allocated to this instance. - -`labels` -: An object containing a list of `"key": "value"` pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - -## GCP Permissions - -Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance_iam_binding.md deleted file mode 100644 index 77455ec5ad..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_spanner_instance_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_spanner_instance_iam_binding" - identifier = "inspec/resources/gcp/google_spanner_instance_iam_binding.md google_spanner_instance_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_spanner_instance_iam_binding` is used to test a Google Instance Iam Bindings - -## Examples - -```ruby -describe google_spanner_instance_iam_binding(project: "project", name: "name", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_spanner_instance_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance_iam_policy.md deleted file mode 100644 index e572a82b41..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instance_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_spanner_instance_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_spanner_instance_iam_policy" - identifier = "inspec/resources/gcp/google_spanner_instance_iam_policy.md google_spanner_instance_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_spanner_instance_iam_policy` is used to test a Google Instance Iam Policy resource - -## Examples - -```ruby -describe google_spanner_instance_iam_policy(project: "project", name: "name") do - it { should exist } -end - -google_spanner_instance_iam_policy(project: "project", name: "name").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_spanner_instance_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - - `role` - : Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - - `members` - : Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - - `service` - : Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - - `audit_log_configs` - : The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instances.md deleted file mode 100644 index d165eb2220..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_spanner_instances.md +++ /dev/null @@ -1,59 +0,0 @@ -+++ -title = "google_spanner_instances resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_spanner_instances" - identifier = "inspec/resources/gcp/google_spanner_instances.md google_spanner_instances resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_spanner_instances` is used to test a Google Instance resource - -## Examples - -```ruby - -describe.one do - google_spanner_instances(project: 'chef-gcp-inspec', config: 'regional-us-east1').configs.each do |config| - describe config do - it { should match 'regional-us-east1' } - end - end -end -``` - -## Properties - -Properties that can be accessed from the `google_spanner_instances` resource: - -See the [google_spanner_instance](/inspec/resources/google_spanner_instance/#properties) resource for more information. - -`names` -: an array of `google_spanner_instance` name - -`configs` -: an array of `google_spanner_instance` config - -`display_names` -: an array of `google_spanner_instance` display_name - -`node_counts` -: an array of `google_spanner_instance` node_count - -`labels` -: an array of `google_spanner_instance` labels - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_database_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_database_instance.md deleted file mode 100644 index f66fa3116b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_database_instance.md +++ /dev/null @@ -1,258 +0,0 @@ -+++ -title = "google_sql_database_instance resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_sql_database_instance" - identifier = "inspec/resources/gcp/google_sql_database_instance.md google_sql_database_instance resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_sql_database_instance` is used to test a Google DatabaseInstance resource - -## Examples - -```ruby - -describe google_sql_database_instance(project: 'chef-gcp-inspec', database: 'my-database') do - it { should exist } - its('state') { should eq 'RUNNABLE' } - its('backend_type') { should eq 'SECOND_GEN' } - its('database_version') { should eq 'MYSQL_5_7' } -end -``` - -### Test that a GCP Cloud SQL Database instance is in the expected state - - describe google_sql_database_instance(project: 'chef-inspec-gcp', database: 'my-database') do - its('state') { should eq 'RUNNABLE' } - end - -### Test that a GCP Cloud SQL Database instance generation type - - describe google_sql_database_instance(project: 'chef-inspec-gcp', database: 'my-database') do - its('backend_type') { should eq "SECOND_GEN" } - end - -### Test that a GCP Cloud SQL Database instance connection name is as expected - - describe google_sql_database_instance(project: 'spaterson-project', database: 'gcp-inspec-db-instance') do - its('connection_name') { should eq "spaterson-project:europe-west2:gcp-inspec-db-instance" } - end - -### Confirm that a GCP Cloud SQL Database instance has the correct version - - describe google_sql_database_instance(project: 'spaterson-project', database: 'gcp-inspec-db-instance') do - its('database_version') { should eq "MYSQL_5_7" } - end - -### Confirm that a GCP Cloud SQL Database instance is running in the desired region and zone - - describe google_sql_database_instance(project: 'spaterson-project', database: 'gcp-inspec-db-instance') do - its('gce_zone') { should eq "europe-west2-a" } - its('region') { should eq "europe-west2" } - end - -## Properties - -Properties that can be accessed from the `google_sql_database_instance` resource: - -`backend_type` -: Possible values: - - FIRST_GEN: First Generation instance. MySQL only. - - SECOND_GEN: Second Generation instance or PostgreSQL instance. - - EXTERNAL: A database server that is not managed by Google. - -`connection_name` -: Connection name of the Cloud SQL instance used in connection strings. - -`database_version` -: The database engine type and version. For First Generation instances, can be MYSQL_5_5, or MYSQL_5_6. For Second Generation instances, can be MYSQL_5_6 or MYSQL_5_7. Defaults to MYSQL_5_6. PostgreSQL instances: POSTGRES_9_6 The databaseVersion property can not be changed after instance creation. - - Possible values: - - - MYSQL_5_5 - - MYSQL_5_6 - - MYSQL_5_7 - - POSTGRES_9_6 - - -`failover_replica` -: The name and status of the failover replica. This property is applicable only to Second Generation instances. - - `available` - : The availability status of the failover replica. A false status indicates that the failover replica is out of sync. The master can only failover to the failover replica when the status is true. - - `name` - : The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID. This property is applicable only to Second Generation instances. - -`instance_type` -: The instance type. This can be one of the following. _ CLOUD_SQL_INSTANCE: A Cloud SQL instance that is not replicating from a master. _ ON_PREMISES_INSTANCE: An instance running on the customer's premises. _ READ_REPLICA_INSTANCE: A Cloud SQL instance configured as a read-replica. - - Possible values: - - - CLOUD_SQL_INSTANCE - - ON_PREMISES_INSTANCE - - READ_REPLICA_INSTANCE - - -`ip_addresses` -: The assigned IP addresses for the instance. - - `ip_address` - : The IP address assigned. - - `time_to_retire` - : The due time for this IP to be retired in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. This field is only available when the IP is scheduled to be retired. - - `type` - : The type of this IP address. A PRIMARY address is an address that can accept incoming connections. An OUTGOING address is the source address of connections originating from the instance, if supported. - - Possible values: - - PRIMARY - - OUTGOING - -`ipv6_address` -: The IPv6 address assigned to the instance. This property is applicable only to First Generation instances. - -`master_instance_name` -: The name of the instance which will act as master in the replication setup. - -`max_disk_size` -: The maximum disk size of the instance in bytes. - -`name` -: Name of the Cloud SQL instance. This does not include the project ID. - -`region` -: The geographical region. Defaults to us-central or us-central1 depending on the instance type (First Generation or Second Generation/PostgreSQL). - -`replica_configuration` -: Configuration specific to failover replicas and read replicas. - - `failover_target` - : Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. In case the master instance fails, the replica instance will be promoted as the new master instance. Only one replica can be specified as failover target, and the replica has to be in different zone with the master instance. - - `mysql_replica_configuration` - : MySQL specific configuration when replicating from a MySQL on-premises master. Replication configuration information such as the username, password, certificates, and keys are not stored in the instance metadata. The configuration information is used only to set up the replication connection and is stored by MySQL in a file named master.info in the data directory. - - `ca_certificate` - : PEM representation of the trusted CA's x509 certificate. - - `client_certificate` - : PEM representation of the slave's x509 certificate - - `client_key` - : PEM representation of the slave's private key. The corresponding public key is encoded in the client's certificate. - - `connect_retry_interval` - : Seconds to wait between connect retries. MySQL's default is 60 seconds. - - `dump_file_path` - : Path to a SQL dump file in Google Cloud Storage from which the slave instance is to be created. The URI is in the form gs://bucketName/fileName. Compressed gzip files (.gz) are also supported. Dumps should have the binlog coordinates from which replication should begin. This can be accomplished by setting --master-data to 1 when using mysqldump. - - `master_heartbeat_period` - : Interval in milliseconds between replication heartbeats. - - `password` - : The password for the replication connection. - - `ssl_cipher` - : A list of permissible ciphers to use for SSL encryption. - - `username` - : The username for the replication connection. - - `verify_server_certificate` - : Whether or not to check the master's Common Name value in the certificate that it sends during the SSL handshake. - - `replica_names` - : The replicas of the instance. - - `service_account_email_address` - : The service account email address assigned to the instance. This property is applicable only to Second Generation instances. - -`settings` -: The user settings. - - `database_flags` - : The database flags passed to the instance at startup - - `name` - : The name of the flag. These flags are passed at instance startup, so include both server options and system variables for MySQL. Flags should be specified with underscores, not hyphens. - - `value` - : The value of the flag. Booleans should be set to on for true and off for false. This field must be omitted if the flag doesn't take a value. - - `ip_configuration` - : The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances. - - `ipv4_enabled` - : Whether the instance should be assigned an IP address or not. - - `authorized_networks` - : The list of external networks that are allowed to connect to the instance using the IP. In CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24). - - `expiration_time` - : The time when this access control entry expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. - - `name` - : An optional label to identify this entry. - - `value` - : The whitelisted value for the access control list. For example, to grant access to a client from an external IP (IPv4 or IPv6) address or subnet, use that address or subnet here. - - `require_ssl` - : Whether the mysqld should default to 'REQUIRE X509' for users connecting over IP. - - `tier` - : The tier or machine type for this instance, for example db-n1-standard-1. For MySQL instances, this field determines whether the instance is Second Generation (recommended) or First Generation. - - `availability_type` - : The availabilityType define if your postgres instance is run zonal or regional. - Possible values: - * ZONAL - * REGIONAL - - `backup_configuration` - : The daily backup configuration for the instance. - - `enabled` - : Enable Autobackup for your instance. - - `binary_log_enabled` - : Whether binary log is enabled. If backup configuration is disabled, binary log must be disabled as well. MySQL only. - - `start_time` - : Define the backup start time in UTC (HH:MM) - - `settings_version` - : The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value. - - `user_labels` - : User-provided labels, represented as a dictionary where each label is a single key value pair. - -`gce_zone` -: The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone. - -`state` -: The current serving state of the database instance. - - Possible values: - - - SQL_INSTANCE_STATE_UNSPECIFIED - - RUNNABLE - - SUSPENDED - - PENDING_DELETE - - PENDING_CREATE - - MAINTENANCE - - FAILED - -## GCP Permissions - -Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_database_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_database_instances.md deleted file mode 100644 index 507f3b9001..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_database_instances.md +++ /dev/null @@ -1,119 +0,0 @@ -+++ -title = "google_sql_database_instances resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_sql_database_instances" - identifier = "inspec/resources/gcp/google_sql_database_instances.md google_sql_database_instances resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_sql_database_instances` is used to test a Google DatabaseInstance resource - -## Examples - -```ruby - -describe google_sql_database_instances(project: 'chef-gcp-inspec') do - its('instance_states') { should include 'RUNNABLE' } - its('instance_names') { should include 'my-database' } -end -``` - -### Test that there are no more than a specified number of zones available for the project - - describe google_sql_database_instances(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} - end - -### Test that a database instance exists in the expected zone - - describe google_sql_database_instances(project: 'chef-inspec-gcp') do - its('instance_zones') { should include "us-east1-b" } - end - -### Test that a database instance exists in the expected region - - describe google_sql_database_instances(project: 'chef-inspec-gcp') do - its('instance_regions') { should include "us-east1" } - end - -### Confirm that at least one database instance is in "RUNNABLE" state - - describe google_sql_database_instances(project: 'chef-inspec-gcp') do - its('instance_states') { should include "RUNNABLE" } - end - -### Test that a subset of all database instances matching "_mysqldb_" are all version "MYSQL_5_7" - - google_sql_database_instances(project: 'chef-inspec-gcp').where(instance_name: /mysqldb/).instance_names.each do |instance_name| - describe google_sql_database_instance(project: 'chef-inspec-gcp', database: instance_name) do - it { should exist } - its('database_version') { should eq "MYSQL_5_7" } - end - end - -## Properties - -Properties that can be accessed from the `google_sql_database_instances` resource: - -See the [google_sql_database_instance](/inspec/resources/google_sql_database_instance/#properties) resource for more information. - -`backend_types` -: an array of `google_sql_database_instance` backend_type - -`connection_names` -: an array of `google_sql_database_instance` connection_name - -`instance_versions` -: an array of `google_sql_database_instance` database_version - -`failover_replicas` -: an array of `google_sql_database_instance` failover_replica - -`instance_types` -: an array of `google_sql_database_instance` instance_type - -`ip_addresses` -: an array of `google_sql_database_instance` ip_addresses - -`ipv6_addresses` -: an array of `google_sql_database_instance` ipv6_address - -`master_instance_names` -: an array of `google_sql_database_instance` master_instance_name - -`max_disk_sizes` -: an array of `google_sql_database_instance` max_disk_size - -`instance_names` -: an array of `google_sql_database_instance` name - -`instance_regions` -: an array of `google_sql_database_instance` region - -`replica_configurations` -: an array of `google_sql_database_instance` replica_configuration - -`settings` -: an array of `google_sql_database_instance` settings - -`instance_zones` -: an array of `google_sql_database_instance` gce_zone - -`instance_states` -: an array of `google_sql_database_instance` state - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_user.md deleted file mode 100644 index 039445c14f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_user.md +++ /dev/null @@ -1,51 +0,0 @@ -+++ -title = "google_sql_user resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_sql_user" - identifier = "inspec/resources/gcp/google_sql_user.md google_sql_user resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_sql_user` is used to test a Google User resource - -## Examples - -```ruby - -describe google_sql_user(project: 'chef-gcp-inspec', database: 'my-database', name: 'user-name', host: "example.com") do - it { should exist } - its('name') { should cmp 'user-name' } - its('instance') { should cmp 'my-database' } -end - -describe google_sql_user(project: 'chef-gcp-inspec', database: 'my-database', name: "nonexistent", host: "example.com") do - it { should_not exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_sql_user` resource: - -`host` -: The host name from which the user can connect. For insert operations, host defaults to an empty string. For update operations, host is specified as part of the request URL. The host name cannot be updated after insertion. - -`name` -: The name of the user in the Cloud SQL instance. - -`instance` -: The name of the Cloud SQL instance. This does not include the project ID. - -`password` -: The password for the user. - -## GCP Permissions - -Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_users.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_users.md deleted file mode 100644 index c80fe1fb86..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_sql_users.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "google_sql_users resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_sql_users" - identifier = "inspec/resources/gcp/google_sql_users.md google_sql_users resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_sql_users` is used to test a Google User resource - -## Examples - -```ruby - -describe google_sql_users(project: 'chef-gcp-inspec', database: 'my-database') do - its('user_names') { should include 'user-name' } -end -``` - -### Test that there are no more than a specified number of users available for the project - - describe google_sql_users(project: 'chef-inspec-gcp', database: 'database-instance') do - its('count') { should be <= 100} - end - -### Test that an expected user is available for the project - - describe google_sql_users(project: 'chef-inspec-gcp') do - its('user_names') { should include "us-east1-b" } - end - -### Test whether any users are in status "DOWN" - - describe google_sql_users(project: 'chef-inspec-gcp') do - its('user_statuses') { should_not include "DOWN" } - end - -### Test users exist for all database instances in a project - - google_sql_database_instances(project: 'chef-inspec-gcp').instance_names.each do |instance_name| - describe google_sql_users(project: 'chef-inspec-gcp', database: instance_name) do - it { should exist } - end - end - -## Properties - -Properties that can be accessed from the `google_sql_users` resource: - -See the [google_sql_user](/inspec/resources/google_sql_user/#properties) resource for more information. - -`user_hosts` -: an array of `google_sql_user` host - -`user_names` -: an array of `google_sql_user` name - -`user_instances` -: an array of `google_sql_user` instance - -`passwords` -: an array of `google_sql_user` password - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket.md deleted file mode 100644 index 0c3c09a00b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket.md +++ /dev/null @@ -1,315 +0,0 @@ -+++ -title = "google_storage_bucket resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket" - identifier = "inspec/resources/gcp/google_storage_bucket.md google_storage_bucket resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_bucket` is used to test a Google Bucket resource - -## Examples - -```ruby -describe google_storage_bucket(name: bucket-name) do - it { should exist } - its('location') { should cmp 'europe-west2'.upcase } - - its('storage_class') { should eq "STANDARD" } - its('labels') { should include("key" => "value") } - its('retention_policy.retention_period') { should cmp 1000 } -end - -describe google_storage_bucket(name: "nonexistent") do - it { should_not exist } -end -``` - -### Test that a GCP storage bucket is in the expected location - -```ruby -describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do - its('location') { should eq "EUROPE-WEST2" } -end -``` - -### Test that a GCP storage bucket has the expected project number - -```ruby -describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do - its('project_number') {should eq 12345678 } -end -``` - -### Test that a GCP storage bucket has the expected storage class - -```ruby -describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do - its('storage_class') { should eq 'STANDARD' } -end -``` - -## Properties - -Properties that can be accessed from the `google_storage_bucket` resource: - -`acl` -: Access controls on the bucket. - - `bucket` - : The name of the bucket. - - `domain` - : The domain associated with the entity. - - `email` - : The email address associated with the entity. - - `entity` - : The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. - - `entity_id` - : The ID for the entity - - `id` - : The ID of the access-control entry. - - `project_team` - : The project team associated with the entity - - `project_number` - : The project team associated with the entity - - `team` - : The team. - - Possible values: - - editors - - owners - - viewers - - `role` - : The access permission for the entity. - - Possible values: - - OWNER - - READER - - WRITER - -`cors` -: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - - `max_age_seconds` - : The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses. - - `method` - : The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method". - - `origin` - : The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin". - - `response_header` - : The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains. - -`default_event_based_hold` -: Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. - -`default_object_acl` -: Default access controls to apply to new objects when no ACL is provided. - - `bucket` - : The name of the bucket. - - `domain` - : The domain associated with the entity. - - `email` - : The email address associated with the entity. - - `entity` - : The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers - - `entity_id` - : The ID for the entity - - `generation` - : The content generation of the object, if applied to an object. - - `id` - : The ID of the access-control entry. - - `object` - : The name of the object, if applied to an object. - - `project_team` - : The project team associated with the entity - - `project_number` - : The project team associated with the entity - - `team` - : The team. - - Possible values: - - editors - - owners - - viewers - - `role` - : The access permission for the entity. - - Possible values: - - OWNER - - READER - -`id` -: The ID of the bucket. For buckets, the id and name properties are the same. - -`lifecycle` -: The bucket's lifecycle configuration. See https://developers.google.com/storage/docs/lifecycle for more information. - - `rule` - : A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken. - - `action` - : The action to take. - - `storage_class` - : Target storage class. Required iff the type of the action is SetStorageClass. - - `type` - : Type of the action. Currently, only Delete and SetStorageClass are supported. - - Possible values: - - Delete - - SetStorageClass - - `condition` - : The condition(s) under which the action will be taken. - - `age_days` - : Age of an object (in days). This condition is satisfied when an object reaches the specified age. - - `created_before` - : A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC. - - `is_live` - : Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects. - - `matches_storage_class` - : Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. - - `num_newer_versions` - : Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object. - -`location` -: The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list. - -`logging` -: The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs. - - `log_bucket` - : The destination bucket where the current bucket's logs should be placed. - - `log_object_prefix` - : A prefix for log object names. - -`metageneration` -: The metadata generation of this bucket. - -`name` -: The name of the bucket - -`owner` -: The owner of the bucket. This is always the project team's owner group. - - `entity` - : The entity, in the form project-owner-projectId. - - `entity_id` - : The ID for the entity. - -`project_number` -: The project number of the project the bucket belongs to. - -`storage_class` -: The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes. - - Possible values: - - - MULTI_REGIONAL - - REGIONAL - - STANDARD - - NEARLINE - - COLDLINE - - ARCHIVE - - DURABLE_REDUCED_AVAILABILITY - - -`time_created` -: The creation time of the bucket in RFC 3339 format. - -`updated` -: The modification time of the bucket in RFC 3339 format. - -`versioning` -: The bucket's versioning configuration. - - `enabled` - : While set to true, versioning is fully enabled for this bucket. - -`website` -: The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a website. See the Static Website Examples for more information. - - `main_page_suffix` - : If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages. - - `not_found_page` - : If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result. - -`labels` -: Labels applied to this bucket. A list of key->value pairs. - -`encryption` -: Encryption configuration for the bucket - - `default_kms_key_name` - : A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. - -`retention_policy` -: Retention policy for the bucket - - `effective_time` - : The time from which the retention policy was effective - - `is_locked` - : If the retention policy is locked. If true, the retention policy cannot be removed and the period cannot be reduced. - - `retention_period` - : The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or made noncurrent. - -`project` -: A valid API project identifier. - -`predefined_default_object_acl` -: Apply a predefined set of default object access controls to this bucket. Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access. - "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access. - "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access. - "private": Object owner gets OWNER access. - "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles. - "publicRead": Object owner gets OWNER access, and allUsers get READER access. - - Possible values: - - - authenticatedRead - - bucketOwnerFullControl - - bucketOwnerRead - - private - - projectPrivate - - publicRead - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_acl.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_acl.md deleted file mode 100644 index 4082d35fd9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_acl.md +++ /dev/null @@ -1,90 +0,0 @@ -+++ -title = "google_storage_bucket_acl resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket_acl" - identifier = "inspec/resources/gcp/google_storage_bucket_acl.md google_storage_bucket_acl resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_bucket_acl` is used to test a Google BucketACL resource - -## Examples - -```ruby -describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: user-email) do - it { should exist } - its('role') { should cmp "OWNER" } - - its('bucket') { should eq 'storage-bucket-name' } - its('email') { should include entity-email.com } -end - -describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: "allUsers") do - it { should_not exist } -end -``` - -### Test that a GCP storage bucket ACL exists - - describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do - it { should exist } - end - -### Test that a GCP storage bucket ACL has the expected role (READER, WRITER or OWNER) - - describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do - its('role') { should eq 'OWNER' } - end - -## Properties - -Properties that can be accessed from the `google_storage_bucket_acl` resource: - -`domain` -: The domain associated with the entity. - -`email` -: The email address associated with the entity. - -`entity` -: The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. - -`entity_id` -: The ID for the entity - -`id` -: The ID of the access-control entry. - -`project_team` -: The project team associated with the entity - - `project_number` - : The project team associated with the entity - - `team` - : The team. - - Possible values: - - editors - - owners - - viewers - -`role` -: The access permission for the entity. - - Possible values: - - - OWNER - - READER - - WRITER - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_binding.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_binding.md deleted file mode 100644 index 5471fded1a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_binding.md +++ /dev/null @@ -1,39 +0,0 @@ -+++ -title = "google_storage_bucket_iam_binding resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket_iam_binding" - identifier = "inspec/resources/gcp/google_storage_bucket_iam_binding.md google_storage_bucket_iam_binding resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_bucket_iam_binding` is used to test a Google Bucket Iam Bindings - -## Examples - -```ruby -describe google_storage_bucket_iam_binding(bucket: "bucket", role: "roles/editor") do - it { should exist } - its('members') { should include 'user:testuser@example.com' } -end -``` - -## Properties - -Properties that can be accessed from the `google_storage_bucket_iam_binding` resource: - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_bindings.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_bindings.md deleted file mode 100644 index c1d9294d9b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_bindings.md +++ /dev/null @@ -1,73 +0,0 @@ -+++ -title = "google_storage_bucket_iam_bindings resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket_iam_bindings" - identifier = "inspec/resources/gcp/google_storage_bucket_iam_bindings.md google_storage_bucket_iam_bindings resource" - parent = "inspec/resources/gcp" -+++ - -**This resource is deprecated. Please use `google_storage_bucket_iam_policy` instead** - -Use the `google_storage_bucket_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP storage bucket IAM bindings. - -## Syntax - -A `google_storage_bucket_iam_bindings` resource block collects GCP storage bucket IAM bindings then tests that group. - - describe google_storage_bucket_iam_bindings(bucket: 'bucket-buvsjjcndqz') do - it { should exist } - end - -Use this InSpec resource to enumerate roles then test in-depth using `google_project_iam_binding`. - - google_storage_bucket_iam_bindings(bucket: 'bucket-buvsjjcndqz').iam_binding_roles.each do |iam_binding_role| - describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: iam_binding_role) do - it { should exist } - its('members') {should include 'user:someuser@domain.com' } - end - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that there are no more than a specified number of IAM bindings roles available for the bucket - -```ruby -describe google_storage_bucket_iam_bindings(bucket: 'bucket-buvsjjcndqz') do - its('count') { should be <= 100} -end -``` - -### Test that an expected role is available for the bucket - -```ruby -describe google_storage_bucket_iam_bindings(bucket: 'bucket-buvsjjcndqz') do - its('iam_binding_roles') { should include "roles/storage.admin" } -end -``` - -### Test that a particular role does not exist using filtering of the plural resource - -```ruby -describe google_storage_bucket_iam_bindings(bucket: 'bucket-buvsjjcndqz').where(iam_binding_role: "roles/iam.securityReviewer") do - it { should_not exist } -end -``` - -## Filter Criteria - -This resource supports the following filter criteria: `iam_binding_role`. This may be used with `where`, as a block or as a method. - -## Properties - -- `iam_binding_roles` - an array of google_storage_bucket_iam_binding role strings e.g. `["roles/storage.admin", "roles/owner"]` - -## GCP Permissions - -Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_policy.md deleted file mode 100644 index 891a19bbee..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_iam_policy.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "google_storage_bucket_iam_policy resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket_iam_policy" - identifier = "inspec/resources/gcp/google_storage_bucket_iam_policy.md google_storage_bucket_iam_policy resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_bucket_iam_policy` is used to test a Google Bucket Iam Policy resource - -## Examples - -```ruby -describe google_storage_bucket_iam_policy(bucket: "bucket") do - it { should exist } -end - -google_storage_bucket_iam_policy(bucket: "bucket").bindings.each do |binding| - describe binding do - its('role') { should eq 'roles/editor'} - its('members') { should include 'user:testuser@example.com'} - end -end -``` - -## Properties - -Properties that can be accessed from the `google_storage_bucket_iam_policy` resource: - -`iam_binding_roles` -: The list of roles that exist on the policy. - -`bindings` -: Associates a list of members to a role. - -`role` -: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. - -`members` -: Specifies the identities requesting access for a Cloud Platform resource. - -`audit_configs` -: Specifies cloud audit logging configuration for this policy. - -`service` -: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. - -`audit_log_configs` -: The configuration for logging of each type of permission. - - `log_type` - : The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ - - `exempted_members` - : Specifies the identities that do not cause logging for this type of permission. - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_object.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_object.md deleted file mode 100644 index f94a9594c6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_object.md +++ /dev/null @@ -1,121 +0,0 @@ -+++ -title = "google_storage_bucket_object resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket_object" - identifier = "inspec/resources/gcp/google_storage_bucket_object.md google_storage_bucket_object resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_bucket_object` is used to test a Google BucketObject resource - -## Examples - -``` -describe google_storage_bucket_object(bucket: 'bucket-with-object', object: 'image1') do - it { should exist } - its('size.to_i') { should be > 0 } - - its('time_created') { should be > Time.now - 60*60*24*10 } - its('time_updated') { should be > Time.now - 60*60*24*10 } -end - -describe google_storage_bucket_object(bucket: 'bucket-with-object', object: "nonexistent") do - it { should_not exist } -end -``` - -### Test that a GCP compute zone exists - - describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do - it { should exist } - end - -### Test that a GCP storage bucket object has non-zero size - - describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do - its('size') { should be > 0 } - end - -### Test that a GCP storage bucket object has the expected content type - - describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do - its('content_type') { should eq "text/plain; charset=utf-8" } - end - -### Test that a GCP storage bucket object was created within a certain time period - - describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do - its('time_created_date') { should be > Time.now - 365*60*60*24*10 } - end - -### Test that a GCP storage bucket object was last updated within a certain time period - - describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do - its('time_updated') { should be > Time.now - 365*60*60*24*10 } - end - -## Properties - -Properties that can be accessed from the `google_storage_bucket_object` resource: - -`bucket` -: The name of the bucket. - -`object` -: The name of the object. - -`content_type` -: The Content-Type of the object data. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types for more information on possible Content-Types - -`crc32c` -: CRC32c checksum. - -`etag` -: The object entity tag. - -`generation` -: The content generation of this object. Used for object versioning. - -`id` -: The ID of the object, including the bucket name, object name, and generation number. - -`md5_hash` -: MD5 hash of the data; encoded using base64. - -`media_link` -: Media download link. - -`metageneration` -: The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object. - -`name` -: The name of the object. - -`size` -: Content-Length of the data in bytes. - -`storage_class` -: Storage class of the object. - -`time_created` -: The time this object was created. - -`time_deleted` -: The time this object was deleted. Returned if and only if this version of the object is no longer a live version, but remains in the bucket as a noncurrent version. - -`time_storage_class_updated` -: The time at which the object's storage class was last changed. - -`time_updated` -: The modification time of the object metadata. - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_objects.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_objects.md deleted file mode 100644 index d219fd43e7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_bucket_objects.md +++ /dev/null @@ -1,123 +0,0 @@ -+++ -title = "google_storage_bucket_objects resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_bucket_objects" - identifier = "inspec/resources/gcp/google_storage_bucket_objects.md google_storage_bucket_objects resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_bucket_objects` is used to test a Google BucketObject resource - -## Examples - -```ruby -describe google_storage_bucket_objects(bucket: 'bucket-with-object') do - its('object_names') { should include 'image1' } - its('count') { should be <= 10 } -end -``` - -### Test that there are no more than a specified number of storage buckets for the project - -```ruby -describe google_storage_bucket_objects(bucket: 'bucket-name') do - its('count') { should be <= 100 } -end -``` - -### Test that an expected named bucket is available - -```ruby -describe google_storage_bucket_objects(bucket: 'bucket-name') do - its('object_buckets'){ should include 'my_expected_bucket' } -end -``` - -### Test that an expected named bucket is available - -```ruby -describe google_storage_bucket_objects(bucket: 'bucket-name') do - its('object_names'){ should include 'my_expected_object' } -end -``` - -### Test a filtered group of bucket objects created within the last 24hrs - -```ruby -describe google_storage_bucket_objects(bucket: 'bucket-name').where(object_created_time > Time.now - 60*60*24) do - it { should exist } -end -``` - -## Properties - -Properties that can be accessed from the `google_storage_bucket_objects` resource: - -See the [google_storage_bucket_object](/inspec/resources/google_storage_bucket_object/#properties) resource for more information. - -`object_buckets` -: an array of `google_storage_bucket_object` bucket - -`objects` -: an array of `google_storage_bucket_object` object - -`content_types` -: an array of `google_storage_bucket_object` content_type - -`crc32cs` -: an array of `google_storage_bucket_object` crc32c - -`etags` -: an array of `google_storage_bucket_object` etag - -`generations` -: an array of `google_storage_bucket_object` generation - -`ids` -: an array of `google_storage_bucket_object` id - -`md5_hashes` -: an array of `google_storage_bucket_object` md5_hash - -`media_links` -: an array of `google_storage_bucket_object` media_link - -`metagenerations` -: an array of `google_storage_bucket_object` metageneration - -`object_names` -: an array of `google_storage_bucket_object` name - -`sizes` -: an array of `google_storage_bucket_object` size - -`storage_classes` -: an array of `google_storage_bucket_object` storage_class - -`object_created_times` -: an array of `google_storage_bucket_object` time_created - -`time_deleteds` -: an array of `google_storage_bucket_object` time_deleted - -`time_storage_class_updateds` -: an array of `google_storage_bucket_object` time_storage_class_updated - -`time_updateds` -: an array of `google_storage_bucket_object` time_updated - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_buckets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_buckets.md deleted file mode 100644 index 9d0d885b9d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_buckets.md +++ /dev/null @@ -1,132 +0,0 @@ -+++ -title = "google_storage_buckets resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_buckets" - identifier = "inspec/resources/gcp/google_storage_buckets.md google_storage_buckets resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_buckets` is used to test a Google Bucket resource - -## Examples - -```ruby -describe google_storage_buckets(project: 'chef-gcp-inspec') do - its('bucket_names') { should include bucket-name } -end -``` - -### Test that there are no more than a specified number of storage buckets for the project - -```ruby -describe google_storage_buckets(project: 'chef-inspec-gcp') do - its('count') { should be <= 100} -end -``` - -### Test that an expected named bucket is available - -```ruby -describe google_storage_buckets do - its('bucket_names'){ should include "my_expected_bucket" } -end -``` - -### Test that all buckets belong to the expected project number - -```ruby -google_storage_buckets(project: 'chef-inspec-gcp').bucket_names.each do |bucket_name| - describe google_storage_bucket(name: bucket_name) do - it { should exist } - its('project_number'){ should eq 1122334455 } - end -end -``` - -## Properties - -Properties that can be accessed from the `google_storage_buckets` resource: - -See the [google_storage_bucket](/inspec/resources/google_storage_bucket/#properties) resource for more information. - -`acls` -: an array of `google_storage_bucket` acl - -`cors` -: an array of `google_storage_bucket` cors - -`default_event_based_holds` -: an array of `google_storage_bucket` default_event_based_hold - -`default_object_acls` -: an array of `google_storage_bucket` default_object_acl - -`bucket_ids` -: an array of `google_storage_bucket` id - -`lifecycles` -: an array of `google_storage_bucket` lifecycle - -`bucket_locations` -: an array of `google_storage_bucket` location - -`loggings` -: an array of `google_storage_bucket` logging - -`metagenerations` -: an array of `google_storage_bucket` metageneration - -`bucket_names` -: an array of `google_storage_bucket` name - -`owners` -: an array of `google_storage_bucket` owner - -`bucket_project_numbers` -: an array of `google_storage_bucket` project_number - -`storage_classes` -: an array of `google_storage_bucket` storage_class - -`time_createds` -: an array of `google_storage_bucket` time_created - -`updateds` -: an array of `google_storage_bucket` updated - -`versionings` -: an array of `google_storage_bucket` versioning - -`websites` -: an array of `google_storage_bucket` website - -`labels` -: an array of `google_storage_bucket` labels - -`encryptions` -: an array of `google_storage_bucket` encryption - -`retention_policies` -: an array of `google_storage_bucket` retention_policy - -`projects` -: an array of `google_storage_bucket` project - -`predefined_default_object_acls` -: an array of `google_storage_bucket` predefined_default_object_acl - -## Filter Criteria - -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_default_object_acl.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_default_object_acl.md deleted file mode 100644 index 89f39556dc..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_default_object_acl.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "google_storage_default_object_acl resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_default_object_acl" - identifier = "inspec/resources/gcp/google_storage_default_object_acl.md google_storage_default_object_acl resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_default_object_acl` is used to test a Google DefaultObjectACL resource - -## Examples - -```ruby -describe google_storage_default_object_acl(bucket: 'gcp-inspec-storage-bucket', entity: user-email) do - it { should exist } - its('role') { should cmp "OWNER" } - - its('bucket') { should eq 'gcp-inspec-storage-bucket' } - its('email') { should include entity-email.com } -end - -describe google_storage_default_object_acl(bucket: 'gcp-inspec-storage-bucket', entity: "allUsers") do - it { should_not exist } -end -``` - -### Test that a GCP storage bucket ACL exists - - describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do - it { should exist } - end - -### Test that a GCP storage default object ACL has the expected role (READER, WRITER or OWNER) - - describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do - its('role') { should eq 'OWNER' } - end - -## Properties - -Properties that can be accessed from the `google_storage_default_object_acl` resource: - -`domain` -: The domain associated with the entity. - -`email` -: The email address associated with the entity. - -`entity` -: The entity holding the permission, in one of the following forms: _ user-{{userId}} _ user-{{email}} (such as "user-liz@example.com") _ group-{{groupId}} _ group-{{email}} (such as "group-example@googlegroups.com") _ domain-{{domain}} (such as "domain-example.com") _ project-team-{{projectId}} _ allUsers _ allAuthenticatedUsers - -`entity_id` -: The ID for the entity - -`generation` -: The content generation of the object, if applied to an object. - -`id` -: The ID of the access-control entry. - -`object` -: The name of the object, if applied to an object. - -`project_team` -: The project team associated with the entity - -`project_number` -: The project team associated with the entity - -`team` -: The team. - - Possible values: - - editors - - owners - - viewers - -`role` -: The access permission for the entity. - - Possible values: - - - OWNER - - READER - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_object_acl.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_object_acl.md deleted file mode 100644 index 72a9ce3137..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_storage_object_acl.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "google_storage_object_acl resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_storage_object_acl" - identifier = "inspec/resources/gcp/google_storage_object_acl.md google_storage_object_acl resource" - parent = "inspec/resources/gcp" -+++ - -## Syntax - -A `google_storage_object_acl` is used to test a Google ObjectACL resource - -## Examples - -``` -describe google_storage_object_acl(bucket: 'bucket-with-object', object: 'image1', entity: user-email) do - it { should exist } - its('role') { should cmp "OWNER" } - - its('bucket') { should eq 'bucket-with-object' } - its('email') { should include entity-email.com } -end - -describe google_storage_object_acl(bucket: 'bucket-with-object', object: 'image1', entity: "allUsers") do - it { should_not exist } -end -``` - -### Test that a GCP storage bucket ACL exists - - describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do - it { should exist } - end - -### Test that a GCP storage object ACL has the expected role (READER, WRITER or OWNER) - - describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do - its('role') { should eq 'OWNER' } - end - -## Properties - -Properties that can be accessed from the `google_storage_object_acl` resource: - -`domain` -: The domain associated with the entity. - -`email` -: The email address associated with the entity. - -`entity` -: The entity holding the permission, in one of the following forms: _ user-{{userId}} _ user-{{email}} (such as "user-liz@example.com") _ group-{{groupId}} _ group-{{email}} (such as "group-example@googlegroups.com") _ domain-{{domain}} (such as "domain-example.com") _ project-team-{{projectId}} _ allUsers _ allAuthenticatedUsers - -`entity_id` -: The ID for the entity - -`generation` -: The content generation of the object, if applied to an object. - -`id` -: The ID of the access-control entry. - -`object` -: The name of the object, if applied to an object. - -`project_team` -: The project team associated with the entity - -`project_number` -: The project team associated with the entity - -`team` -: The team. - - Possible values: - - editors - - owners - - viewers - -`role` -: The access permission for the entity. - - Possible values: - - - OWNER - - READER - -## GCP Permissions - -Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_user.md deleted file mode 100644 index 283d211f85..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_user.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "google_user resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_user" - identifier = "inspec/resources/gcp/google_user.md google_user resource" - parent = "inspec/resources/gcp" -+++ - -Use the `google_user` InSpec audit resource to test properties of a single GCP user. - -## Syntax - -A `google_user` resource block declares the tests for a single GCP user by principal email address or immutable ID. - - describe google_user(user_key: 'principal_email_address@domain.com') do - it { should exist } - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that a GCP user with specified ID exists - - describe google_user(user_key: '110491234567894702010') do - it { should exist } - end - -### Test that a GCP user has expected full name - - describe google_user(user_key: '110491234567894702010') do - its('name.full_name') { should eq "Bill S. Preston Esq." } - end - -### Test that a GCP user has MFA enabled - - describe google_user(user_key: 'theodore_ted_logan@excellentadventure.com') do - it { should have_mfa_enabled } - end - -### Test that a GCP user is suspended or not - - describe google_user(user_key: 'theodore_ted_logan@excellentadventure.com') do - it { should_not be_suspended } - end - -## Properties - -- `agreed_to_terms`, `archived`, `change_password_at_next_login`, `creation_time`, `customer_id`, `emails`, `etag`, `id`, `include_in_global_address_list`, `ip_whitelisted`, `is_admin`, `is_delegated_admin`, `is_enforced_in2_sv`, `is_enrolled_in2_sv`, `is_mailbox_setup`, `kind`, `last_login_time`, `name`, `non_editable_aliases`, `org_unit_path`, `primary_email`, `suspended` - -## GCP Permissions - -Ensure the G Suite Admin SDK [Directory API](https://developers.google.com/admin-sdk/directory/) is enabled and you have sufficient privileges to list users. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_users.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_users.md deleted file mode 100644 index afb18bf4bf..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/google_users.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "google_users resource" -draft = false -gh_repo = "inspec" -platform = "gcp" - -[menu] - [menu.inspec] - title = "google_users" - identifier = "inspec/resources/gcp/google_users.md google_users resource" - parent = "inspec/resources/gcp" -+++ - -Use the `google_users` InSpec audit resource to test properties of all, or a filtered group of, GCP users. - -## Syntax - -A `google_users` resource block collects GCP users for the specified customer. As documented [here](https://developers.google.com/admin-sdk/directory/v1/reference/users/list), this defaults to the `my_customer` alias to represent your account's `customerId`. - - describe google_users(customer: 'my_customer') do - it { should exist } - end - -The `domain` argument can optionally be provided to get fields from only one domain. Either the customer or the domain parameter must be provided. - - describe google_users(domain: 'my_domain.com') do - it { should exist } - end - -Use this InSpec resource to enumerate IDs then test in-depth using `google_user`. - - google_users(customer: 'my_customer').user_ids.each do |user_id| - describe google_user(user_key: user_id) do - it { should exist } - it { should_not be_suspended } - end - end - -## Examples - -The following examples show how to use this InSpec audit resource. - -### Test that there are no more than a specified number of users available for the project - - describe google_users(customer: 'my_customer') do - its('count') { should be <= 100} - end - -### Test that an expected user is available for the project - - describe google_users(customer: 'my_customer') do - its('user_names') { should include "Monsieur Happy" } - end - -### Test that a subset of all users with name matching "Batman" exists - - google_users(customer: 'my_customer').where(user_full_name: /Batman/).user_ids.each do |user_id| - describe google_user(user_key: user_id) do - it { should exist } - end - end - -## Filter Criteria - -This resource supports the following filter criteria: `user_id`; `user_full_name` and `user_email`. Any of these may be used with `where`, as a block or as a method. - -## Properties - -- `user_ids` - an array of google_user identifier integers -- `user_full_names` - an array of google_user full name strings -- `user_emails`- an array of google_user primary email address strings - -## GCP Permissions - -Ensure the G Suite Admin SDK [Directory API](https://developers.google.com/admin-sdk/directory/) is enabled and you have sufficient privileges to list users. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/group.md deleted file mode 100644 index 360757358d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/group.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "group resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "group" - identifier = "inspec/resources/os/group.md group resource" - parent = "inspec/resources/os" -+++ - -Use the `group` Chef InSpec audit resource to test a single group on the system. - -The `group` resource uses the following system groups: - -- On **non-Windows** systems, the group resource tests a local group defined in the`/etc/group` file. - -- On **Windows** systems, the group resource tests a local group defined by Local Users and Groups. - -## Availability - -### Install - -The Chef InSpec resource distributes this resource. - -### Version - -This resource is available from Chef Inspec 1.0.0. - -## Syntax - -A `group` resource block declares a group and the details to be tested, such as if the group is a local group, the group identifier, or if the group exists. - -```ruby - describe group('group_name') do - it { should exist } - its('gid') { should eq 0 } - end -``` - -> where -> -> - `group_name` must specify the group's name to be tested on the system. -> - `exist` and `gid` are valid matchers for this resource. - -## Properties - -### gid - -The `gid` property returns the named group identifier. - -```ruby - its('gid') { should eq 1234 } -``` - -### members - -The `members` property returns the members that belong to the group. - -```ruby - its('members') { should include 'root' } -``` - -> where `members` returns: -> -> - an array of group members for **Windows Platform**. -> -> For example, ["member1", "member2"] -> -> - a CSV formatted string of group members for **Non-Windows Platforms**. -> -> For example, `"member1,member2"` - -### members_array - -The `members_array` property returns the members that belong to a group like the `members` property, however the value returned by this property is always an array of group members. - -```ruby - its('members_array') { should include 'root' } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the group identifier for the root group - -```ruby - describe group('root') do - it { should exist } - its('gid') { should eq 0 } - end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_local - -The `be_local` matcher tests if the group is a local group. - -```ruby - it { should be_local } -``` - -### exist - -The `exist` matcher tests if the named group exists. - -```ruby - it { should exist } -``` - -### have_gid - -The `have_gid` matcher tests if the named group has the given gid. - -```ruby - it { should have_gid 0 } -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/groups.md deleted file mode 100644 index f0ff78dc7d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/groups.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "groups resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "groups" - identifier = "inspec/resources/os/groups.md groups resource" - parent = "inspec/resources/os" -+++ - -Use the `groups` Chef InSpec audit resource to test multiple groups on the system. - -The `groups` resource uses the following system groups: - -- On **non-Windows** systems the group resource tests local groups defined in the`/etc/group` file. - -- On **Windows** systems the group resource tests local groups defined by Local Users and Groups. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `groups` resource block uses `where` to filter entries from the systems groups. If `where` is omitted, all entries are selected. - - describe groups do - its('names') { should eq ['wheel', 'daemon', 'sys', 'adm'] } - its('names') { should include 'wheel' } - end - - describe groups.where { members =~ /root/ } do - its('names') { should eq ['wheel', 'daemon', 'sys', 'adm'] } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the group identifier for the wheel group - - describe groups.where { name == 'wheel' } do - it { should exist } - its('members') { should include 'root' } - end - -## Properties - -### gids - -The `gids` property tests the named group identifier: - - its('gids') { should eq 1234 } - -### names - -The `names` property tests the name field on a Windows group: - -its('names') { should include 'Power Users' } - -### domains - -The `domains` property tests the domain on a Windows group: - -its('domains') { should include 'WIN-CIV7VMLVHLD' } - -### members - -The `members` property tests the members that belong to a group: - - its('members') { should include 'root' } - its('members') { should include 'Administrator' } - -where `members` returns: - -- an array of group members for **Windows Platform**. - - Example: `["member1", "member2"]` - -- a single element array that contains a CSV string of group members for **Non-Windows Platforms**. - - Example: `["member1,member2"]` - -### members_array - -The `members_array` property tests the group members just like the `members` property, -but the value returned by this property is always an array of group members. - - its('members_array') { should include 'root' } - its('members_array') { should include 'Administrator' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the named user exists: - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/grub_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/grub_conf.md deleted file mode 100644 index 0bcd5c78d9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/grub_conf.md +++ /dev/null @@ -1,111 +0,0 @@ -+++ -title = "grub_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "grub_conf" - identifier = "inspec/resources/os/grub_conf.md grub_conf resource" - parent = "inspec/resources/os" -+++ - -Grub is a boot loader on the Linux platform used to load and then transfer control to an operating system kernel, after which that kernel initializes the rest of the operating system. Use the `grub_conf` Chef InSpec audit resource to test boot loader configuration settings that are defined in the `grub.conf` configuration file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `grub_conf` resource block declares a list of settings in a `grub.conf` file: - - describe grub_conf('path', 'kernel') do - its('setting') { should eq 'value' } - end - -or: - - describe grub_conf('path') do - its('default') { should eq '0' } # - its('setting') { should eq 'value' } - end - -where - -- `'service_name'` is a service listed in the `grub.conf` file -- `'path'` is the path to the `grub.conf` file -- `'kernel'` specifies the default kernel (by using `'default'`) or a specific kernel; `'default'` defines the position in the list of kernels at which the default kernel is defined, i.e. `should eq '0'` for the first kernel listed or `'path', 'default'` to use the default kernel as specified in the `grub.conf` file -- `'value'` is the value that is expected - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a grub.conf file - -A Grub configuration file located at `/etc/grub.conf` is similar to the following: - - # grub.conf generated by anaconda - # - # Note: You do not need to rerun grub after making changes to this file - # NOTICE: You have a /boot partition. This means that - # all kernel and initrd paths are relative to /boot/, eg. - # root (hd0,0) - # kernel /vmlinuz-version ro root=/dev/hda6 - # initrd /initrd-version.img - #boot=/dev/hda - default=0 - timeout=10 - splashimage=(hd0,0)/grub/splash.xpm.gz - title Red Hat Enterprise Linux ES (2.6.32-573.7.1.el6.x86_64) - root (hd0,0) - kernel /vmlinuz-2.6.32-573.7.1.el6.x86_64 ro root=/dev/hda6 - initrd /initrd-2.6.32-573.7.1.el6.x86_64.img - title Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64) - root (hd0,0) - kernel /vmlinuz-2.6.32-358.14.1.el6.x86_64 ro root=/dev/hda6 ramdisk_size=400000 - initrd /initrd-2.6.32-358.14.1.el6.x86_64.img - -This file defines two versions of RedHat Enterprise Linux, with version `2.6.32-573.7.1.el6.x86_64` specified as the default. - -The following test verifies the kernel, ensures that kernel is the default kernel, its initial RAM disk (`initrd`), and the timeout: - - describe grub_conf('/etc/grub.conf', 'default') do - its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' } - its('initrd') { should include '/initrd-2.6.32-573.7.1.el6.x86_64.img' } - its('default') { should_not eq '1' } - its('timeout') { should eq '10' } - end - -The following test verifies the `ramdisk_size` for the non-default kernel: - - describe grub_conf('/etc/grub.conf', 'Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)') do - its('kernel') { should include 'ramdisk_size=400000' } - end - -### Test a configuration file and boot configuration - - describe grub_conf('/etc/grub.conf', 'default') do - its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' } - its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' } - its('default') { should_not eq '1' } - its('timeout') { should eq '5' } - end - -### Test a specific kernel - - grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do - its('kernel') { should include 'audit=1' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/host.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/host.md deleted file mode 100644 index 1c969771a3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/host.md +++ /dev/null @@ -1,136 +0,0 @@ -+++ -title = "host resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "host" - identifier = "inspec/resources/os/host.md host resource" - parent = "inspec/resources/os" -+++ - -Use the `host` Chef InSpec audit resource to test the specific host name and its availability. This test includes the internet protocols and ports on which the respective host name must be available. - -## Availability - -### Install - -The Chef InSpec distributes this resource. - -### Version - -This resource is available from InSpec version 1.0. - -## Syntax - -A `host` resource block declares a host name, a port, and a protocol. - - describe host('example.com', port: 80, protocol: 'tcp') do - it { should be_reachable } - it { should be_resolvable } - its('ipaddress') { should include '12.34.56.78' } - end - -> where -> -> - `host()` must specify a host name. The port number and protocol are optional values. -> - `example.com` is the host name. -> - `port` is the port number. -> - `protocol` is the internet protocol, TCP (`protocol: 'tcp'`), UDP (`protocol: 'udp'`), and ICMP (`protocol: 'icmp'`) - -## Properties - -### ipaddress - -The `ipaddress` property returns the IP addresses of the host. - - its('ipaddress') { should include '93.184.216.34' } - -### ipv4_address - -The `ipv4_address` property returns the IPv4 address of the host. - - its('ipv4_address') { should include '93.184.216.34' } - -### ipv6_address - -The `ipv6_address` property returns the IPv6 addresses of the host. - - its('ipv6_address') { should include '2404:6800:4009:82a::200e' } - -### connection - -The `connection` property returns the connection string. - - its('connection') { should match /connection refused/ } - -### protocol - -The `protocol` property returns the protocol the specified host uses. - - its('protocol') { should eq 'TCP' } - -### socket property returns the socket value of the specified host - - its('socket') { should match /STATUS_OK/ } - -## Matchers - -This Chef InSpec audit resource has the following special matchers. {{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_reachable - -The `be_reachable` matcher tests if the host name is available. - - it { should be_reachable } - -### be_resolvable - -The `be_resolvable` matcher tests for host name resolution. For example, "resolvable to an IP address". - - it { should be_resolvable } - -## Examples - -### Verify host name is resolvable to a specific IP address - - describe host('example.com') do - its('ipaddress') { should include '93.184.216.34' } - end - -### Verify host name is resolvable to a specific IPv4 address - - describe host('example.com') do - its('ipv4_address') { should include '93.184.216.34' } - end - -### Verify host name is resolvable to a specific IPv6 address - - describe host('example.com') do - its('ipv6_address') { should include '2404:6800:4009:82a::200e' } - end - -### Verify a specific IP address can be resolved - - describe host('example.com') do - it { should be_resolvable } - its('ipaddress') { should include '93.184.216.34' } - end - -### Verify host name is reachable over a specific protocol and port number - - describe host('example.com', port: 80, protocol: 'tcp') do - it { should be_reachable } - end - -### Review the connection setup and socket contents when checking reachability - - describe host('example.com', port: 12345, protocol: 'tcp') do - it { should be_reachable } - its('connection') { should_not match /connection refused/ } - its('socket') { should match /STATUS_OK/ } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/http.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/http.md deleted file mode 100644 index d11d869459..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/http.md +++ /dev/null @@ -1,274 +0,0 @@ -+++ -title = "http resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "http" - identifier = "inspec/resources/os/http.md http resource" - parent = "inspec/resources/os" -+++ - -Use the `http` Chef InSpec audit resource to test an http endpoint. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.10.0 of InSpec. - -## Syntax - -An `http` resource block declares the configuration settings to be tested: - - describe http('url', auth: {user: 'user', pass: 'test'}, params: {params}, method: 'method', headers: {headers}, data: data, open_timeout: 60, read_timeout: 60, ssl_verify: true, max_redirects: 3) do - its('status') { should eq number } - its('body') { should eq 'body' } - its('headers.name') { should eq 'header' } - end - -where - -- `('url')` is the url to test -- `auth: { user: 'user', pass: 'test' }` may be specified for basic auth request -- `{params}` may be specified for http request parameters -- `'method'` may be specified for http request method (default to 'GET') -- `{headers}` may be specified for http request headers -- `data` may be specified for http request body -- `open_timeout` may be specified for a timeout for opening connections (default to 60) -- `read_timeout` may be specified for a timeout for reading connections (default to 60) -- `ssl_verify` may be specified to enable or disable verification of SSL certificates (default to `true`) -- `max_redirects` may be specified to control how many HTTP Redirects to follow (defaults to `0`) - -## Example - -The following examples show how to use this Chef InSpec audit resource. An `http` resource block declares the configuration settings to be tested: - -### Simple http test - -For example, a service is listening on default http port can be tested like this: - - describe http('http://localhost') do - its('status') { should cmp 200 } - end - -### Complex http test - - describe http('http://localhost:8080/ping', - auth: {user: 'user', pass: 'test'}, - params: {format: 'html'}, - method: 'POST', - headers: {'Content-Type' => 'application/json'}, - data: { a":"1", "b":"five" } ) do - its('status') { should cmp 200 } - its('body') { should cmp 'pong' } - its('headers.Content-Type') { should cmp 'text/html' } - end - -## Local vs. Remote - -Beginning with Chef InSpec 1.41, you can enable the ability to have the HTTP test execute on the remote target: - -## Parameters - -## Parameter Examples - -### url - -`('url')` is the url to test. - - describe http('http://localhost:8080/ping') do - ... - end - -### auth - -`auth: { user: 'user', pass: 'test' }` may be specified for basic auth request. - - describe http('http://localhost:8080/ping', - auth: {user: 'user', pass: 'test'}) do - ... - end - -### params - -`{params}` may be specified for http request parameters. - - describe http('http://localhost:8080/ping', - params: {format: 'html'}) do - ... - end - -### method - -`'method'` may be specified for http request method (default to 'GET'). - - describe http('http://localhost:8080/ping', - method: 'POST') do - ... - end - -### headers - -`{headers}` may be specified for http request headers. - - describe http('http://localhost:8080/ping', - headers: {'Content-Type' => 'application/json'}) do - ... - end - -### data - -`data` may be specified for http request body. When working with remote Windows target use single quotes around data that you are passing for e.g. `data: '{ "a" : "1", "b" : "five" }'` - - describe http('http://localhost:8080/ping', - data: { "a":"1", "b":"five" } ) do - ... - end - -### open_timeout - -`open_timeout` may be specified for a timeout for opening connections (default to 60). - - describe http('http://localhost:8080/ping', - open_timeout: '90') do - ... - end - -### read_timeout - -`read_timeout` may be specified for a timeout for reading connections (default to 60). - - describe http('http://localhost:8080/ping', - read_timeout: '90') do - ... - end - -### ssl_verify - -`ssl_verify` may be specified to enable or disable verification of SSL certificates (default to `true`). - - describe http('http://localhost:8080/ping', - ssl_verify: true) do - ... - end - -### max_redirects - -`max_redirects` may be specified to control how many HTTP Redirects to follow (default to 0). - - describe http('http://localhost:8080/ping', - max_redirects: 3) do - ... - end - -### proxy - -Specify a `proxy` to test by passing in the proxy URI or a hash of the proxy URI, a username, and password. Specify `disable` to ignore a proxy set as an environment variable. - -You can include the username and password in the `proxy` parameter: - - describe http('http://localhost:8080/ping', proxy: "http://username:password@www.example.com:3128") do - ... - end - -The `proxy` parameter also accepts proxy options in hash format: - - describe http('http://localhost:8080/ping', proxy: { uri: 'http://www.example.com:3128', user: 'username', password: 'proxy-password'}) do - ... - end - -Use `disable` to ignore the proxy set in the environment variable: - - describe http('http://localhost:8080/ping', proxy: 'disable') do - ... - end - -{{< note >}} - -Windows remote targets do not accept username and password values in a string; use the hash format instead. - -{{< /note >}} - -{{< note >}} - -Special characters in the URI must be converted to their UTF-8 equivalent when passed in to the `proxy` parameter as a string. For example, the string `http://username:bar@123@www.example.com:3128` must be passed in as `http://username:bar%40123@www.example.com:3128` instead. - -Special characters may be passed into the hash format without conversion to UTF-8 characters. - -{{< /note >}} - -## Properties - -### body - -The `body` property tests body content of http response: - - its('body') { should eq 'hello\n' } - -### headers - -The `headers` property returns an hash of all http headers: - - its('headers') { should eq {} } - -Individual headers can be tested via: - - its('headers.Content-Type') { should cmp 'text/html' } - -### http_method - -The `http_method` property returns the http method of the http request. - - its('http_method') { should eq 'GET'} - -### status - -The `status` property tests status of the http response: - - its('status') { should eq 200 } - -## Example - -The following examples show how to use this Chef InSpec audit resource. An `http` resource block declares the configuration settings to be tested: - -### Simple http test - -For example, a service is listening on default http port can be tested like this: - - describe http('http://localhost') do - its('status') { should cmp 200 } - end - -### Complex http test - - describe http('http://localhost:8080/ping', - auth: {user: 'user', pass: 'test'}, - params: {format: 'html'}, - method: 'POST', - headers: {'Content-Type' => 'application/json'}, - data: '{"data":{"a":"1","b":"five"}}') do - its('status') { should cmp 200 } - its('body') { should cmp 'pong' } - its('headers.Content-Type') { should cmp 'text/html' } - end - -## Local vs. Remote - -Beginning with Chef InSpec 1.41, you can enable the ability to have the HTTP test execute on the remote target: - - describe http('http://www.example.com', enable_remote_worker: true) do - its('body') { should cmp 'awesome' } - end - -In Chef InSpec 2.0, the HTTP test will automatically execute remotely whenever Chef InSpec is testing a remote node. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ibmdb2_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ibmdb2_conf.md deleted file mode 100644 index 1ad341acd4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ibmdb2_conf.md +++ /dev/null @@ -1,58 +0,0 @@ -+++ -title = "ibmdb2_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "ibmdb2_conf" - identifier = "inspec/resources/os/ibmdb2_conf.md ibmdb2_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `ibmdb2_conf` Chef InSpec audit resource to test the configuration settings. Make sure you are using the IBM Db2 database instance user credentials to run the InSpec test. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `ibmdb2_conf` resource block declares db2_executable_file_path, db_instance to connect and then runs command to get the configuration values and compares it to the value stated in the test: - - describe ibmdb2_conf(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1") do - its("output") { should_not be_empty } - its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0")} - end - -Windows - - describe ibmdb2_conf do - its("output") { should_not be_empty } - its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0")} - end - -where - -- `ibmdb2_session` declares a db2_executable_file_path, db_instance and db_name to connect. -- `db2_executable_file_path` is the path of the db2 binary file. For Windows this is not required. -- `db_instance` is the name of the database instance. For Windows this is not required. -- `its("output") { should include("expected_settings")}` compares the results of the output against the expected result in the test. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the audit buffer size configuration settings of IBM Db2 database - - describe ibmdb2_conf(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1") do - its("output") { should_not be_empty } - its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 1000")} - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ibmdb2_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ibmdb2_session.md deleted file mode 100644 index 4f97b2f74e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ibmdb2_session.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "ibmdb2_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "ibmdb2_session" - identifier = "inspec/resources/os/ibmdb2_session.md ibmdb2_session resource" - parent = "inspec/resources/os" -+++ - -Use the `ibmdb2_session` Chef InSpec audit resource to test SQL commands run against an IBM Db2 database. -Make sure you are using the IBM Db2 database instance user credentials to run the InSpec test. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `ibmdb2_session` resource block declares the db2_executable_file_path, db_instance and db_name to use for the session, and then the query to be run: - - describe ibmdb2_session(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample").query("select rolename from syscat.roleauth") do - its("output") { should match(/SYSTS_MGR/) } - end - -Windows - - describe ibmdb2_session(db_name: "sample").query("select rolename from syscat.roleauth") do - its("output") { should match(/SYSTS_MGR/) } - end - -where - -- `ibmdb2_session` declares a db2_executable_file_path, db_instance and db_name to connect. -- `db2_executable_file_path` is the path of the db2 binary file. For Windows this is not required. -- `db_instance` is the name of the database instance. For Windows this is not required. -- `db_name` is the name of the database to query on. -- `query('QUERY')` contains the query to be run. -- `its('output') { should eq(/expected-result/) }` compares the results of the query against the expected result in the test. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for matching role name - - describe ibmdb2_session(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample").query("select rolename from syscat.roleauth") do - its("output") { should match(/SYSTS_MGR/) } - end - -### Test for matching database - - describe ibmdb2_session(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample").query("list database directory") do - its("output") { should match(/SAMPLE/) } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iis_app.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iis_app.md deleted file mode 100644 index c519a3af8d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iis_app.md +++ /dev/null @@ -1,157 +0,0 @@ -+++ -title = "iis_app resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "iis_app" - identifier = "inspec/resources/os/iis_app.md iis_app resource" - parent = "inspec/resources/os" -+++ - -Use the `iis_app` Chef InSpec audit resource to test the state of IIS on Windows Server 2012 (and later). - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.28.0 of InSpec. - -## Syntax - -An `iis_app` resource block declares details about the named site: - - describe iis_app('application_path', 'site_name') do - it { should exist } - it { should have_application_pool('application_pool') } - it { should have_protocol('protocol') } - it { should have_site_name('site') } - it { should have_physical_path('physical_path') } - it { should have_path('application_path') } - end - -where - -- `'application_path'` is the path to the application, such as `'/myapp'` -- `have_application_pool`, `have_protocol`, `have_site_name`, `have_physical_path` and `have_path` are the different [matchers](#matchers) for this resource. - -For example: - - describe iis_app('/myapp', 'Default Web Site') do - it { should exist } - it { should have_application_pool('MyAppPool') } - it { should have_protocol('http') } - it { should have_site_name('Default Web Site') } - it { should have_physical_path('C:\\inetpub\\wwwroot\\myapp') } - it { should have_path('\\My Application') } - end - -## Properties - -### application pool - -`application_pool` property returns the name of the application pool in which the site's root application is run, such as `DefaultAppPool`. - - its('application_pool') { should eq 'root' } - -### path - -`path` property returns the path to the application. - - its('path') { should eq '\my_app' } - -### physical_path - -`physical_path` property returns the physical path of the application, such as `'C:\\inetpub\\wwwroot\\myapp'`. - - its('physical_path') { should eq 'C:\\inetpub\\wwwroot\\myapp' } - -### protocols - -`protocols` property returns an array of protocols i.e. the binding for the site, such as `'http'`. A site may have multiple bindings. - - its('protocols') { should include 'http' } - -### site_name - -`site_name` property returns the name of the site, such as `'Default Web Site'` - - its('site_name') { should eq 'Default Web Site' } - - -## Examples - -### Test a default IIS web application - - describe iis_app('Default Web Site') do - it { should exist } - it { should be_running } - it { should have_app_pool('DefaultAppPool') } - it { should have_binding('http *:80:') } - it { should have_path('%SystemDrive%\\inetpub\\wwwroot') } - end - -### Test if IIS service is running - - describe service('W3SVC') do - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the site exists: - - it { should exist } - -### have_application_pool - -The `have_application_pool` matcher tests if the named application pool exists for the web application: - - it { should have_application_pool('DefaultAppPool') } - -### have_protocol - -The `have_protocol` matcher tests if the specified protocol exists for the web application: - - it { should have_protocol('http') } - -or: - - it { should have_protocol('https') } - -A web application may have multiple bindings; use a `have_protocol` matcher for each unique web application binding to be tested. - -##### Protocol Attributes - -The `have_protocol` matcher can also test attributes that are defined for a web application enabledProtocols. - - it { should have_protocol('http') } - -For example, testing a site that doesn't have https enabled: - - it { should_not have_protocol('https') } - it { should have_protocol('http') } - -Testing a web application with https enabled and http enabled: - - it { should have_protocol('https') } - it { should have_protocol('http') } - -### have_physical_path - -The `have_physical_path` matcher tests if the named path is defined for the web application: - - it { should have_physical_path('C:\\inetpub\\wwwroot') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iis_site.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iis_site.md deleted file mode 100644 index 9e12ef351d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iis_site.md +++ /dev/null @@ -1,145 +0,0 @@ -+++ -title = "iis_site resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "iis_site" - identifier = "inspec/resources/os/iis_site.md iis_site resource" - parent = "inspec/resources/os" -+++ - -Use the `iis_site` Chef InSpec audit resource to test the state of IIS on Windows Server 2012 (and later). - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `iis_site` resource block declares details about the named site: - - describe iis_site('site_name') do - it { should exist } - it { should be_running } - it { should have_app_pool('app_pool_name') } - it { should have_binding('binding_details') } - it { should have_path('path_to_site') } - end - -where - -- `'site_name'` is the name of the site, such as `'Default Web Site'` -- `('app_pool_name')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'` -- `('binding_details')` is a binding for the site, such as `'net.pipe *'`. A site may have multiple bindings; therefore, use a `have_binding` matcher for each site binding to be tested -- `('path_to_site')` is the path to the site, such as `'C:\\inetpub\\wwwroot'` - -For example: - - describe iis_site('Default Web Site') do - it { should exist } - it { should be_running } - it { should have_app_pool('DefaultAppPool') } - it { should have_binding('https :443:www.contoso.com sslFlags=0') } - it { should have_binding('net.pipe *') } - it { should have_path('C:\\inetpub\\wwwroot') } - end - -## Properties - -app_pool, bindings, path, state - -## Property Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a default IIS site - - describe iis_site('Default Web Site') do - it { should exist } - it { should be_running } - it { should have_app_pool('DefaultAppPool') } - it { should have_binding('http *:80:') } - it { should have_path('%SystemDrive%\\inetpub\\wwwroot') } - end - -### Test if IIS service is running - - describe service('W3SVC') do - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_running - -The `be_running` matcher tests if the site is running: - - it { should be_running } - -### exist - -The `exist` matcher tests if the site exists: - - it { should exist } - -### have_app_pool - -The `have_app_pool` matcher tests if the named application pool exists for the site: - - it { should have_app_pool('DefaultAppPool') } - -For example, testing if a site's application pool inherits the settings of the parent application pool: - - it { should have_app_pool('/') } - -### have_binding - -The `have_binding` matcher tests if the specified binding exists for the site: - - it { should have_binding('http :80:*') } - -or: - - it { should have_binding('net.pipe *') } - -A site may have multiple bindings; use a `have_binding` matcher for each unique site binding to be tested. - -##### Binding Attributes - -The `have_binding` matcher can also test attributes that are defined for a site binding. For example, the `sslFlags` attribute defines if SSL is enabled, and (when enabled) what level of SSL is applied to the site. - -Testing a site with SSL disabled: - - it { should have_binding('https :443:www.contoso.com sslFlags=0') } - -Testing a site with SSL enabled: - - it { should have_binding('https :443:www.contoso.com sslFlags=Ssl') } - -Testing a site with certificate mapping authentication enabled: - - it { should have_binding('https :443:www.contoso.com sslFlags=SslMapCert') } - -Testing a site with 128-bit SSL enabled: - - it { should have_binding('https :443:www.contoso.com sslFlags=Ssl128') } - -### have_path - -The `have_path` matcher tests if the named path is defined for the site: - - it { should have_path('C:\\inetpub\\wwwroot') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/inetd_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/inetd_conf.md deleted file mode 100644 index c7cbf7d4a8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/inetd_conf.md +++ /dev/null @@ -1,101 +0,0 @@ -+++ -title = "inetd_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "inetd_conf" - identifier = "inspec/resources/os/inetd_conf.md inetd_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `inetd_conf` Chef InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `inetd_conf` resource block declares the list of services that are enabled in the `inetd.conf` file: - - describe inetd_conf('path') do - its('service_name') { should eq 'value' } - end - -where - -- `'service_name'` is a service listed in the `inetd.conf` file -- `('path')` is the non-default path to the `inetd.conf` file -- `should eq 'value'` is the value that is expected - -## Properties - -This resource supports any of the properties listed as services in the `inetd.conf` file. You may want to ensure that specific services do not listen via `inetd.conf`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Basic tests for inetd_conf services: - - its('shell') { should eq nil } - -or: - - its('netstat') { should eq nil } - -or: - - its('systat') { should eq nil } - -For example: - - describe inetd_conf do - its('shell') { should eq nil } - its('login') { should eq nil } - its('exec') { should eq nil } - end - -### Verify that FTP is disabled - -The contents if the `inetd.conf` file contain the following: - - #ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a - #telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd - -and the following test is defined: - - describe inetd_conf do - its('ftp') { should eq nil } - its('telnet') { should eq nil } - end - -Because both the `ftp` and `telnet` Internet services are commented out (`#`), both services are disabled. Consequently, both tests will return `true`. However, if the `inetd.conf` file is set as follows: - - ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a - #telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd - -then the same test will return `false` for `ftp` and the entire test will fail. - -### Test if telnet is installed - - describe package('telnetd') do - it { should_not be_installed } - end - - describe inetd_conf do - its('telnet') { should eq nil } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ini.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ini.md deleted file mode 100644 index 4e15216778..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ini.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "ini resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "ini" - identifier = "inspec/resources/os/ini.md ini resource" - parent = "inspec/resources/os" -+++ - -Use the `ini` Chef InSpec audit resource to test settings in an INI file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `ini` resource block declares the configuration settings to be tested: - - describe ini('path') do - its('setting_name') { should eq 'value' } - end - -where - -- `'setting_name'` is a setting key defined in the INI file -- `('path')` is the path to the INI file -- `{ should eq 'value' }` is the value that is expected - -For example: - - describe ini('path/to/ini_file.ini') do - its('port') { should eq '143' } - its('server') { should eq '192.0.2.62' } - end - -Settings inside of sections, such as the following: - - [section_name] - setting_name = 123 - -... can be retrieved by prefixing the setting_name with the section. - - its('section_name.setting_name') { should cmp 123 } - -In the event a section or setting name has a period in it, the alternate syntax can be used: - - its(['section.with.a.dot.in.it', 'setting.name.with.dots']) { should cmp 'lots-of-dots' } - -## Properties - -This resource supports any of the settings listed in an INI file as properties. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test SMTP settings in a PHP INI file - -For example, a PHP INI file located at contains the following settings: - - [mail function] - SMTP = smtp.gmail.com - smtp_port = 465 - -and can be tested like this: - - describe ini('/etc/php5/apache2/php.ini') do - its('mail function.smtp_port') { should eq('465') } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/interface.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/interface.md deleted file mode 100644 index 06d53bc80b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/interface.md +++ /dev/null @@ -1,125 +0,0 @@ -+++ -title = "interface resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "interface" - identifier = "inspec/resources/os/interface.md interface resource" - parent = "inspec/resources/os" -+++ - -Use the `interface` Chef InSpec audit resource to test basic network adapter properties, such as name, status, IP addresses, and link speed (in MB/sec). - -- On Linux platforms, `/sys/class/net/#{iface}` is used as source -- On the Windows platform, the `Get-NetAdapter` cmdlet is used as source -- On BSD and MacOS platforms, the `ifconfig` command is used as source. Link speed may not be available. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of Chef InSpec. - -## Syntax - -An `interface` resource block declares network interface properties to be tested: - - describe interface('eth0') do - it { should be_up } - its('speed') { should eq 1000 } - its('name') { should eq eth0 } - its('ipv4_addresses') { should include '10.0.0.5' } - end - -## Properties - -### ipv4_address - -Returns the first `ipv4_addresses` entry as a String. Note: this property is incompatible with ServerSpec, which returns the value including the CIDR range, such as '10.0.0.5/32'. - - its('ipv4_address') { should eq '10.0.0.5' } - -### ipv4_addresses - -The `ipv4_addresses` property returns an Array of IPv4 addresses as Strings. You may then test if the specified address exists on the named network interface: - - its('ipv4_addresses') { should include '127.0.0.1' } - -### ipv4_addresses_netmask - -The `ipv4_addresses_netmask` property returns an Array of Strings with each containing the IPv4 address, a slash, and the netmask. You may then test if the specified address and netmask exists on the named network interface: - - its('ipv4_addresses_netmask') { should include '127.0.0.1/255.0.0.0' } - -### ipv6_address - -Returns the first `ipv6_address` entry. Note: this property is incompatible with ServerSpec, which returns the value including the CIDR range. - - its('ipv6_address') { should eq '2089:98b::faeb' } - -### ipv6_addresses - -The `ipv6_addresses` property returns an Array of Strings and tests if the specified address exists on the named network interface: - - its('ipv6_addresses') { should include '::1' } - -### ipv4_cidrs - -The `ipv4_cidrs` property returns an Array of Strings and tests if the specified address and netmask combination exists on the named network interface: - - its('ipv4_cidrs') { should include '127.0.0.1/8' } - -### ipv6_cidrs - -The `ipv6_cidrs` property returns an Array of Strings and tests if the specified address and netmask combination exists on the named network interface: - - its('ipv6_cidrs') { should include '::1/128' } - -### name - -The `name` property returns the name of the interface: - - its('name') { should eq 'eth0' } - -### speed - -The `speed` property tests the speed of the network interface, in MB/sec. Note: On BSD and MacOS platforms, this value may be nil, because it difficult to obtain reliably. - - its('speed') { should eq 1000 } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_up - -The `be_up` matcher tests if the network interface is available: - - it { should be_up } - -### exist - -The `exist` matcher tests if the network interface exists: - - it { should exist } - -### have_an_ipv4_address - -The `have_an_ipv4_address` matcher tests if the network interface has any IPv4 addresses assigned: - - it { should have_an_ipv4_address } - -### have_an_ipv6_address - -The `have_an_ipv6_address` matcher tests if the network interface has any IPv6 addresses assigned: - - it { should have_an_ipv6_address } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/interfaces.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/interfaces.md deleted file mode 100644 index 39538d1969..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/interfaces.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "interfaces resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "interfaces" - identifier = "inspec/resources/os/interfaces.md interfaces resource" - parent = "inspec/resources/os" -+++ - -Use the `interfaces` Chef InSpec audit resource to test the properties of multiple network interfaces on the system. - -## Syntax - -An `interfaces` resource block may take no arguments, in which case it will list all interfaces: - - describe interfaces do - its('names') { should include 'eth0' } - end - -An `interfaces` resource block may take a where clause, filtering on a Filter Criterion: - - # All eth- interfaces - describe interfaces.where(name: /^eth\d+/) - its('names') { should include 'eth0' } - end - -Like any Chef InSpec resource, you may also use it for data lookup instead of testing: - - # We are an IPv6 shop - interfaces.where(name: /^eth/).names do |name| - describe interface(name) do - it { should have_ipv6_address } - end - end - - # Obtain the machine's main IP address - my_ip = interfaces.ipv4_address - -## Filter Criteria - -### name - -String. The name of an interface. - -## Properties - -### count - -The `count` property returns an Integer describing how many interfaces matched. - - its("count") { should eq 6 } - -### ipv4_address - -Attempts to guess the "first" "real" IPv4 address on any interface. Looks for interfaces that are up and have IPv4 addresses assigned, then tries to filter out loopback, management (10/8) and local (192.168/16) IP addresses, returning the best of of those that it can; you may still get nil, or a loopback address. Note that if the machine is behind NAT this will not be the external IP address; use the `http` resource to query an IP lookup service for that. - - its('ipv4_address') { should_not eq '127.0.0.1' } - -### names - -The `names` property returns an Array of Strings representing the names of the interfaces. - - its("names") { should include "eth0" } - -## Matchers - -For a full list of available universal matchers, please visit our [matchers page](/inspec/matchers/). - -### exist - -The `exist` matcher tests true if at least one interface exists on the system. This is almost always the case. - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ip6tables.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ip6tables.md deleted file mode 100644 index fb9457cd50..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ip6tables.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "ip6tables resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "ip6tables" - identifier = "inspec/resources/os/ip6tables.md ip6tables resource" - parent = "inspec/resources/os" -+++ - -Use the `ip6tables` Chef InSpec audit resource to test rules that are defined in `ip6tables`, which maintains tables of IP packet filtering rules for IPv6. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v4.6.9 of InSpec. - -## Syntax - -A `ip6tables` resource block declares tests for rules in IP tables: - - describe ip6tables(rule:'name', table:'name', chain: 'name') do - it { should have_rule('RULE') } - end - -where - -- `ip6tables()` may specify any combination of `rule`, `table`, or `chain` -- `rule:'name'` is the name of a rule that matches a set of packets -- `table:'name'` is the packet matching table against which the test is run -- `chain: 'name'` is the name of a user-defined chain or one of `ACCEPT`, `DROP`, `QUEUE`, or `RETURN` -- `have_rule('RULE')` tests that rule in the ip6tables list. This must match the entire line taken from `ip6tables -S CHAIN`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the INPUT chain is in default ACCEPT mode - - describe ip6tables do - it { should have_rule('-P INPUT ACCEPT') } - end - -### Test if the INPUT chain from the mangle table is in ACCEPT mode - - describe ip6tables(table:'mangle', chain: 'INPUT') do - it { should have_rule('-P INPUT ACCEPT') } - end - -### Test if there is a rule allowing Postgres (5432/TCP) traffic - - describe ip6tables do - it { should have_rule('-A INPUT -p tcp -m tcp -m multiport --dports 5432 -m comment --comment "postgres" -j ACCEPT') } - end - -Note that the rule specification must exactly match what's in the output of `ip6tables -S INPUT`, which will depend on how you've built your rules. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_rule - -The `have_rule` matcher tests the named rule against the information in the `ip6tables` file: - - it { should have_rule('RULE') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ipfilter.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ipfilter.md deleted file mode 100644 index c8205b29d9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ipfilter.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "ipfilter resource" -draft = false -gh_repo = "inspec" -platform = "bsd" - -[menu] - [menu.inspec] - title = "ipfilter" - identifier = "inspec/resources/os/ipfilter.md ipfilter resource" - parent = "inspec/resources/os" -+++ - -Use the `ipfilter` Chef InSpec audit resource to test rules defined for `ipfilter`. The `ipfstat` utility is used to report on packet filter statistics and filter list. `ipfstat -io` is used to view the active filtering rule set for the input and the output side of the kernel IP processing. The rule match is done against the output rules of `ipfstat -io`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -An `ipfilter` resource block declares tests for rules defined for IP Filter: - - describe ipfilter do - it { should have_rule("RULE") } - end - -where - -- `have_rule('RULE')` tests the active rule for ipfilter. This must match the entire line taken from `'ipfstat -io'`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if there are no restrictions on a loopback interface - - describe ipfilter do - it { should have_rule("pass in quick on lo0 all") } - it { should have_rule("pass out quick on lo0 all") } - end - -### Test if there are no restrictions on inside LAN interface named xl0 for private network - - describe ipfilter do - it { should have_rule("pass in quick on xl0 all") } - it { should have_rule("pass out quick on xl0 all") } - end - -### Test if there is a rule allowing FTP traffic on the public interface named dc0 - - describe ipfilter do - it { should have_rule("pass out quick on dc0 proto tcp from any to any port = ftp flags S/FSRPAU keep state") } - end - -### Test if there is a rule allowing SSH on the public interface named dc0 - - describe ipfilter do - it { should have_rule("pass out quick on dc0 proto tcp from any to any port = ssh flags S/FSRPAU keep state") } - end - -Note that the rule specification must exactly match what is in the output of `'ipfstat -io'`, which depends on how you have built your rules. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_rule - -The `have_rule` matcher tests the named rule against the information in the output rule of `'ipfstat -io'`: - - it { should have_rule("RULE") } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ipnat.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ipnat.md deleted file mode 100644 index a4cf84f24e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ipnat.md +++ /dev/null @@ -1,66 +0,0 @@ -+++ -title = "ipnat resource" -draft = false -gh_repo = "inspec" -platform = "bsd" - -[menu] - [menu.inspec] - title = "ipnat" - identifier = "inspec/resources/os/ipnat.md ipnat resource" - parent = "inspec/resources/os" -+++ - -Use the `ipnat` Chef InSpec audit resource to test rules that are defined for `IP NAT`. The purpose of the ipnat utility is to add or remove set of IP NAT rules. Rules are added to the end of the internal lists, matching the order in which they appear when given to ipnat. `ipnat -l` helps to view the current NAT table entry mappings. The rule match is done against the output rules of `ipnat -l`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -An `ipnat` resource block declares tests for rules set for IP NAT: - - describe ipnat do - it { should have_rule("RULE") } - end - -where - -- `have_rule('RULE')` tests the active rule for IP NAT. This must match the entire line taken from `ipnat -l`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test to ensure mapping rule of the internally used IP address with ISP provided 8-bit subnet at 10.9.0.1 - - describe ipnat do - it { should have_rule("map en0 192.0.0.0/8 -> 10.9.0.1/24") } - end - -### Test to ensure if there is a NAT rule to use the builtin ftp-proxy - - describe ipnat do - it { should have_rule("map en0 192.0.0.0/8 -> 10.9.0.1/32 proxy port ftp ftp/tcp") } - end - -{{< note >}} - -The rule specification must match the output of `ipnat -l` that depends on how you have built your rules. - -{{< /note >}} - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_rule - -The `have_rule` matcher tests the named rule against the information in the output rule of `ipnat -l`: - - it { should have_rule("RULE") } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iptables.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iptables.md deleted file mode 100644 index 9180d24c68..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/iptables.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "iptables resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "iptables" - identifier = "inspec/resources/os/iptables.md iptables resource" - parent = "inspec/resources/os" -+++ - -Use the `iptables` Chef InSpec audit resource to test rules that are defined in `iptables`, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `iptables` resource block declares tests for rules in IP tables: - - describe iptables(rule:'name', table:'name', chain: 'name', ignore_comments: true) do - it { should have_rule('RULE') } - end - -where - -- `iptables()` may specify any combination of `rule`, `table`, or `chain` -- `rule:'name'` is the name of a rule that matches a set of packets -- `table:'name'` is the packet matching table against which the test is run -- `chain: 'name'` is the name of a user-defined chain or one of `ACCEPT`, `DROP`, `QUEUE`, or `RETURN` -- `ignore_comments: true` is a boolean flag that ignores comments in a rule. -- `have_rule('RULE')` tests that rule in the iptables list. This must match the entire line taken from `iptables -S CHAIN`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the INPUT chain is in default ACCEPT mode - - describe iptables do - it { should have_rule('-P INPUT ACCEPT') } - end - -### Test if the INPUT chain from the mangle table is in ACCEPT mode - - describe iptables(table:'mangle', chain: 'INPUT') do - it { should have_rule('-P INPUT ACCEPT') } - end - -### Test if there is a rule allowing Postgres (5432/TCP) traffic - - describe iptables do - it { should have_rule('-A INPUT -p tcp -m tcp -m multiport --dports 5432 -m comment --comment "postgres" -j ACCEPT') } - end - -### Test a rule without comments - - describe iptables(ignore_comments: true) do - it { should have_rule('-A INPUT -p tcp -m tcp -m multiport --dports 5432 -j ACCEPT') } - end - -Note that the rule specification must exactly match what's in the output of `iptables -S INPUT`, which will depend on how you've built your rules. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_rule - -The `have_rule` matcher tests the named rule against the information in the `iptables` file: - - it { should have_rule('RULE') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/json.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/json.md deleted file mode 100644 index f473f0171b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/json.md +++ /dev/null @@ -1,105 +0,0 @@ -+++ -title = "json resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "json" - identifier = "inspec/resources/os/json.md json resource" - parent = "inspec/resources/os" -+++ - -Use the `json` Chef InSpec audit resource to test data in a JSON file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `json` resource block declares the data to be tested. Assume the following JSON file: - - { - "name" : "hello", - "meta" : { - "creator" : "John Doe" - }, - "array": [ - "zero", - "one" - ] - } - -This file can be queried using: - - describe json('/path/to/name.json') do - its('name') { should eq 'hello' } - its(['meta','creator']) { should eq 'John Doe' } - its(['array', 1]) { should eq 'one' } - end - -where - -- `name` is a configuration setting in a JSON file -- `should eq 'foo'` tests a value of `name` as read from a JSON file versus the value declared in the test - -The `json` resource can also be used with JSON formatted output from a command. -Using the same JSON as the previous example, it can be queried using: - - describe json({ command: 'retrieve_data.py --json'}) do - its('name') { should eq 'hello' } - its(['meta','creator']) { should eq 'John Doe' } - its(['array', 1]) { should eq 'one' } - end - -Finally, content can be passed directly to the resource: - - describe json({ content: '{\"item1\": { \"status\": \"available\" } }' }) do - its(['item1', 'status']) { should cmp 'available' } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### name - -The `name` matcher tests the value of the filename as read from a JSON file versus the value declared in the test: - - its('name') { should eq '/tmp/example.json' } - -### Test a cookbook version in a policyfile.lock.json file - - describe json('policyfile.lock.json') do - its(['cookbook_locks', 'omnibus', 'version']) { should eq('2.2.0') } - end - -### Test JSON output from an HTTP API - -Our example API has a `/health` endpoint, which looks like this: - - { - "service": { - "port": 3000, - "status": "ok" - } - } - -Example test: - - describe json(content: http('http://localhost:3000/health').body) do - its(['service', 'port']) { should eq 3000 } - its(['service', 'status']) { should eq 'ok' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_module.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_module.md deleted file mode 100644 index 9810a1793c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_module.md +++ /dev/null @@ -1,131 +0,0 @@ -+++ -title = "kernel_module resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "kernel_module" - identifier = "inspec/resources/os/kernel_module.md kernel_module resource" - parent = "inspec/resources/os" -+++ - -Use the `kernel_module` Chef InSpec audit resource to test kernel modules on Linux -platforms. These parameters are located under `/lib/modules`. Any submodule may -be tested using this resource. - -The `kernel_module` resource can also verify if a kernel module is `blacklisted` -or if a module is disabled via a fake install using the `bin_true` or `bin_false` -method. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `kernel_module` resource block declares a module name, and then tests if that -module is a loaded kernel module, if it is enabled, disabled or if it is -blacklisted: - - describe kernel_module('module_name') do - it { should be_loaded } - it { should_not be_disabled } - it { should_not be_blacklisted } - end - -where - -- `'module_name'` must specify a kernel module, such as `'bridge'` -- `{ should be_loaded }` tests if the module is a loaded kernel module -- `{ should be_blacklisted }` tests if the module is blacklisted or if the module is disabled via a fake install using /bin/false or /bin/true -- `{ should be_disabled }` tests if the module is disabled via a fake install using /bin/false or /bin/true - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### version - -The `version` property tests if the kernel module on the system has the correct version: - - its('version') { should eq '3.2.2' } - -### Test a kernel module's 'version' - - describe kernel_module('bridge') do - it { should be_loaded } - its('version') { should cmp >= '2.2.2' } - end - -### Test if a kernel module is loaded, not disabled, and not blacklisted - - describe kernel_module('video') do - it { should be_loaded } - it { should_not be_disabled } - it { should_not be_blacklisted } - end - -### Check if a kernel module is blacklisted - - describe kernel_module('floppy') do - it { should be_blacklisted } - end - -### Check if a kernel module is _not_ blacklisted and is loaded - - describe kernel_module('video') do - it { should_not be_blacklisted } - it { should be_loaded } - end - -### Check if a kernel module is disabled via 'bin_false' - - describe kernel_module('sstfb') do - it { should_not be_loaded } - it { should be_disabled } - end - -### Check if a kernel module is 'blacklisted'/'disabled' via 'bin_true' - - describe kernel_module('nvidiafb') do - it { should_not be_loaded } - it { should be_blacklisted } - end - -### Check if a kernel module is not loaded - - describe kernel_module('dhcp') do - it { should_not be_loaded } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_blacklisted - -The `be_blacklisted` matcher tests if the kernel module is a blacklisted module: - - it { should be_blacklisted } - -### be_disabled - -The `be_disabled` matcher tests if the kernel module is disabled: - - it { should be_disabled } - -### be_loaded - -The `be_loaded` matcher tests if the kernel module is loaded: - - it { should be_loaded } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_parameter.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_parameter.md deleted file mode 100644 index d27b7fa4e9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_parameter.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "kernel_parameter resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "kernel_parameter" - identifier = "inspec/resources/os/kernel_parameter.md kernel_parameter resource" - parent = "inspec/resources/os" -+++ - -Use the `kernel_parameter` Chef InSpec audit resource to test kernel parameters on Linux platforms. -These parameters are located under `/proc/cmdline`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `kernel_parameter` resource block declares a parameter and then a value to be tested: - - describe kernel_parameter('path.to.parameter') do - its('value') { should eq 0 } - end - -where - -- `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'` -- `{ should eq 0 }` states the value to be tested - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if global forwarding is enabled for an IPv4 address - - describe kernel_parameter('net.ipv4.conf.all.forwarding') do - its('value') { should eq 1 } - end - -### Test if global forwarding is disabled for an IPv6 address - - describe kernel_parameter('net.ipv6.conf.all.forwarding') do - its('value') { should eq 0 } - end - -### Test if an IPv6 address accepts redirects - - describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do - its('value') { should cmp 'true' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_parameters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_parameters.md deleted file mode 100644 index 626ff51b76..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/kernel_parameters.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "kernel_parameters resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "kernel_parameters" - identifier = "inspec/resources/os/kernel_parameters.md kernel_parameters resource" - parent = "inspec/resources/os" -+++ - -Use the `kernel_parameters` Chef InSpec audit resource to test multiple kernel parameters on Linux platforms. -These parameters are located under `/proc/cmdline`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `kernel_parameters` resource block uses `where` to filter entries from the systems kernel parameters. If `where` is omitted, all entries are selected. - - describe kernel_parameters do - its('parameters') { should include "PARAMETER_NAME" } - its('values') { should include 1 } - end - - describe kernel_parameters.where(parameter: "PARAMETER_NAME") do - its('values') { should eq [1] } - end - -## Properties - -### parameters - -The kernel parameter to test. - -### values - -The value of a kernel parameter. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the global forwarding setting using a `where` query on the kernel parameters - - describe kernel_parameters.where(parameter: "net.ipv4.conf.all.forwarding") do - its('values') { should eq [1] } - end - -### Match a parameter using a regular expression - - describe kernel_parameters.where(parameter: /^net./ ) do - its('parameters') { should include 'net.ipv4.conf.all.forwarding' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/key_rsa.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/key_rsa.md deleted file mode 100644 index 3557095b00..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/key_rsa.md +++ /dev/null @@ -1,91 +0,0 @@ -+++ -title = "key_rsa resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "key_rsa" - identifier = "inspec/resources/os/key_rsa.md key_rsa resource" - parent = "inspec/resources/os" -+++ - -Use the `key_rsa` Chef InSpec audit resource to test RSA public/private keypairs. - -This resource is mainly useful when used in conjunction with the x509_certificate resource, but it can also be used for checking RSA-based SSH keys. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.18.0 of InSpec. - -## Syntax - -An `key_rsa` resource block declares a `key file` to be tested. - - describe key_rsa('certificate.key') do - it { should be_private } - it { should be_public } - its('public_key') { should match "PUBLIC_KEY" } - its('key_length') { should eq 2048 } - end - -You can use an optional passphrase with `key_rsa` - - describe key_rsa('certificate.key', 'passphrase') do - it { should be_private } - end - -## Properties - -### public_key (String) - -The `public_key` property returns the public part of the RSA key pair - - describe key_rsa('/etc/pki/www.example.com.key') do - its('public_key') { should match "RSA_PUBLIC_KEY" } - end - -### private_key (String) - -The `private_key` property returns the private key or the RSA key pair. - - describe key_rsa('/etc/pki/www.example.com.key') do - its('private_key') { should match "RSA_PRIVATE_KEY" } - end - -### key_length - -The `key_length` property allows testing the number of bits in the key pair. - - describe key_rsa('/etc/pki/www.example.com.key') do - its('key_length') { should eq 2048 } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### public? - -To verify if a key is public use the following: - - describe key_rsa('/etc/pki/www.example.com.key') do - it { should be_public } - end - -### private? - -This property verifies that the key includes a private key: - - describe key_rsa('/etc/pki/www.example.com.key') do - it { should be_private } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/launchd_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/launchd_service.md deleted file mode 100644 index e6fbb7c2b7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/launchd_service.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "launchd_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "launchd_service" - identifier = "inspec/resources/os/launchd_service.md launchd_service resource" - parent = "inspec/resources/os" -+++ - -Use the `launchd_service` Chef InSpec audit resource to test a service using Launchd. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `launchd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service: - - describe launchd_service('service_name') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end - -where - -- `('service_name')` must specify a service name -- `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used - -The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example: - - describe launchd_service('service_name', '/path/to/control') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - - it { should be_enabled } - -### be_installed - -The `be_installed` matcher tests if the named service is installed: - - it { should be_installed } - -### be_running - -The `be_running` matcher tests if the named service is running: - - it { should be_running } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/limits_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/limits_conf.md deleted file mode 100644 index f653708096..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/limits_conf.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "limits_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "limits_conf" - identifier = "inspec/resources/os/limits_conf.md limits_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `limits_conf` Chef InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system running those processes remains stable. Each process may be assigned a hard or soft limit. - -- Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login -- Hard limits are maintained by the kernel and defines the maximum number of allowed file handles - -Entries in the `limits.conf` file are similar to: - - grantmc soft nofile 4096 - grantmc hard nofile 63536 - - ^^^^^^^^^ ^^^^ ^^^^^^ ^^^^^ - domain type item value - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value: - - describe limits_conf('path') do - its('domain') { should include ['type', 'item', 'value'] } - its('domain') { should eq ['type', 'item', 'value'] } - end - -where - -- `('path')` is the non-default path to the `inetd.conf` file -- `'domain'` is a user or group name, such as `grantmc` -- `'type'` is either `hard` or `soft` -- `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins` -- `'value'` is the value associated with the `item` - -## Properties - -### domain - -The `domain` property tests the domain in the `limits.conf` file, along with associated type, item, and value: - - its('domain') { should include ['type', 'item', 'value'] } - - -For example: - - its('grantmc') { should include ['hard', 'nofile', '63536'] } - -### Test limits - - describe limits_conf('path') do - its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] } - its('ftp') { should eq ['hard', 'nproc', '0'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/linux_audit_system.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/linux_audit_system.md deleted file mode 100644 index af2bed4c2f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/linux_audit_system.md +++ /dev/null @@ -1,108 +0,0 @@ -+++ -title = "linux_audit_system resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "linux_audit_system" - identifier = "inspec/resources/os/linux_audit_system.md linux_audit_system resource" - parent = "inspec/resources/os" -+++ - -Use the `linux_audit_system` Chef InSpec audit resource to test the configuration of Linux audit system. - -## Availability - -### Install - -The Chef InSpec distributes this resource. - -## Syntax - -A `linux_audit_system` Chef InSpec audit resource allows you to test the configuration of Linux audit system. - -```ruby - describe linux_audit_system do - it { should be_enabled } - it { should be_running } - its('rules') { should include 'some_rule' } - end -``` - -> where -> -> - `rules` is a property of this resource. -> - `some_rule` is the expected rule to be included in the rules list. -> - `be_enabled` and `be_running` are matchers of this resource. - -## Properties - -The property of this resource is `rules`. - -### rules - -The `rules` property returns an array of audit rules of the system. It allows testing by passing an argument as a string or a regular expression to a valid matcher. - -```ruby - its('rules') { should include 'RULE' } - its('rules') { should include %r{some_regex_rule} } -``` - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/). The specific matchers of this resource are `be_enabled` and `be_running`. - -### be_enabled - -The `be_enabled` matcher tests if auditing is enabled on the system. - -```ruby - it { should be_enabled } -``` - -### be_running - -The `be_running` matcher tests if the audit daemon runs on the system. - -```ruby - it { should be_running } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Ensure auditing is enabled on the system - -`be_enabled` checks if auditing is enabled on the system. - -```ruby - describe linux_audit_system do - it { should be_enabled } - end -``` - -### Ensure the audit daemon is running on the system - -`be_running` checks for if the audit daemon runs on the system. - -```ruby - describe linux_audit_system do - it { should be_running } - end -``` - -### Verify if the list of audit rules contains certain rules - -`rules` returns an array of audit rules of the system. - -```ruby - describe linux_audit_system do - its('rules') { should include '-w /etc -p wa' } - its('rules') { should include %r!-w /etc -p wa! } - its('rules') { should include %r{-w /etc -p wa} } - its('rules') { should_not include %r!-a entry,always -S all -F pid=1005! } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/login_defs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/login_defs.md deleted file mode 100644 index e96080cefe..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/login_defs.md +++ /dev/null @@ -1,77 +0,0 @@ -+++ -title = "login_defs resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "login_defs" - identifier = "inspec/resources/os/login_defs.md login_defs resource" - parent = "inspec/resources/os" -+++ - -Use the `login_defs` Chef InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `login_defs` resource block declares the `login.defs` configuration data to be tested: - - describe login_defs do - its('name') { should include('foo') } - end - -where - -- `name` is a configuration setting in `login.defs` -- `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test - -## Properties - -This resource supports the properties found in the `login.defs` configuration settings. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### name - -The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test: - - its('name') { should eq 'foo' } - -### Test password expiration settings - - describe login_defs do - its('PASS_MAX_DAYS') { should eq '180' } - its('PASS_MIN_DAYS') { should eq '1' } - its('PASS_MIN_LEN') { should eq '15' } - its('PASS_WARN_AGE') { should eq '30' } - end - -### Test the encryption method - - describe login_defs do - its('ENCRYPT_METHOD') { should eq 'SHA512' } - end - -### Test umask setting - - describe login_defs do - its('UMASK') { should eq '077' } - its('PASS_MAX_DAYS') { should eq '90' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/lxc.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/lxc.md deleted file mode 100644 index 43fc33651c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/lxc.md +++ /dev/null @@ -1,162 +0,0 @@ -+++ -title = "lxc resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "lxc" - identifier = "inspec/resources/os/lxc.md lxc resource" - parent = "inspec/resources/os" -+++ - -Use the `lxc` Chef InSpec audit resource to test the information about Linux containers. LXC is a command-line client for LXD that manages your LXD instances (containers and virtual machines). The tests are against the container's information obtained on `lxc info [container-name]`. `lxc` resource allows the testing if the container exists or is in *running* status. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -An `lxc` Chef InSpec audit resource allows testing if the container exists or is in *running* status. - -```ruby - describe lxc("linux-container-name") do - it { should exist } - it { should be_running } - end -``` - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/). - -The specific matchers of this resource are: `exist` and `be_running`. - -### exist - -The `exist` matcher is used to specify if the container exists: - -```ruby - it { should exist } -``` - -### be_running - -The `be_running` matcher is used to check if the container is running: - -```ruby - it { should be_running } -``` - -## Properties - -### name - -Returns the instance name. - -```ruby -its("name") { should eq "ubuntu-container" } -``` - -### status - -Returns the instance status. - -```ruby - its("status") { should cmp "Running" } -``` - -### type - -Returns the instance type (for example, container). - -```ruby - its("type") { should eq "container" } -``` - -### architecture - -Returns the architecture of the instance. - -```ruby - its("architecture") { should eq "x86_64" } -``` - -### pid - -Returns the pid of the instance. - -```ruby - its("pid") { should eq 1378 } -``` - -### created_at - -Returns the creation date of the instance. - -```ruby - its("created_at") { should eq "2022/08/16 12:07 UTC" } -``` - -### last_used_at - -Returns the last used date of the instance. - -```ruby - its("last_used_at") { should eq "2022/08/17 05:06 UTC" } -``` - -### resources - -Returns the resource information of the instance. - -```ruby - its("resources") { should include "Disk usage" } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Ensures container exists - -The below test passes if the container `immense-phoenix` exists as part of the LXD instances. - -```ruby - describe lxc("immense-phoenix") do - it { should exist } - end -``` - -### Ensures container is in running status - -The below test passes if the container `delicate-sloth` exists as part of the LXD instances and the status is running. - -```ruby - describe lxc("delicate-sloth") do - it { should be_running } - end -``` - -### Ensures container exists, is in running status, and verifies the different container properties - -The below test passes if the container `ubuntu-container` exists, is running, and the properties value matches against the desired value. - -```ruby - describe lxc("ubuntu-container") do - it { should exist } - it { should be_running } - its("name") { should eq "ubuntu-container" } - its("status") { should cmp "Running" } - its("type") { should eq "container" } - its("architecture") { should eq "x86_64" } - its("pid") { should eq 1378 } - its("created_at") { should eq "2022/08/16 12:07 UTC" } - its("last_used_at") { should eq "2022/08/17 05:06 UTC" } - its("resources") { should include "Disk usage" } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mail_alias.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mail_alias.md deleted file mode 100644 index 5af082b7d4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mail_alias.md +++ /dev/null @@ -1,69 +0,0 @@ -+++ -title = "mail_alias resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "mail_alias" - identifier = "inspec/resources/os/mail_alias.md mail_alias resource" - parent = "inspec/resources/os" -+++ - -Use the `mail_alias` Chef InSpec audit resource to test the mail alias present in the aliases file. - -## Availability - -### Install - -This resource is distributed along with Chef InSpec. - -## Syntax - -A `mail_alias` Chef InSpec audit resource allows testing the mail alias present in the aliases file. - -```ruby - describe mail_alias("daemon") do - it { should be_aliased_to "root" } - end -``` - -> where -> -> - `'daemon'` is an alias present in `/etc/aliases` of the target system -> - `'root'` is the value assigned to the alias -> - `be_aliased_to` is a matcher of this resource - -## Matchers - -For a full list of available matchers, please visit the [matchers page](https://docs.chef.io/inspec/matchers/). The specific matchers of this resource is: `be_aliased_to`. - -### be_aliased_to - -The `be_aliased_to` matcher tests if the input value is assigned to the initialized alias. - -```ruby - it { should be_aliased_to "root" } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Check if the daemon alias is mapped to root - -```ruby - describe mail_alias("daemon") do - it { should be_aliased_to "root" } - end -``` - -### Check if the mail admin alias is mapped to inspecadmin@chef.io and chefadmin@chef.io - -```ruby - describe mail_alias("mailadmin") do - it { should be_aliased_to "inspecadmin@chef.io" } - it { should be_aliased_to "chefadmin@chef.io" } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mongodb_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mongodb_conf.md deleted file mode 100644 index 91df5a8814..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mongodb_conf.md +++ /dev/null @@ -1,60 +0,0 @@ -+++ -title = "mongodb_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "mongodb_conf" - identifier = "inspec/resources/os/mongodb_conf.md mongodb_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `mongodb_conf` Chef InSpec audit resource to test the contents of the configuration file for MongoDB, typically located at `/etc/mongod.conf` or `C:\Program Files\MongoDB\Server\\bin\mongod.cfg`, depending on the platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `mongodb_conf` resource block declares one (or more) settings in the `mongodb.conf` file, and then compares the setting in the configuration file to the value stated in the test: - - describe mongodb_conf('path') do - its('setting') { should eq 'value' } - end - -where - -- `'setting'` specifies a setting in the `mongodb.conf` file -- `('path')` is the non-default path to the `mongodb.conf` file (optional) -- `should eq 'value'` is the value that is expected - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the key management configuration options - - describe mongodb_conf do - its(["security", "enableEncryption"]) { should eq true } - end - -### Test the port on which MongoDB listens - - describe mongodb_conf do - its(["net", "port"]) { should eq 27017 } - end - -### Test the security configuration options - - describe mongodb_conf do - its(["security", "authorization"]) { should eq "enabled" } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mongodb_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mongodb_session.md deleted file mode 100644 index db9602f55c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mongodb_session.md +++ /dev/null @@ -1,115 +0,0 @@ -+++ -title = "mongodb_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "mongodb_session" - identifier = "inspec/resources/os/mongodb_session.md mongodb_session resource" - parent = "inspec/resources/os" -+++ - -Use the `mongodb_session` Chef InSpec audit resource to run MongoDB command against a MongoDB Database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `mongodb_session` resource block declares the `user`, `password`, and `database` to use for the session and then the command to be run: - - describe mongodb_session(user: "username", password: "password", database: "test").query(key: value) do - its("params") { should match(/expected-result/) } - end - -where - -- `mongodb_session` declares a user, password, and database, connecting locally, with permission to run the query. -- `query` contains the query to be run. -- `its("params") { should eq(/expected-result/) }` compares the results of the query against the expected result in the test - -### Optional Parameters - -The `mongodb_session` InSpec resource accepts `user`, `password`, `host`, `port`, `auth_source`, `auth_mech`, `ssl`, `ssl_cert`, `ssl_ca_cert`, and `auth_mech_properties` parameters. - -In Particular: - -#### `host` - -The server host IP address. Default value: `127.0.0.1`. - -#### `port` - -The server port. Default value: `27017`. - -#### `auth_mech` - -The authentication mechanism. The available options are: `:scram`, `:scram256`, `:mongodb_x509`, and `:aws`. Default value: `:scram`. - -See the MongoDB documentation on [Ruby driver authentication](https://docs.mongodb.com/ruby-driver/current/reference/authentication/) for more information. - -#### `auth_source` - -The database where the user’s authentication credentials are stored. The default value is the database name that is passed as a parameter to the resource. - -#### `ssl` - -Whether to use the SSL security protocol or not. Set to `true` to use SSL transport, default value: `false`. See the MongoDB documentation on [Ruby Driver authentication](https://docs.mongodb.com/ruby-driver/current/reference/authentication/#client-certificate-x-509) for more information. - -#### 'ssl_cert' - -Path to the SSL certificate file. - -#### `ssl_ca_cert` - -Path to the SSL Certificate Authority (CA) certificate file. - -#### `ssl_key` - -Path to SSL key file. - -#### `auth_mech_properties` - -A hash of the authentication mechanism properties. This option is generally used with the AWS authentication mechanism. See the MongoDB documentation on [Ruby Driver authentication using AWS](https://docs.mongodb.com/ruby-driver/current/reference/authentication/#aws) for more information. - -### MongoDB Query Reference Documentation - -This resource uses the [MongoDB Ruby Driver](https://docs.mongodb.com/ruby-driver/current/reference/authentication/) to fetch the data. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the roles information using the `rolesInfo` command in MongoDB - - describe mongodb_session(user: "foo", password: "bar", database: "test").query(rolesInfo: "dbAdmin").params["roles"].first do - its(["role"]) { should eq "dbAdmin" } - end - -### Test the MongoDB user role - - describe mongodb_session(user: "foo", password: "bar", database: "test").query(usersInfo: "foo").params["users"].first["roles"].first do - its(["role"]) { should eq "readWrite" } - end - -### Test the database parameters - - describe mongodb_session(user: "foo", password: "bar", database: "test").query(rolesInfo: "dbAdmin") do - its("params") { should_not be_empty } - its("params") { should include "roles" } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### params - -The `params` contains all the query data. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mount.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mount.md deleted file mode 100644 index 30c87f1ddb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mount.md +++ /dev/null @@ -1,81 +0,0 @@ -+++ -title = "mount resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "mount" - identifier = "inspec/resources/os/mount.md mount resource" - parent = "inspec/resources/os" -+++ - -Use the `mount` Chef InSpec audit resource to test the mount points on FreeBSD and Linux systems. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `mount` resource block declares the synchronization settings that should be tested: - - describe mount('path') do - it { should MATCHER 'value' } - end - -where - -- `('path')` is the path to the mounted directory -- `MATCHER` is a valid matcher for this resource -- `'value'` is the value to be tested - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a the mount point on '/' - - describe mount('/') do - it { should be_mounted } - its('device') { should eq '/dev/mapper/VolGroup-lv_root' } - its('type') { should eq 'ext4' } - its('options') { should eq ['rw', 'mode=620'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_mounted - -The `be_mounted` matcher tests if the file is accessible from the file system: - - it { should be_mounted } - -### device - -The `device` matcher tests the device from the `fstab` table: - - its('device') { should eq '/dev/mapper/VolGroup-lv_root' } - -### options - -The `options` matcher tests the mount options for the file system from the `fstab` table: - - its('options') { should eq ['rw', 'mode=620'] } - -### type - -The `type` matcher tests the file system type: - - its('type') { should eq 'ext4' } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mssql_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mssql_session.md deleted file mode 100644 index 89087a1a21..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mssql_session.md +++ /dev/null @@ -1,78 +0,0 @@ -+++ -title = "mssql_session resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "mssql_session" - identifier = "inspec/resources/os/mssql_session.md mssql_session resource" - parent = "inspec/resources/os" -+++ - -Use the `mssql_session` Chef InSpec audit resource to test SQL commands run against a Microsoft SQL database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.24.0 of InSpec. - -## Syntax - -A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run: - - describe mssql_session(user: 'username', password: 'password').query('QUERY').row(0).column('result') do - its('value') { should eq('') } - end - -where - -- `mssql_session` declares a username and password with permission to run the query. Omitting the username or password parameters results in the use of Windows authentication as the user Chef InSpec is executing as. You may also optionally pass a host and instance name. If omitted, they will default to host: localhost and the default instance. -- `query('QUERY')` contains the query to be run -- `its('value') { should eq('') }` compares the results of the query against the expected result in the test - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for matching databases - - sql = mssql_session(user: 'my_user', password: 'password') - - describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do - its("value") { should cmp > '12.00.4457' } - end - -### Test using Windows authentication - - sql = mssql_session - - describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do - its("value") { should cmp > '12.00.4457' } - end - -### Test a specific host and instance - - sql = mssql_session(user: 'my_user', password: 'password', host: 'ms-sql-server', instance: 'foo') - - describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do - its("value") { should cmp > '12.00.4457' } - end - -### Test a specific database - - sql = mssql_session(user: 'my_user', password: 'password', db_name: 'test') - - describe sql.query("SELECT Name AS result FROM Product WHERE ProductID == 1").row(0).column('result') do - its("value") { should eq 'foo' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mssql_sys_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mssql_sys_conf.md deleted file mode 100644 index 0addd7f728..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mssql_sys_conf.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "mssql_sys_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "mssql_sys_conf" - identifier = "inspec/resources/os/mssql_sys_conf.md mssql_sys_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `mssql_sys_conf` Chef InSpec audit resource to test the configuration of a Microsoft SQL Server database. - -## Installation - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Requirements - -You must have database access. - -## Syntax - -A `mssql_sys_conf` resource block declares the configuration item, user, and password to test. - -```ruby -describe mssql_sys_conf("CONFIGURATION ITEM TO TEST", user: 'USER', password: 'PASSWORD') do - its("value_in_use") { should cmp "EXPECTED_VALUE" } - its("value_configured") { should cmp "EXPECTED_VALUE" } -end -``` - -where: - -- `mssql_sys_conf` declares a configuration item, `user`, and `password` with permission to use `sys.configurations`. -- `its('value_in_use') { should cmp 'EXPECTED_VALUE' }` compares the current running value of the configuration item against an expected value. -- `its('value_configured') { should cmp 'EXPECTED_VALUE' }` compares the saved value of the configuration item against an expected value. - -### Optional Parameters - -`mssql_sys_conf` is based on the `mssql_session` resource and accepts all the parameters that `mssql_session` accepts. - -#### `username` - -The user name. Default value: `SA`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test parameters set within the database view - - describe mssql_sys_conf("clr_enabled", user: 'USER', password: 'PASSWORD') do - its("value_in_use") { should cmp "0" } - its("value_configured") { should cmp "0" } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mysql_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mysql_conf.md deleted file mode 100644 index c1f279c4f1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mysql_conf.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "mysql_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "mysql_conf" - identifier = "inspec/resources/os/mysql_conf.md mysql_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `mysql_conf` Chef InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test: - - describe mysql_conf('path') do - its('setting') { should eq 'value' } - end - - # Test a parameter set within the [mysqld] section - describe mysql_conf do - its('mysqld.port') { should cmp 3306 } - end - - # Test a parameter set within the [mariadb] section using array notation - describe mysql_conf do - its(['mariadb', 'max-connections']) { should_not be_nil } - end - -where - -- `'setting'` specifies a setting in the `my.cnf` file, such as `max_connections` - - when checking a setting within sections, such as `[mysqld]`, the section name must be included -- `('path')` is the non-default path to the `my.cnf` file -- `should eq 'value'` is the value that is expected - -## Properties - -This resource supports any settings listed in a `my.cnf` file as properties. For example, `max_connections`. - - its('max_connections') { should eq '505' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the maximum number of allowed connections - - describe mysql_conf do - its('max_connections') { should eq '505' } - its('max_user_connections') { should eq '500' } - end - -### Test slow query logging\*\* - - describe mysql_conf do - its('slow_query_log_file') { should eq 'hostname_slow.log' } - its('slow_query_log') { should eq '0' } - its('log_queries_not_using_indexes') { should eq '1' } - its('long_query_time') { should eq '0.5' } - its('min_examined_row_limit') { should eq '100' } - end - -### Test the port and socket on which MySQL listens - - describe mysql_conf do - its('port') { should eq '3306' } - its('socket') { should eq '/var/run/mysqld/mysql.sock' } - end - -### Test connection and thread variables - - describe mysql_conf do - its('port') { should eq '3306' } - its('socket') { should eq '/var/run/mysqld/mysql.sock' } - its('max_allowed_packet') { should eq '12M' } - its('default_storage_engine') { should eq 'InnoDB' } - its('character_set_server') { should eq 'utf8' } - its('collation_server') { should eq 'utf8_general_ci' } - its('max_connections') { should eq '505' } - its('max_user_connections') { should eq '500' } - its('thread_cache_size') { should eq '505' } - end - -### Test the safe-user-create parameter - - describe mysql_conf.params('mysqld') do - its('safe-user-create') { should eq('1') } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mysql_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mysql_session.md deleted file mode 100644 index 82a46d79e5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/mysql_session.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "mysql_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "mysql_session" - identifier = "inspec/resources/os/mysql_session.md mysql_session resource" - parent = "inspec/resources/os" -+++ - -Use the `mysql_session` Chef InSpec audit resource to test SQL commands run against a MySQL database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run: - - describe mysql_session('username', 'password').query('QUERY') do - its('output') { should match(/expected-result/) } - end - -where - -- `mysql_session` declares a username and password, connecting locally, with permission to run the query -- `query('QUERY')` contains the query to be run -- `its('output') { should eq(/expected-result/) }` compares the results of the query against the expected result in the test - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for matching databases - - sql = mysql_session('my_user','password') - - describe sql.query('show databases like \'test\';') do - its('output') { should_not match(/test/) } - end - -### Alternate Connection: Different Host - - sql = mysql_session('my_user','password','db.example.com') - -### Alternate Connection: Different Port - - sql = mysql_session('my_user','password','localhost',3307) - -### Alternate Connection: Using a socket - - sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock') - -### Test for a successful query - - describe mysql_session('my_user','password').query('show tables in existing_database;') do - its('exit_status') { should eq(0) } - end - -### Test for a failing query - - describe mysql_session('my_user','password').query('show tables in non_existent_database;') do - its('exit_status') { should_not eq(0) } - end - -### Test for specific error message - - describe mysql_session('my_user','password').query('show tables in non_existent_database;') do - its('stderr') { should match(/Unknown database/) } - end - -## Matchers - -This Chef InSpec audit resource builds a [command](/inspec/resources/command) object and returns the the result object. {{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nftables.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nftables.md deleted file mode 100644 index 96c6dcb5cd..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nftables.md +++ /dev/null @@ -1,142 +0,0 @@ -+++ -title = "nftables resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "nftables" - identifier = "inspec/resources/os/nftables.md nftables resource" - parent = "inspec/resources/os" -+++ - -Use the `nftables` Chef InSpec audit resource to test rules and sets that are defined using `nftables`, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains. A chain is a list of rules that match packets. When a rule matches a packet, the rule defines what target to assign to the packet. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v5.21.30 of InSpec. - -## Syntax - -A `nftables` resource block declares tests for rules in IP tables: - -```ruby -describe nftables(family:'name', table:'name', chain: 'name') do - its('PROPERTY') { should eq 'value' } - it { should have_rule('RULE') } -end - -describe nftables(family:'name', table:'name', set: 'name') do - its('PROPERTY') { should eq 'value' } - it { should have_element('ELEMENT') } -end -``` - -where - -- `nftables()` has to specify `family` and `table`. It also has to specify one of `chain` or `set` (exclusively). -- `family:'name'` is the name of the `family` the table belongs to, one of `ip`, `ip6`, `inet`, `arp`, `bridge`, `netdev`. -- `table:'name'` is the packet matching table against which the test is run. -- `chain: 'name'` is the name of a user-defined chain. -- `set: 'name'` is the name of a user-defined named set. -- `have_rule('RULE')` tests that the chain has a given rule in the nftables ruleset. This must match the entire line taken from `nftables -nn list chain FAMILY TABLE CHAIN`. -- `have_element('ELEMENT')` tests that element is a member of the nftables named set. - -See the [NFT man page](https://www.netfilter.org/projects/nftables/manpage.html) and [nftables wiki](https://wiki.nftables.org/wiki-nftables/index.php/Main_Page) for more information about nftables. - -## Properties - -### Chain Properties - -`hook` -: The hook type. Possible values: `ingress`, `prerouting`, `forward`, `input`, `output`, `postrouting`, and `egress`. - -`prio` -: The numerical chain priority. - -`policy` -: The policy type. Possible values: `accept`, `drop`. - -`type` -: The chain type. Possible values: `filter`, `nat`, and `route`. - -### Set Properties - -`flags` -: The set flags. Possible values: `constant`, `dynamic`, `interval`, and `timeout`. - -`size` -: The maximum number of elements in the set. - -`type` -: The data type of set elements. Possible values: `ipv4_addr`, `ipv6_addr`, `ether_addr`, `inet_proto`, `inet_service`, and `mark`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the `CHAIN_NAME` chain from the `TABLE_NAME` table has the default `accept` policy - -```ruby -describe nftables(family: 'inet', table: 'TABLE_NAME', chain: 'CHAIN_NAME') do - its('policy') { should eq 'accept' } -end -``` - -### Test the attributes of the `CHAIN_NAME` chain from the `TABLE_NAME` table - -```ruby -describe nftables(family: 'inet', table: 'mangle', chain: 'INPUT') do - its('type') { should eq 'filter' } - its('hook') { should eq 'input' } - its('prio') { should eq (-150) } # mangle - its('policy') { should eq 'accept' } -end -``` - -### Test if there is a rule allowing Postgres (5432/TCP) traffic - -```ruby -describe nftables(family: 'inet', table: 'TABLE_NAME', chain: 'CHAIN_NAME') do - it { should have_rule('tcp dport 5432 comment "postgres" accept') } -end -``` - -Note that the rule specification must exactly match what's in the output of `nftables -nn list chain inet TABLE_NAME CHAIN_NAME`, which will depend on how you've built your rules. - -### Test if there is an element `1.1.1.1` in the `SET_NAME` named set - -```ruby -describe nftables(family: 'inet', table: 'TABLE_NAME', set: 'SET_NAME') do - it { should have_element('1.1.1.1') } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### have_rule - -The `have_rule` matcher tests the named rule against the information in the `nftables` ruleset: - -```ruby -it { should have_rule('RULE') } -``` - -### have_element - -The `have_element` matcher tests the named set against the information in the `nftables` ruleset: - -```ruby -it { should have_element('SET_ELEMENT') } -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nginx.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nginx.md deleted file mode 100644 index c4eadb78fa..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nginx.md +++ /dev/null @@ -1,89 +0,0 @@ -+++ -title = "nginx resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "nginx" - identifier = "inspec/resources/os/nginx.md nginx resource" - parent = "inspec/resources/os" -+++ - -Use the `nginx` Chef InSpec audit resource to test the fields and validity of nginx. - -Nginx resource extracts and exposes data reported by the command 'nginx -V' - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.37.6 of InSpec. - -## Syntax - -An `nginx` Chef InSpec audit resource block extracts configuration settings that should be tested: - - describe nginx do - its('attribute') { should eq 'value' } - end - - describe nginx('path to nginx') do - its('attribute') { should eq 'value' } - end - -where - -- `'attribute'` is a configuration parsed from result of the command 'nginx -V' -- `'value'` is the value that is expected of the attribute - -## Properties - -- `compiler_info`, `error_log_path`, `http_client_body_temp_path`, `http_fastcgi_temp_path`, `http_log_path`, `http_proxy_temp_path`, `http_scgi_temp_path`, `http_uwsgi_temp_path`, `lock_path`, `modules`, `modules_path`, `openssl_version`, `prefix`, `sbin_path`, `service`, `support_info`, `version` - -## Property Examples - -### version(String) - -`version` returns a string of the version of the running nginx instance - - describe nginx do - its('version') { should eq '1.12.0' } - end - -### modules(String) - -`modules` returns a array modules in the running nginx instance - - describe nginx do - its('modules') { should include 'my_module' } - end - -### openssl_version(Hash) - -`openssl_version` returns a hash with 'version' and 'date' as keys - - describe nginx do - its('openssl_version.date') { should eq '11 Feb 2013' } - end - -### compiler_info(Hash) - -`compiler_info` returns a hash with 'compiler' , version' and 'date' as keys - - describe nginx do - its('compiler_info.compiler') { should eq 'gcc' } - end - -### support_info(String) - -`support_info` returns a string containing supported protocols - - describe nginx do - its('support_info') { should match /TLS/ } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nginx_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nginx_conf.md deleted file mode 100644 index 1e6dba3010..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/nginx_conf.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "nginx_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "nginx_conf" - identifier = "inspec/resources/os/nginx_conf.md nginx_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `nginx_conf` Chef InSpec resource to test configuration data for the NGINX server located at `/etc/nginx/nginx.conf` on Linux and Unix platforms. - -**Stability: Experimental** - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.37.6 of InSpec. - -## Syntax - -An `nginx_conf` resource block declares the client NGINX configuration data to be tested: - - describe nginx_conf.params['pid'].flatten do - it { should cmp 'logs/nginx.pid' } - end - -where - -- `nginx_conf` is the resource to reference your NGINX configuration -- `params` accesses all its parameters -- `params['pid']` selects the `pid` entry from the global NGINX configuration -- `{ should cmp 'logs/nginx.pid' }` tests if the PID is set to `logs/nginx.pid` (via `cmp` matcher) - -Parameters can be accessed either via `params` or via the `its` syntax: - - describe nginx_conf do - its('pid') { should cmp 'logs/nginx.pid' } - end - -The `its` syntax allows for a more descriptive block and is available in the `nginx_conf`, `nginx_conf.http.entries`, and `nginx_conf.http.servers` resources. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Find a specific server - - servers = nginx_conf.servers - domain2 = servers.find { |s| s.params['server_name'].flatten.include? 'domain2.com' } - describe 'No server serves domain2' do - subject { domain2 } - it { should be_nil } - end - -### Test a raw parameter - - describe nginx_conf.params['worker_processes'].flatten do - it { should cmp 5 } - end - - # Or when using `its` syntax - describe nginx_conf do - its('worker_processes') { should cmp 5 } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### http - -Retrieves all `http` entries in the configuration file. - - nginx_conf.http - => nginx_conf /etc/nginx/nginx.conf, http entries - -It provides further access to all individual entries, servers, and locations. - - nginx_conf.http.entries - => [nginx_conf /etc/nginx/nginx.conf, http entry ...] - - nginx_conf.http.servers - => [nginx_conf /etc/nginx/nginx.conf, server entry ...] - - nginx_conf.http.locations - => [nginx_conf /etc/nginx/nginx.conf, location entry ...] - -You can access each of these from the array and inspect it further (see below). - -### servers - -Retrieve all `servers` entries in the configuration: - - # all servers across all configs aggregated: - nginx_conf.servers - => [nginx_conf /etc/nginx/nginx.conf, server entry ...] - - # servers that belong to a specific http entry: - nginx_conf.http.entries[0].servers - => [nginx_conf /etc/nginx/nginx.conf, server entry ...] - -Servers provide access to all their locations, parent http entry, and raw parameters: - - server = nginx_conf.servers[0] - - server.locations - => [nginx_conf /etc/nginx/nginx.conf, location entry ...] - - server.parent - => nginx_conf /etc/nginx/nginx.conf, http entry - - server.params - => {"listen"=>[["85"]], - "server_name"=>[["domain1.com", "www.domain1.com"]], - "root"=>[["html"]], - "location"=>[{"_"=>["~", "\\.php$"], "fastcgi_pass"=>[["127.0.0.1:1025"]]}]} - -### locations - -Retrieve all `location` entries in the configuration: - - # all locations across all configs aggregated: - nginx_conf.locations - => [nginx_conf /etc/nginx/nginx.conf, location entry ...] - - # locations of a http entry aggregated: - nginx_conf.http.entries[0].locations - => [nginx_conf /etc/nginx/nginx.conf, location entry ...] - - # locations of a specific server: - nginx_conf.servers[0].locations - => [nginx_conf /etc/nginx/nginx.conf, location entry ...] - -Locations provide access to their parent server entry and raw parameters: - - location = nginx_conf.locations[0] - - location.parent - => nginx_conf /etc/nginx/nginx.conf, server entry - - location.params - => {"_"=>["~", "\\.php$"], "fastcgi_pass"=>[["127.0.0.1:1025"]]} - -### configuration file path - -If the NGINX configuration file is not located at the default path, `/etc/nginx/nginx.conf`, the path can specified as the first parameter of the describe block: - - describe nginx_conf('/opt/nginx/nginx.conf').params['pid'] do - it { should cmp 'logs/nginx.pid' } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/npm.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/npm.md deleted file mode 100644 index de798e0ed3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/npm.md +++ /dev/null @@ -1,80 +0,0 @@ -+++ -title = "npm resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "npm" - identifier = "inspec/resources/os/npm.md npm resource" - parent = "inspec/resources/os" -+++ - -Use the `npm` Chef InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for [Node.js packages](https://docs.npmjs.com), such as Bower and StatsD. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `npm` resource block declares a package and (optionally) a package version: - - describe npm('npm_package_name') do - it { should be_installed } - end - -where - -- `('npm_package_name')` must specify an NPM package, such as `'bower'` or `'statsd'` -- `be_installed` is a valid matcher for this resource - -You can also specify additional options: - - describe npm('npm_package_name', path: '/path/to/project') do - it { should be_installed } - end - -The `path` specifies a folder, that contains a `node_modules` subdirectory. It emulates running `npm` inside the specified folder. This way you can inspect local NPM installations as well as global ones. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Verify that bower is installed, with a specific version - - describe npm('bower') do - it { should be_installed } - its('version') { should eq '1.4.1' } - end - -### Verify that statsd is not installed - - describe npm('statsd') do - it { should_not be_installed } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named Gem package and package version (if specified) is installed: - - it { should be_installed } - -### version - -The `version` matcher tests if the named package version is on the system: - - its('version') { should eq '1.2.3' } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ntp_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ntp_conf.md deleted file mode 100644 index 18969486c7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ntp_conf.md +++ /dev/null @@ -1,68 +0,0 @@ -+++ -title = "ntp_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "ntp_conf" - identifier = "inspec/resources/os/ntp_conf.md ntp_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `ntp_conf` Chef InSpec audit resource to test the synchronization settings defined in the `ntp.conf` file. This file is typically located at `/etc/ntp.conf`. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `ntp_conf` resource block declares the synchronization settings that should be tested: - - describe ntp_conf('path') do - its('setting_name') { should eq 'value' } - end - -where - -- `'setting_name'` is a synchronization setting defined in the `ntp.conf` file -- `('path')` is the non-default path to the `ntp.conf` file -- `{ should eq 'value' }` is the value that is expected - -## Properties - -This resource supports any of the settings listed in an `ntp.conf` file as properties. - -## Examples - -The following examples show how to use this Chef InSpec audit resource - - describe ntp_conf do - its('server') { should_not eq nil } - its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'} - end - -### Test for clock drift against named servers - - describe ntp_conf do - its('driftfile') { should eq '/var/lib/ntp/ntp.drift' } - its('server') do - should eq [ - '0.ubuntu.pool.ntp.org', - '1.ubuntu.pool.ntp.org', - '2.ubuntu.pool.ntp.org' - ] - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oneget.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oneget.md deleted file mode 100644 index e499590ba5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oneget.md +++ /dev/null @@ -1,68 +0,0 @@ -+++ -title = "oneget resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "oneget" - identifier = "inspec/resources/os/oneget.md oneget resource" - parent = "inspec/resources/os" -+++ - -Use the `oneget` Chef InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses Oneget, which is `part of the Windows Management Framework 5.0 and Windows 10 `. This resource uses the `Get-Package` cmdlet to return all of the package names in the Oneget repository. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `oneget` resource block declares a package and (optionally) a package version: - - describe oneget('name') do - it { should be_installed } - end - -where - -- `('name')` must specify the name of a package, such as `'VLC'` -- `be_installed` is a valid matcher for this resource - -## Properties - -### version - -The `version` property tests if the named package version is on the system: - - its('version') { should eq '1.2.3' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if VLC is installed - - describe oneget('VLC') do - it { should be_installed } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named package is installed on the system: - - it { should be_installed } - diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/opa_api.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/opa_api.md deleted file mode 100644 index 3801a999c3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/opa_api.md +++ /dev/null @@ -1,76 +0,0 @@ -+++ -title = "opa_api resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "opa_api" - identifier = "inspec/resources/os/opa_api.md opa_api resource" - parent = "inspec/resources/os" -+++ - -Use the `opa_api` Chef InSpec audit resource to query Open Policy Agent (OPA) using the OPA URL and data. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -An `opa_api` resource block declares OPA policy configurations that can be tested. - - describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do - its(["result"]) { should eq 'value' } - end - -where - -- `'url'` specifies the url of the OPA server on which OPA is running. -- `'data'` specifies the json formatted data or json file. -- `its(["returned_result"]) { should eq 'expected_result' }` compares the results of the query against the expected result in the test. - -## parameters - -The `opa_api` resource InSpec resource requires a `url` and `data` as a JSON file or a string in JSON format. - -### `url` _(required)_ - -The URL of the OPA API server. - -### `data` _(required)_ - -An OPA query as a JSON data file or a string in JSON format. - -## Properties - -### result - -The `result` property checks whether the resource query returns an empty result. - - its('result') { should be nil } - -### allow - -The `allow` property checks if a specific input matches the policy defined in OPA. This matcher will not work if `allow` is not defined in the policy file. - - its('allow') { should eq 'value' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - - describe opa_api(url: "localhost:8181/v1/data/example/allow", data: "input.json") do - its("result") { shoule_not be nil } - its(["result"]) { should eq true } - its("allow") { should eq "true" } - end - -The above example shows how the `allow` value can be fetched in two ways. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/opa_cli.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/opa_cli.md deleted file mode 100644 index 771f90174c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/opa_cli.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "opa_cli resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "opa_cli" - identifier = "inspec/resources/os/opa_cli.md opa_cli resource" - parent = "inspec/resources/os" -+++ - -Use the `opa_cli` Chef InSpec audit resource to query Open Policy Agent (OPA) using an OPA policy file, a data file, and a query. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -An `opa_cli` resource block declares OPA policy configurations that can be tested. - - describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do - its(["result"]) { should eq "value" } - end - -where - -- `data` specifies the json formatted input data or file path. -- `policy` the path to policy file. -- `query` specifies the query to be run. -- `its(["result"]) { should eq "value" }` compares the results of the query against the expected result in the test - -## parameters - -The `opa_cli` resource InSpec resource accepts `policy`, `data`, `query`, and `opa_executable_path` as parameters. - -### `policy` _(required)_ - -The path to the OPA policy file. - -### `data` _(required)_ - -An OPA query as a JSON data file or a string in JSON format. - -### `query` _(required)_ - -The query to be evaluated against policy and input data. - -### `opa_executable_path` - -This is the full path to the OPA binary or EXE file used for running the OPA CLI or OPA commands. By default it will consider that the path is added in PATH variable. - -## Properties - -### result - -The `result` property checks whether the resource query returns an empty result. - - its('result') { should be nil } - -### allow - -The `allow` property checks if specific input matches the policy defined in OPA. This matcher will not work if `allow` is not defined in the policy file. - - its('allow') { should eq 'value' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource: - - describe opa_cli(query: "data.example.allow", policy: "example.rego", data: "input.json", opa_executable_path: "./opa") do - its("result") { shoule_not be nil } - its(["result", 0, "expressions", 0, "value"]) { should eq true } - its("allow") { should eq "true" } - end - -The above example shows how the `allow` value can be fetched in two ways. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_conf.md deleted file mode 100644 index 4ff32248ea..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_conf.md +++ /dev/null @@ -1,49 +0,0 @@ -+++ -title = "oracledb_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "oracledb_conf" - identifier = "inspec/resources/os/oracledb_conf.md oracledb_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `oracledb_conf` Chef InSpec audit resource to test the Oracle system parameters. - -## Installation - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Requirements - -You must have access to a database user with `DBA` role. - -## Syntax - -A `oracledb_conf` resource block declares user and password to use. It fetches system parameters which are defined in the `V$SYSTEM_PARAMETER` database view, and then compares those parameters to the values stated in the test: - - describe oracledb_conf(user: 'USER', password: 'PASSWORD') do - its("config item") { should cmp "value" } - end - -### Optional Parameters - -`oracledb_conf` is based on `oracledb_session`, and accepts all parameters that `oracledb_session` accepts. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test parameters set within the database view - - describe oracledb_conf(user: 'USER', password: 'PASSWORD') do - its("audit_sys_operations") { should cmp "true" } - its("sql92_security") { should cmp "true" } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_listener_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_listener_conf.md deleted file mode 100644 index a044dc8120..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_listener_conf.md +++ /dev/null @@ -1,46 +0,0 @@ -+++ -title = "oracledb_listener_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "oracledb_listener_conf" - identifier = "inspec/resources/os/oracledb_listener_conf.md oracledb_listener_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `oracledb_listener_conf` Chef InSpec audit resource to test the listeners settings of Oracle DB, typically located at `$ORACLE_HOME/network/admin/listener.ora` or `$ORACLE_HOME\network\admin\listener.ora` depending upon the platform. - -## Installation - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Requirements - -- You must have sufficient permission to access listener settings defined in `listener.ora` file. -- Value for environment variable `ORACLE_HOME` should be set in the system. - -## Syntax - -A `oracledb_listener_conf` resource block fetches listeners settings in the `listener.ora` file, and then compares them with the value stated in the test: - - describe oracledb_listener_conf do - its('config item') { should eq 'value' } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test parameters set within the listener file - - describe oracledb_listener_conf do - its('DEFAULT_SERVICE_LISTENER') { should eq 'XE' } - its('EM_EXPRESS_PORT') { should eq '5500' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_session.md deleted file mode 100644 index e6c40c6c9e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/oracledb_session.md +++ /dev/null @@ -1,107 +0,0 @@ -+++ -title = "oracledb_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "oracledb_session" - identifier = "inspec/resources/os/oracledb_session.md oracledb_session resource" - parent = "inspec/resources/os" -+++ - -Use the `oracledb_session` Chef InSpec audit resource to test SQL commands run against a Oracle database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `oracledb_session` resource block declares the username and PASSWORD to use for the session with an optional service to connect to, and then the command to be run: - - describe oracledb_session(user: 'username', PASSWORD: 'PASSWORD', service: 'ORCL.localdomain').query('QUERY').row(0).column('result') do - its('value') { should eq('') } - end - -where - -- `oracledb_session` declares a username and PASSWORD with permission to run the query (required), and an optional parameters for host (default: `localhost`), system identifier (SID) (default: `nil`), which uses the default SID, and path to the sqlplus binary (default: `sqlplus`). -- it is possible to run queries as sysdba/sysoper by using `as_db_role option`, see examples -- SQLcl can be used in place of sqlplus. Use the `sqlcl_bin` option to set the sqlcl binary path instead of `sqlplus_bin`. -- `query('QUERY')` contains the query to be run -- `its('value') { should eq('') }` compares the results of the query against the expected result in the test - -## oracledb_session(...).query method Properties - -- rows the query result as array of hashes -- row(number) selected row from query result, where number is just a row number in the query result -- column(name) array with values from selected column - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for matching databases - - sql = oracledb_session(user: 'USERNAME', pass: 'PASSWORD') - - describe sql.query('SELECT NAME AS VALUE FROM v$database;').row(0).column('value') do - its('value') { should cmp 'ORCL' } - end - -### Test for matching databases with custom host, SID and sqlplus binary location - - sql = oracledb_session(user: 'USERNAME', pass: 'PASSWORD', host: 'ORACLE_HOST', sid: 'ORACLE_SID', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus') - - describe sql.query('SELECT NAME FROM v$database;').row(0).column('name') do - its('value') { should cmp 'ORCL' } - end - -### Test for table contains a specified value in any row for the given column name - - sql = oracledb_session(user: 'USERNAME', pass: 'PASSWORD', service: 'ORACLE_SID') - - describe sql.query('SELECT * FROM my_table;').column('COLUMN') do - it { should include 'my_value' } - end - -### Test tablespace exists as sysdba - - The check will change user (with su) to specified user and run 'sqlplus / as sysdba' (sysoper, sysasm) - - sql = oracledb_session(as_os_user: 'oracle', as_db_role: 'sysdba', service: 'ORACLE_SID') - - describe sql.query('SELECT tablespace_name AS name FROM dba_tablespaces;').column('name') do - it { should include 'TABLE_SPACE' } - end - NOTE: option `as_os_user` available only on unix-like systems and not supported on Windows. Also this option requires that you are running inspec as `root` or with `--sudo` - -### Test number of rows in the query result - - sql = oracledb_session(user: 'USERNAME', pass: 'PASSWORD') - - describe sql.query('SELECT * FROM my_table;').rows do - its('count') { should eq 20 } - end - -### Use data out of (remote) DB query to build other tests - - sql = oracledb_session(user: 'USERNAME', pass: 'PASSWORD', host: 'my.remote.db', service: 'ORACLE_SID') - - sql.query('SELECT * FROM files;').rows.each do |file_row| - describe file(file_row['path']) do - its('owner') { should eq file_row['owner']} - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/os.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/os.md deleted file mode 100644 index 1b7cba0f0c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/os.md +++ /dev/null @@ -1,156 +0,0 @@ -+++ -title = "os resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "os" - identifier = "inspec/resources/os/os.md os resource" - parent = "inspec/resources/os" -+++ - -Use the `os` Chef InSpec audit resource to test the platform on which the system is running. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `os` resource block declares the platform to be tested. The platform may specified via matcher or control block name. For example, using a matcher: - - describe os.family do - it { should eq 'platform_family_name' } - end - -- `'platform_family_name'` (a string) is one of `aix`, `bsd`, `darwin`, `debian`, `hpux`, `linux`, `redhat`, `solaris`, `suse`, `unix`, or `windows` - -The parameters available to `os` are: - -- `:name` - the operating system name, such as `centos` -- `:family` - the operating system family, such as `redhat` -- `:release` - the version of the operating system, such as `7.3.1611` -- `:arch` - the architecture of the operating system, such as `x86_64` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for RedHat - - describe os.family do - it { should eq 'redhat' } - end - -### Test for Ubuntu - - describe os.family do - it { should eq 'debian' } - end - -### Test for Microsoft Windows - - describe os.family do - it { should eq 'windows' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### os.family? Helpers - -The `os` audit resource includes a collection of helpers that enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific helpers to test for specific platforms: - -- `aix?` -- `bsd?` (including Darwin, FreeBSD, NetBSD, and OpenBSD) -- `darwin?` -- `debian?` -- `hpux?` -- `linux?` (including Alpine Linux, Amazon Linux, ArchLinux, CoreOS, Exherbo, Fedora, Gentoo, and Slackware) -- `redhat?` (including CentOS) -- `solaris?` (including Nexenta Core, OmniOS, Open Indiana, Solaris Open, and SmartOS) -- `suse?` -- `unix?` -- `windows?` - -For example, to test for Darwin use: - - describe os.bsd? do - it { should eq true } - end - -To test for Windows use: - - describe os.windows? do - it { should eq true } - end - -and to test for Redhat use: - - describe os.redhat? do - it { should eq true } - end - -Use the following helpers to test for operating system names, releases, and architectures: - - describe os.name do - it { should eq 'foo' } - end - - describe os.release do - it { should eq 'foo' } - end - - describe os.arch do - it { should eq 'foo' } - end - -### os.family names - -Use `os.family` to enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific names to test for specific platforms: - -- `aix` -- `bsd` For platforms that are part of the Berkeley OS family `darwin`, `freebsd`, `netbsd`, and `openbsd`. -- `debian` -- `hpux` -- `linux`. For platforms that are part of the Linux family `alpine`, `amazon`, `arch`, `coreos`, `exherbo`, `fedora`, `gentoo`, and `slackware`. -- `redhat`. For platforms that are part of the Redhat family `centos`. -- `solaris`. For platforms that are part of the Solaris family `nexentacore`, `omnios`, `openindiana`, `opensolaris`, and `smartos`. -- `suse` -- `unix` -- `windows` - -For example, both of the following tests should have the same result: - -```ruby -if os.family == 'debian' - describe port(69) do - its('processes') { should include 'in.tftpd' } - end -elsif os.family == 'redhat' - describe port(69) do - its('processes') { should include 'xinetd' } - end -end - -if os.debian? - describe port(69) do - its('processes') { should include 'in.tftpd' } - end -elsif os.redhat? - describe port(69) do - its('processes') { should include 'xinetd' } - end -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/os_env.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/os_env.md deleted file mode 100644 index 4f1827e81d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/os_env.md +++ /dev/null @@ -1,103 +0,0 @@ -+++ -title = "os_env resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "os_env" - identifier = "inspec/resources/os/os_env.md os_env resource" - parent = "inspec/resources/os" -+++ - -Use the `os_env` Chef InSpec audit resource to test the environment variables for the platform on which the system is running. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `os_env` resource block declares an environment variable, and then declares its value: - - describe os_env('VARIABLE') do - its('property') { should eq 1 } - end - -where - -- `('VARIABLE')` must specify an environment variable, such as `PATH` -- `matcher` is a valid matcher for this resource - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the PATH environment variable - - describe os_env('PATH') do - its('split') { should_not include('') } - its('split') { should_not include('.') } - end - -### Test the Path environment variable by specifying the target Environment (Windows) - -On windows a User's environment variable may obscure the local machine (system) environment variable. The correct environment variable may be tested as follows: - - describe os_env('PATH', 'target') do - its('split') { should_not include('') } - its('split') { should_not include('.') } - end - -where - -- `'target'` may be either `system` or `user` - -### Test Chef Habitat environment variables - -Chef Habitat uses the `os_env` resource to test environment variables. The environment variables are first defined in a whitespace array, after which each environment variable is tested: - - hab_env_vars = %w(HAB_AUTH_TOKEN - HAB_CACHE_KEY_PATH - HAB_DEPOT_URL - HAB_ORG - HAB_ORIGIN - HAB_ORIGIN_KEYS - HAB_RING - HAB_RING_KEY - HAB_STUDIOS_HOME - HAB_STUDIO_ROOT - HAB_USER) - - hab_env_vars.each do |e| - describe os_env(e) do - its('content') { should eq nil } - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### content - -The `content` matcher return the value of the environment variable: - - its('content') { should eq '/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin' } - -### split - -The `split` matcher splits the value of the environment variable with the `:` deliminator (use the `;` deliminator if Windows): - - its('split') { should include ('/usr/bin') } - -Note: the `split` matcher returns an array including `""` for cases where there is a trailing colon (`:`), such as `dir1::dir2:` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/package.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/package.md deleted file mode 100644 index 81e74aeb4f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/package.md +++ /dev/null @@ -1,143 +0,0 @@ -+++ -title = "package resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "package" - identifier = "inspec/resources/os/package.md package resource" - parent = "inspec/resources/os" -+++ - -Use the `package` Chef InSpec audit resource to test if the named package and/or package version is installed on the system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `package` resource block declares a package and (optionally) a package version: - - describe package('name') do - it { should be_installed } - end - -where - -- `('name')` must specify the name of a package, such as `'nginx'` -- `be_installed` is a valid matcher for this resource - -## Properties - -### version - -The `version` property tests if the named package version is on the system: - - its('version') { should eq '1.2.3' } - -You can also use the `cmp` matcher to perform comparisons using the version attribute: - - its('version') { should cmp >= '7.35.0-1ubuntu3.10' } - -`cmp` understands version numbers using Gem::Version, and can use the operators `==, <, <=, >=, and >`. It will compare versions by each segment, not as a string - so '7.4' is smaller than '7.30', for example. - - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if NGINX version 1.9.5 is installed - - describe package('nginx') do - it { should be_installed } - its('version') { should eq '1.9.5' } - end - -### Test that a package is not installed - - describe package('some_package') do - it { should_not be_installed } - end - -### Test that telnet is not installed - - describe package('telnetd') do - it { should_not be_installed } - end - - describe inetd_conf do - its('telnet') { should eq nil } - end - -### Test if ClamAV (an antivirus engine) is installed, latest and running - - describe package('clamav') do - it { should be_installed } - its('version') { should eq '0.98.7' } - end - - describe service('clamd') do - it { should be_enabled } - it { should be_installed } - it { should be_latest } - it { should be_running } - end - -### Verify if a package is installed according to my rpm database - - describe package('some_package', rpm_dbpath: '/var/lib/my_rpmdb') do - it { should be_installed } - end - -### Verify if Memcached is installed, latest, enabled, and running - -Memcached is an in-memory key-value store that helps improve the performance of database-driven websites and can be installed, maintained, and tested using the `memcached` cookbook (maintained by Chef). The following example is from the `memcached` cookbook and shows how to use a combination of the `package`, `service`, and `port` Chef InSpec audit resources to test if Memcached is installed, enabled, and running: - - describe package('memcached') do - it { should be_installed } - end - - describe service('memcached') do - it { should be_installed } - it { should be_latest } - it { should be_enabled } - it { should be_running } - end - - describe port(11_211) do - it { should be_listening } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_held - -The `be_held` matcher tests if the named package is "held". On dpkg platforms, a "held" package -will not be upgraded to a later version. - - it { should be_held } - -### be_installed - -The `be_installed` matcher tests if the named package is installed on the system: - - it { should be_installed } - -### be_latest - -The `be_latest` matcher tests if the named installed package is latest on the system. It is not supported in Oracle Solaris, IBM AIX and HP UX operating systems. - - it { should be_latest } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/packages.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/packages.md deleted file mode 100644 index b2bbac397c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/packages.md +++ /dev/null @@ -1,79 +0,0 @@ -+++ -title = "packages resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "packages" - identifier = "inspec/resources/os/packages.md packages resource" - parent = "inspec/resources/os" -+++ - -Use the `packages` Chef InSpec audit resource to test the properties of multiple packages on the system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.51.15 of InSpec. - -## Syntax - -A `packages` resource block declares a regular expression search to select packages - - describe packages(/name/) do - its('statuses') { should cmp 'installed' } - end - -## Properties - -### statuses - -The `statuses` property tests if packages are installed on the system: - - its('statuses') { should cmp 'installed' } - -### versions - -The `versions` property tests the versions of the packages installed on the system - - its('versions') { should cmp '3.4.0.2-4.el7' } - -### architectures - -The `architectures` property tests the architecture of packages installed on the system - - its('architectures') { should include 'i686' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Verify that no `xserver` packages are installed - - describe packages(/xserver/) do - its('statuses') { should_not cmp 'installed' } - end - -### Verify all `openssl` packages match a certain version - - describe packages(/openssl/) do - its('versions') { should cmp '1.0.1e-42.el7' } - end - -### Verify that both the `i686` and `x86_64` versions of `libgcc` are installed - - describe packages(/libgcc/) do - its('architectures') { should include 'x86_64' } - its('architectures') { should include 'i686' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/parse_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/parse_config.md deleted file mode 100644 index 7f24fd1fbf..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/parse_config.md +++ /dev/null @@ -1,135 +0,0 @@ -+++ -title = "parse_config resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "parse_config" - identifier = "inspec/resources/os/parse_config.md parse_config resource" - parent = "inspec/resources/os" -+++ - -Use the `parse_config` Chef InSpec audit resource to test arbitrary configuration files. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `parse_config` resource block declares the location of the configuration setting to be tested, and then what value is to be tested. Because this resource relies on arbitrary configuration files, the test itself is often arbitrary and relies on custom Ruby code: - - output = command('some-command').stdout - - describe parse_config(output, { data_config_option: value } ) do - its('setting') { should eq 1 } - end - -or: - - audit = command('/sbin/auditctl -l').stdout - options = { - assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/, - multiple_values: true - } - - describe parse_config(audit, options) do - its('setting') { should eq 1 } - end - -where each test - -- Must declare the location of the configuration file to be tested -- Must declare one (or more) settings to be tested -- May run a command to `stdout`, and then run the test against that output -- May use options to define how configuration data is to be parsed - -## Options - -This resource supports multiple options to parse configuration data. Use the options in an `options` block stated outside of (and immediately before) the actual test. For example: - - options = { - assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/, - multiple_values: true - } - - output = command('some-command').stdout - - describe parse_config(output, options) do - its('setting') { should eq 1 } - end - -### assignment_regex - -Use `assignment_regex` to test a key value using a regular expression: - - 'key = value' - -may be tested using the following regular expression, which determines assignment from key to value: - - assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/ - -### comment_char - -Use `comment_char` to test for comments in a configuration file: - - comment_char: '#' - -### key_values - -Use `key_values` to test how many values a key contains: - - key = a b c - -contains three values. To test that value to ensure it only contains one, use: - - key_values: 1 - -### multiple_values - -Use `multiple_values` if the source file uses the same key multiple times. All values will be aggregated in an array: - - # # file structure: - # key = a - # key = b - # key2 = c - params['key'] = ['a', 'b'] - params['key2'] = ['c'] - -To use plain key value mapping, use `multiple_values: false`: - - # # file structure: - # key = a - # key = b - # key2 = c - params['key'] = 'b' - params['key2'] = 'c' - -### standalone_comments - -Use `standalone_comments` to parse comments as a line, otherwise inline comments are allowed: - - 'key = value # comment' - params['key'] = 'value # comment' - -Use `standalone_comments: false`, to parse the following: - - 'key = value # comment' - params['key'] = 'value' - - -## Examples - -This resource is based on the `parse_config_file` resource. See the [`parse_config_file`](/inspec/resources/parse_config_file) resource for examples. - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/parse_config_file.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/parse_config_file.md deleted file mode 100644 index 5b7e41f2e2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/parse_config_file.md +++ /dev/null @@ -1,161 +0,0 @@ -+++ -title = "parse_config_file resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "parse_config_file" - identifier = "inspec/resources/os/parse_config_file.md parse_config_file resource" - parent = "inspec/resources/os" -+++ - -Use the `parse_config_file` Chef InSpec audit resource to test arbitrary configuration files. It works in the same way as `parse_config`. Instead of using a command output, this resource works with files. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `parse_config_file` Chef InSpec audit resource block declares the location of the configuration file to be tested, and then which settings in that file are to be tested. - - describe parse_config_file('/path/to/file', { data_config_option: value } ) do - its('setting') { should eq 1 } - end - -or: - - options = { - assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/, - multiple_values: true - } - - describe parse_config_file('path/to/file', options) do - its('setting') { should eq 1 } - end - -where each test - -- Must declare the location of the configuration file to be tested -- Must declare one (or more) settings to be tested -- May run a command to `stdout`, and then run the test against that output -- May use options to define how configuration data is to be parsed - -### Option Names Containing Periods - -A possible behavior may occur when attempting to access option names containing periods with `its()`. There are two ways to work around it: - -* Access the option by using the `params` attribute of the returned resource object -* Since 4.24.5, `its` can be used by passing the option name in a single-element array. See the `parse config file` examples. - -## Options - -This resource supports multiple options to parse configuration data. Use the options in an `options` block stated outside of (and immediately before) the actual test. For example: - - options = { - assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/, - multiple_values: true - } - describe parse_config_file('path/to/file', options) do - its('setting') { should eq 1 } - end - -### assignment_regex - -Use `assignment_regex` to test a key value using a regular expression: - - 'key = value' - -may be tested using the following regular expression, which determines assignment from key to value: - - assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/ - -### comment_char - -Use `comment_char` to test for comments in a configuration file: - - comment_char: '#' - -### key_values - -Use `key_values` to test how many values a key contains: - - key = a b c - -contains three values. To test that value to ensure it only contains one, use: - - key_values: 1 - -### multiple_values - -Use `multiple_values` if the source file uses the same key multiple times. All values will be aggregated in an array: - - # # file structure: - # key = a - # key = b - # key2 = c - params['key'] = ['a', 'b'] - params['key2'] = ['c'] - -To use plain key value mapping, use `multiple_values: false`: - - # # file structure: - # key = a - # key = b - # key2 = c - params['key'] = 'b' - params['key2'] = 'c' - -### standalone_comments - -Use `standalone_comments` to parse comments as a line, otherwise inline comments are allowed: - - 'key = value # comment' - params['key'] = 'value # comment' - -Use `standalone_comments: false`, to parse the following: - - 'key = value # comment' - params['key'] = 'value' - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test A Configuration Setting - - describe parse_config_file('/path/to/file.conf') do - its('PARAM_X') { should eq 'Y' } - end - -### Use Options And Then Test A Configuration Setting - - describe parse_config_file('/path/to/file.conf', { multiple_values: true }) do - its('PARAM_X') { should include 'Y' } - end - -### Test A File With An INI File Structure - -`yum.conf` is one example of an INI file structure type. - - describe parse_config_file('/path/to/yum.conf') do - its('main') { should include('gpgcheck' => '1') } - end - -### Test A Configuration Setting Containing Periods - - describe parse_config_file('/etc/sysctl.conf') do - its(['kernel.domainname']) { should eq 'example.com' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/passwd.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/passwd.md deleted file mode 100644 index 4967aab869..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/passwd.md +++ /dev/null @@ -1,153 +0,0 @@ -+++ -title = "passwd resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "passwd" - identifier = "inspec/resources/os/passwd.md passwd resource" - parent = "inspec/resources/os" -+++ - -Use the `passwd` Chef InSpec audit resource to test the contents of `/etc/passwd`, which contains the following information for users that may log into the system and/or as users that own running processes. The format for `/etc/passwd` includes: - -- A username -- The password for that user (on newer systems passwords should be stored in `/etc/shadow` ) -- The user identifier (UID) assigned to that user -- The group identifier (GID) assigned to that user -- Additional information about that user -- That user's home directory -- That user's default command shell - -These entries are defined as a colon-delimited row in the file, one row per user: - - root:x:1234:5678:additional_info:/home/dir/:/bin/bash - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `passwd` resource block declares one (or more) users and associated user information to be tested: - - describe passwd do - its('users') { should_not include 'forbidden_user' } - end - - describe passwd.uids(filter) do - its('users') { should cmp 'root' } - its('count') { should eq 1 } - end - -where - -- `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd` -- `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering -- `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries) - -## Properties - -### gids - -The `gids` property tests if the group identifiers in the test match group identifiers in `/etc/passwd`: - - its('gids') { should include 1234 } - its('gids') { should cmp 0 } - -### homes - -The `homes` property tests the absolute path to a user's home directory: - - its('home') { should eq '/' } - -### length - -The `length` property tests the length of a password that appears in `/etc/passwd`: - - its('length') { should be <= 32 } - -This matcher is best used in conjunction with filters. For example: - - describe passwd.users('highlander') do - its('length') { should_not be < 16 } - end - -### passwords - -The `passwords` property tests if passwords are - -- Encrypted -- Have direct logins disabled, as indicated by an asterisk (`*`) -- In the `/etc/shadow` file, as indicated by the letter x (`x`) - -For example: - - its('passwords') { should eq ['x'] } - its('passwords') { should cmp '*' } - -### shells - -The `shells` property tests the absolute path of a shell (or command) to which a user has access: - - its('shells') { should_not include 'user' } - -or to find all users with the nologin shell: - - describe passwd.shells(/nologin/) do - its('users') { should_not include 'my_login_user' } - end - -### uids - -The `uids` property tests if the user identifiers in the test match user identifiers in `/etc/passwd`: - - its('uids') { should eq ['1234', '1235'] } - -or: - - describe passwd.uids(0) do - its('users') { should cmp 'root' } - its('count') { should eq 1 } - end - -### users - -The `users` property tests if the user names in the test match user names in `/etc/passwd`: - - its('users') { should eq ['root', 'www-data'] } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test usernames and UIDs - - describe passwd do - its('users') { should eq ['root', 'www-data'] } - its('uids') { should eq [0, 33] } - end - -### Select one user and test for multiple occurrences - - describe passwd.uids(0) do - its('users') { should cmp 'root' } - its('count') { should eq 1 } - end - - describe passwd.where { user == 'www-data' } do - its('uids') { should cmp 33 } - its('count') { should eq 1 } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/php_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/php_config.md deleted file mode 100644 index 2f4574be6a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/php_config.md +++ /dev/null @@ -1,73 +0,0 @@ -+++ -title = "php_config resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "php_config" - identifier = "inspec/resources/os/php_config.md php_config resource" - parent = "inspec/resources/os" -+++ - -Use the `php_config` Chef InSpec audit resource to test the PHP configuration parameters from the default `php.ini` file or a custom *php* file. - -## Availability - -### Install - -The Chef InSpec distributes This resource. - -## Syntax - -A `php_config` Chef InSpec audit resource allows to test PHP configuration parameters from the default `php.ini` or a custom *php* file. The custom configuration file path is provided in a hash format with `ini` as the key and path as the value. - -```ruby - describe php_config("config_param") do - its("value") { should eq "VALUE" } - end - - describe php_config("config_param", { "ini" => "path_to_ini_file" }) do - its("value") { should eq "VALUE" } - end -``` - -> where -> -> - `config_param` is a valid parameter of php configuration. -> - `value` is a property of this resource. -> - `some_value` is the value of the specified `config_param`. -> - `path_to_ini_file` is the path for custom php configuration file. - -## Properties - -The property of this resource is `value`. - -### value - -The value property fetches the provided configuration parameter value from the default `php.ini` file or a custom `php` file. - -```ruby - its("value") { should eq "VALUE" } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Fetch the configuration parameter value from the default configuration file - -```ruby - describe php_config("default_mimetype") do - its("value") { should eq "text/html" } - end -``` - -### Fetch the configuration parameter value from a custom configuration file - -```ruby - describe php_config("default_mimetype", { "ini" => "/etc/php/7.4/cli/php.ini" }) do - its("value") { should eq "text/html" } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/pip.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/pip.md deleted file mode 100644 index 69f9e5b050..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/pip.md +++ /dev/null @@ -1,82 +0,0 @@ -+++ -title = "pip resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "pip" - identifier = "inspec/resources/os/pip.md pip resource" - parent = "inspec/resources/os" -+++ - -Use the `pip` Chef InSpec audit resource to test packages that are installed using the Python PIP installer. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `pip` resource block declares a package and (optionally) a package version: - - describe pip('package_name') do - it { should be_installed } - end - -where - -- `'package_name'` is the name of the package, such as `'Jinja2'` -- `be_installed` tests to see if the package described above is installed - -## Properties - -### version - -The `version` property tests if the named package version is on the system: - - its('version') { should eq '1.2.3' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if Jinja2 is installed on the system - - describe pip('Jinja2') do - it { should be_installed } - end - -### Test if Jinja2 2.8 is installed on the system - - describe pip('Jinja2') do - it { should be_installed } - its('version') { should eq '2.8' } - end - -### Test packages installed into a non-default location (e.g. virtualenv) by passing a custom path to pip executable - - describe pip('Jinja2', '/path/to/bin/pip') do - it { should be_installed } - its('version') { should eq '2.8' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named package is installed on the system: - - it { should be_installed } - diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman.md deleted file mode 100644 index 7a2cc9a77e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman.md +++ /dev/null @@ -1,218 +0,0 @@ -+++ -title = "podman resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "podman" - identifier = "inspec/resources/os/podman.md podman resource" - parent = "inspec/resources/os" -+++ - -Use the `podman` Chef InSpec audit resource to test the configuration of Podman resources. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -Use the `podman` Chef InSpec audit resource to test multiple Podman containers. - -```ruby -describe podman.containers do - its('ids') { should include "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" } - its('images') { should include "docker.io/library/ubuntu:latest" } -end -``` - -Or, if you want to query a specific container: - -```ruby -describe podman.containers.where(id: "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7") do - its('status') { should include "Up 44 hours ago" } -end -``` - -where: - -- `.where()` specifies a specific item and value to which the resource parameters are compared. -- `commands`, `created_at`, `ids`, `images`, `names`, `status`, `image_ids`, `labels`, `mounts`, `networks`, `pods`, `ports`, `running_for`, and `sizes` are valid parameters for `containers`. - -You can also use the `podman` resource block to test many images. - -```ruby -describe podman.images do - its('repositories') { should_not include 'docker.io/library/nginx' } -end -``` - -Or, if you want to query a specific `image`: - -```ruby -describe podman.images.where(id: "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f") do - it { should exist } -end -``` - -where: - -- `.where()` specifies a specific filter and expected value, against which parameters are compared. -- `repositories`, `tags`, `sizes`, `digests`, `history`, `created_at`, `history`, and`created_since` are valid parameters for `images`. - -You can also use the `podman` resource block to test multiple networks. - -```ruby -describe podman.networks do - its("names") { should include "podman" } -end -``` - -Or, if you want to query a specific network: - -```ruby -describe podman.networks.where(id: "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f") do - it { should exist } -end -``` - -where: - -- `.where()` specifies a specific filter and expected value, against which parameters are compared. -- `ids`, `names`, `drivers`, `network_interfaces`, `created`, `subnets`, `ipv6_enabled`, `internal`, `dns_enabled`, `options`, `labels`, and `ipam_options` are valid parameters for `networks`. - -You can use the `podman` resource block to test many pods. - -```ruby -describe podman.pods do - its("names") { should include "cranky_allen" } -end -``` - -Or, if you want to query a specific pod: - -```ruby -describe podman.pods.where(id: "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc") do - it { should exist } -end -``` - -where: - -- `.where()` may specify a specific filter and expected value, against which parameters are compared. -- `ids`, `cgroups`, `containers`, `created`, `infraids`, `names`, `namespaces`, `networks`, `status`, and `labels` are valid parameters for `pods`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Returns all running containers - -```ruby -podman.containers.running?.ids.each do |id| - describe podman.object(id) do - its('State.Health.Status') { should eq 'healthy' } - end -end -``` - -## Resource Parameter Examples - -### containers - -`containers` returns information about containers as returned by [podman ps -a](https://docs.podman.io/en/latest/markdown/podman.1.html). - -```ruby -describe podman.containers do - its("ids") { should include "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" } - its("labels") { should include "maintainer" => "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" } - its('names') { should include "sweet_mendeleev" } - its("images") { should include "docker.io/library/nginx:latest" } -end -``` - -### images - -`images` returns information about a Podman image as returned by [podman images -a](https://docs.podman.io/en/latest/markdown/podman-images.1.html). - -```ruby -describe podman.images do - its('ids') { should include 'sha256:c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f ' } - its('sizes') { should_not include '80.3 GB' } - its('repositories") { should include "docker.io/library/nginx"} -end -``` - -### pods - -`pods` returns information about pods as returned by [podman pod ps](https://docs.podman.io/en/latest/markdown/podman-pod-ps.1.html). - -```ruby -describe podman.pods do - its("ids") { should include "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc" } - its("containers") { should eq [{ "Id" => "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2", "Names" => "95cadbb84df7-infra", "Status" => "running" } ]} - its("names") { should include "cranky_allen" } -end -``` - -### networks - -`networks` returns information about a Podman network as returned by [podman network ls](https://docs.podman.io/en/latest/markdown/podman-network-ls.1.html). - -```ruby -describe podman.networks do - its("names") { should include "podman" } - its("ids") { should include "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9" } - its("ipv6_enabled") { should eq [false] } -end -``` - -### volumes - -`volumes` returns information about a Podman volume as returned by [podman volume ls](https://docs.podman.io/en/latest/markdown/podman-volume-ls.1.html). - -```ruby -describe podman.volumes do - its('names') { should include 'ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a' } - its('drivers') { should include 'local' } -end -``` - -### info - -`info` returns the parsed result of [podman info](https://docs.podman.io/en/latest/markdown/podman-info.1.html). - -```ruby -describe podman.info do - its("host.os") { should eq "linux" } -end -``` - -### version - -`version` returns the parsed result of [podman version](https://docs.podman.io/en/latest/markdown/podman-version.1.html) - -```ruby -describe podman.version do - its("Client.Version") { should eq "4.1.0"} - its('Server.Version') { should eq '4.1.0'} -end -``` - -### object('id') - -`object` returns low-level information about Podman objects as returned by [podman inspect](https://docs.podman.io/en/latest/markdown/podman-inspect.1.html). - -```ruby -describe podman.object(id) do - its('State.Running') { should eq true } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_container.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_container.md deleted file mode 100644 index b6fc8714fb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_container.md +++ /dev/null @@ -1,150 +0,0 @@ -+++ -title = "podman_container resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "podman_container" - identifier = "inspec/resources/os/podman_container.md podman_container resource" - parent = "inspec/resources/os" -+++ - -Use the `podman_container` Chef InSpec audit resource to test the configuration of Podman containers. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -Use the `podman_container` Chef InSpec audit resource to test the properties of a Podman container. - -```ruby -describe podman_container("sweet_mendeleev") do - it { should exist } - it { should be_running } - its("id") { should eq "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" } - its("image") { should eq "docker.io/library/nginx:latest" } - its("labels") { should include "maintainer"=>"NGINX Docker Maintainers " } - its("ports") { should eq nil } -end -``` - -## Resource Parameter Examples - -### name - -The container name can be provided with the `name` resource parameter. - -```ruby -describe podman_container(name: 'an-echo-server') do - it { should exist } - it { should be_running } -end -``` - -### container ID - -Alternatively, you can pass the container ID. - -```ruby -describe podman_container(id: '71b5df59442b') do - it { should exist } - it { should be_running } -end -``` - -## Properties - -## Property Examples - -The following examples show how to use this Chef InSpec resource. - -### id - -The `id` property tests the container ID. - -```ruby -its('id') { should eq '71b5df59...442b' } -``` - -### image - -The `image` property tests the value of the container image. - -```ruby -its('image') { should eq 'docker.io/library/nginx:latest' } -``` - -### labels - -The `labels` property tests the value of container image labels. - -```ruby -its('labels') { should eq "maintainer" => "NGINX Docker Maintainers " } -``` - -### ports - -The `ports` property tests the value of the Podmans ports. - -```ruby -its('ports') { should eq '0.0.0.0:1234->1234/tcp' } -``` - -### command - -The `command` property tests the value of the container run command. - -```ruby -its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' } -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - The specific matchers of this resource are: `exist` and `be_running`. - -### exist - -The `exist` matcher specifies if the container exists. - -```ruby -it { should exist } -``` - -### be_running - -The `be_running` matcher checks if the container is running. - -```ruby -it { should be_running } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Ensures container exists - -The below test passes if the container `sweet_mendeleev` exists as part of the Podman instances. - -```ruby -describe podman_container('sweet_mendeleev') do - it { should exist } -end -``` - -### Ensures container is in running status - -The below test passes if the container `sweet_mendeleev` exists as part of the Podman instances and the status is running. - -```ruby -describe podman_container('sweet_mendeleev') do - it { should be_running } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_image.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_image.md deleted file mode 100644 index 9097d3f853..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_image.md +++ /dev/null @@ -1,191 +0,0 @@ -+++ -title = "podman_image resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "podman_image" - identifier = "inspec/resources/os/podman_image.md podman_image resource" - parent = "inspec/resources/os" -+++ - -Use the `podman_image` Chef InSpec audit resource to test the properties of a container image on Podman. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -Use the `podman_image` Chef InSpec audit resource to test the properties of a container image on Podman. - -```ruby -describe podman_image("docker.io/library/busybox") do - it { should exist } - its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" } - its("repo_tags") { should include "docker.io/library/busybox:latest" } - its("size") { should eq 1636053 } - its("os") { should eq "linux" } -end -``` - -where: - -- `id`, `repo_tags`, `size`, and `os` are properties of this resource to fetch the respective value of the container image. -- `exist` is a matcher of this resource. - -### Resource Parameter Examples - -The resource allows you to pass an image name. If the tag is missing for an image, `latest` is assumed as default. - -```ruby -describe podman_image("docker.io/library/busybox") do - it { should exist } -end -``` - -The resource allows you to pass the repository and tag values as separate values. - -```ruby -describe podman_image(repo: "docker.io/library/busybox", tag: "latest") do - it { should exist } -end -``` - -- The resource allows you to pass with an image ID. - -```ruby -describe podman_image(id: "8847e9bf6df8") do - it { should exist } -end -``` - -## Properties - -### id - -The `id` property returns the full image ID. - -```ruby -its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" } -``` - -### repo_tags - -The `repo_tags` property tests the value of the repository name. - -```ruby -its("repo_tags") { should include "docker.io/library/busybox:latest" } -``` - -### size - -The `size` property tests the size of the image in bytes - -```ruby -its("size") { should eq 1636053 } -``` - -### digest - -The `digest` property tests the value of the image digest. - -```ruby -its("digest") { should eq "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83" } -``` - -### created_at - -The `created_at` property tests the time of the image creation. - -```ruby -its("created_at") { should eq "2022-06-08T00:39:28.175020858Z" } -``` - -### version - -The `version` property tests the version of the image. - -```ruby -its("version") { should eq "20.10.12" } -``` - -### names_history - -The `names_history` property tests the names history of the image. - -```ruby -its("names_history") { should include "docker.io/library/busybox:latest" } -``` - -### repo_digests - -The `repo_digests` tests the digest of the repository of the given image. - -```ruby -its("repo_digests") { should include "docker.io/library/busybox@sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a" } -``` - -### architecture - -The `architecture` tests the architecture of the given image. - -```ruby -its("architecture") { should eq "arm64" } -``` - -### os - -The `os` property tests the operating system of the given image. - -```ruby -its("os") { should eq "linux" } -``` - -### virtual_size - -The `virtual_size` property tests the virtual size of the given image. - -```ruby -its("virtual_size") { should eq 1636053 } -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the image is available on Podman. - -```ruby -it { should exist } -``` - -## Examples - -### Test if an image exists on Podman and verify the various image properties - -```ruby -describe podman_image("docker.io/library/busybox") do - it { should exist } - its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" } - its("repo_tags") { should include "docker.io/library/busybox:latest" } - its("size") { should eq 1636053 } - its("digest") { should eq "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83" } - its("created_at") { should eq "2022-06-08T00:39:28.175020858Z" } - its("version") { should eq "20.10.12" } - its("names_history") { should include "docker.io/library/busybox:latest" } - its("repo_digests") { should include "docker.io/library/busybox@sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a" } - its("architecture") { should eq "arm64" } - its("os") { should eq "linux" } - its("virtual_size") { should eq 1636053 } - its("resource_id") { should eq "docker.io/library/busybox:latest" } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_network.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_network.md deleted file mode 100644 index 303cee5a14..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_network.md +++ /dev/null @@ -1,191 +0,0 @@ -+++ -title = "podman_network resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "podman_network" - identifier = "inspec/resources/os/podman_network.md podman_network resource" - parent = "inspec/resources/os" -+++ - -Use the `podman_network` Chef InSpec audit resource to test the properties of existing Podman networks. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -Use the `podman_network` Chef InSpec audit resource to test the properties of a Podman network. - -```ruby -describe podman_network("minikube") do - it { should exist } - its("id") { should eq "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f" } - its("name") { should eq "minikube" } - its("ipv6_enabled") { should eq false } - its("network_interface") { should eq "podman1" } -end -``` - -where: - -- `id`, `name`, `ipv6_enabled`, and `network_interface` are properties of this resource to fetch the respective value of the Podman network. -- `exist` is a matcher of this resource. - -### Resource Parameter Examples - -The resource allows you to pass a network name. - -```ruby -describe podman_network("minikube") do - it { should exist } -end -``` - -The resource allows you to pass with a Network ID. - -```ruby -describe podman_network("3a7c94d937d5") do - it { should exist } -end -``` - -## Properties - -### id - -The `id` property returns the full Podman Network ID. - -```ruby - its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" } -``` - -### name - -The `name` property tests the value of the Podman network name. - -```ruby -its("name") { should eq "minikube" } -``` - -### ipv6_enabled - -The `ipv6_enabled` property tests whether ipv6 is enabled on the Podman network. - -```ruby -its("ipv6_enabled") { should eq true } -``` - -### network_interface - -The `network_interface` property tests the value of the network interface settings on the Podman network. - -```ruby -its("network_interface") { should eq "podman0" } -``` - -### created - -The `created` property tests the timestamp when the Podman network was created. - -```ruby -its("created") { should eq "2022-07-06T08:51:11.735432521+05:30" } -``` - -### subnets - -The `subnets` property tests the list of subnets on the Podman network. - -```ruby -its("subnets") { should inclue "gateway"=>"192.168.49.1", "subnet"=>"192.168.49.0/24" } -``` - -### dns_enabled - -The `dns_enabled` property tests whether the Podman network has DNS enabled. - -```ruby -its("dns_enabled") { should be false } -``` - -### internal - -The `internal` property tests whether the specified Podman network is internal. - -```ruby -its("internal") { should eq true } -``` - -### ipam_options - -The `ipam_options` property tests the IPAM options of the given Podman network. - -```ruby -its("ipam_options") { should eq "driver" => "host-local" } -``` - -### labels - -The `labels` property tests the labels set for the specified Podman network. - -```ruby -its("labels") { should eq "created_by.minikube.sigs.k8s.io"=>"true", "name.minikube.sigs.k8s.io"=>"minikube" } -``` - -### driver - -The `driver` property tests the value of the Podman network driver. - -```ruby -its("driver") { should eq "bridge" } -``` - -### options - -The `options` property tests the network options for the specified Podman network. - -```ruby -its("options") { should eq nil } -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the specified network is available on Podman. - -```ruby -it { should exist } -``` - -## Examples - -### Tests if a given Podman network exists and verifies the various network properties - -```ruby -describe podman_network("minikube") do - it { should exist } - its("id") { should eq "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f" } - its("name") { should eq "minikube" } - its("ipv6_enabled") { should eq false } - its("network_interface") { should eq "podman1" } - its("subnets") { should include "gateway"=>"192.168.49.1", "subnet"=>"192.168.49.0/24" } - its("dns_enabled") { should eq true } - its("internal") { should eq false } - its("created") { should eq "2022-07-06T08:51:11.735432521+05:30" } - its("ipam_options") { should eq "driver" => "host-local" } - its("labels") { should eq "created_by.minikube.sigs.k8s.io"=>"true", "name.minikube.sigs.k8s.io"=>"minikube" } - its("driver") { should eq "bridge" } - its("options") { should eq nil } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_pod.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_pod.md deleted file mode 100644 index 523caf72c7..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_pod.md +++ /dev/null @@ -1,212 +0,0 @@ -+++ -title = "podman_pod resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "podman_pod" - identifier = "inspec/resources/os/podman_pod.md podman_pod resource" - parent = "inspec/resources/os" -+++ - -Use the `podman_pod` Chef InSpec audit resource to test the properties of a pod on Podman. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -Use the `podman_pod` Chef InSpec audit resource to test the properties of a pod on Podman. - -```ruby -describe podman_pod("nginx-frontend") do - it { should exist } - its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" } - its("name") { should eq "nginx-frontend" } - its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" } - its("create_command") { should include "new:nginx-frontend" } - its("state") { should eq "Running" } -end -``` - -where: - -- `'nginx-frontend'` is the name of the pod. Pod ID and Pod names are valid parameters accepted by `podman_pod`. -- `'id'`, `'name'`, `'created_at'`, `'create_command'`, and `'state'`, are properties of this resource to fetch the respective value of the podman pod. -- `exist` is a matcher of this resource. - -## Properties - -Properties of the resources are: `'id'`, `'name'`, `'created_at'`, `'create_command'`, `'state'`, `'hostname'`, `'create_cgroup'`, `'cgroup_parent'`, `cgroup_path`, `'create_infra'`, `'infra_container_id'`, `'infra_config'`, `'shared_namespaces'`, `'num_containers'`, and `'containers'` - -### `id` - -The `id` property returns the id of the pod. - -```ruby -its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" } -``` - -### `name` - -The `name` property returns the name of the pod. - -```ruby -its("name") { should eq "nginx-frontend" } -``` - -### `created_at` - -The `created_at` property returns the creation date of the pod. - -```ruby -its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" } -``` - -### `create_command` - -The `create_command` property returns an array of commands used to create the pod. - -```ruby -its("create_command") { should include "new:nginx-frontend" } -``` - -### `state` - -The `state` property returns the state of the pod. - -```ruby -its("state") { should eq "Running" } -``` - -### `hostname` - -The `hostname` property returns the hostname of the pod. - -```ruby -its("hostname") { should eq "" } -``` - -### `create_cgroup` - -The `create_cgroup` property returns a boolean value for cgroup creation of the pod. - -```ruby -its("create_cgroup") { should eq true } -``` - -### `cgroup_parent` - -The `cgroup_parent` property returns the name of the cgroup parent of the pod. - -```ruby -its("cgroup_parent") { should eq "user.slice" } -``` - -### `cgroup_path` - -The `cgroup_path` property returns the path of the cgroup parent of the pod. - -```ruby -its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" } -``` - -### `create_infra` - -The `create_infra` property returns a boolean value for the pod infra creation. - -```ruby -its("create_infra") { should eq true } -``` - -### `infra_container_id` - -The `infra_container_id` property returns the infra container ID of the pod. - -```ruby -its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" } -``` - -### `infra_config` - -The `infra_config` property returns a hash of the infra configuration of the pod. - -```ruby -its("infra_config") { should include "DNSOption" } -``` - -### `shared_namespaces` - -The `shared_namespaces` property returns an array of shared namespaces of the pod. - -```ruby -its("shared_namespaces") { should include "ipc" } -``` - -### `num_containers` - -The `num_containers` property returns the number of containers in the pod. - -```ruby -its("num_containers") { should eq 2 } -``` - -### `containers` - -The `containers` property returns an array of hashes about the information of containers in the pod. - -```ruby -its("containers") { should_not be nil } -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the pod is available on Podman. - -```ruby -it { should exist } -``` - -## Examples - -### Test if a pod exists on Podman and verifies pod properties - -```ruby -describe podman_pod("nginx-frontend") do - it { should exist } - its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" } - its("name") { should eq "nginx-frontend" } - its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" } - its("create_command") { should include "new:nginx-frontend" } - its("state") { should eq "Running" } - its("hostname") { should eq "" } - its("create_cgroup") { should eq true } - its("cgroup_parent") { should eq "user.slice" } - its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" } - its("create_infra") { should eq true } - its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" } - its("infra_config") { should include "DNSOption" } - its("shared_namespaces") { should include "ipc" } - its("num_containers") { should eq 2 } - its("containers") { should_not be nil } -end -``` - -### Test if a pod does not exist on Podman - -```ruby -describe podman_pod("non_existing_pod") do - it { should_not exist } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_volume.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_volume.md deleted file mode 100644 index 6a92397800..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/podman_volume.md +++ /dev/null @@ -1,157 +0,0 @@ -+++ -title = "podman_volume resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "podman_volume" - identifier = "inspec/resources/os/podman_volume.md podman_volume resource" - parent = "inspec/resources/os" -+++ - -Use the `podman_volume` Chef InSpec audit resource to test the properties of a volume on Podman. - -## Availability - -### Install - -This resource is distributed with Chef InSpec and is automatically available for use. - -## Syntax - -Use the `podman_volume` Chef InSpec audit resource to test the properties of a volume on Podman. - -```ruby -describe podman_volume("my_volume") do - it { should exist } - its("name") { should eq "my_volume" } - its("driver") { should eq "local" } - its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" } - its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" } -end -``` - -where: - -- `'name'`, `'driver'`, `'mountpoint'`, and `'created_at'` are properties of this resource to fetch the respective value of the podman volume. -- `exist` is a matcher of this resource. - -## Properties - -Properties of the resources: `name`, `driver`, `mountpoint`, `created_at`, `labels`, `scope`, `options`, `mount_count`, `needs_copy_up`, and `needs_chown`. - -### name - -The `name` property returns the name of the volume. - -```ruby -its("name") { should eq "my_volume" } -``` - -### driver - -The `driver` property returns the value for the volume's driver environment. - -```ruby -its("driver") { should eq "local" } -``` - -### mountpoint - -The `mountpoint` property returns the value for the volume's mount path. - -```ruby -its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" } -``` - -### created_at - -The `created_at` property returns the creation date of the volume. - -```ruby -its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" } -``` - -### labels - -The `labels` property returns the labels associated with the volume. - -```ruby -its("labels") { should eq({}) } -``` - -### scope - -The `scope` property returns the scope of the volume. - -```ruby -its("scope") { should eq "local" } -``` - -### options - -The `options` property returns the options associated with the volume. - -```ruby -its("options") { should eq({}) } -``` - -### mount_count - -The `mount_count` property returns the **MountCount** value from the volume's inspect information. - -```ruby -its("mount_count") { should eq 0 } -``` - -### needs_copy_up - -The `needs_copy_up` property returns the **NeedsCopyUp** value from the volume's inspect information. - -```ruby -its("needs_copy_up") { should eq true } -``` - -### needs_chown - -The `needs_chown` property returns the **NeedsChown** value from the volume's inspect information. - -```ruby -its("needs_chown") { should eq true } -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the volume is available on Podman. - -```ruby -it { should exist } -``` - -## Examples - -### Test if a volume exists on Podman and verifies volume properties - -```ruby -describe podman_volume("my_volume") do - it { should exist } - its("name") { should eq "my_volume" } - its("driver") { should eq "local" } - its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" } - its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" } - its("labels") { should eq({}) } - its("scope") { should eq "local" } - its("options") { should eq({}) } - its("mount_count") { should eq 0 } - its("needs_copy_up") { should eq true } - its("needs_chown") { should eq true } -end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/port.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/port.md deleted file mode 100644 index 565802a15f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/port.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = "port resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "port" - identifier = "inspec/resources/os/port.md port resource" - parent = "inspec/resources/os" -+++ - -Use the `port` Chef InSpec audit resource to test basic port properties, such as port, process, if it's listening. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?): - - describe port(514) do - it { should be_listening } - its('processes') {should include 'syslog'} - end - -where the `processes` returns the processes listening on port 514. - -A filter may specify an attribute: - - describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do - it { should_not be_listening } - end - -where - -- `.where{}` specifies a block in which one (or more) attributes---`port`, `address`, `protocol`, `process`, `pid`, or `listening?`----scope the test to ports that match those attributes - -For example, to test if the SSH daemon is available on a Linux machine via the default port (22): - - describe port(22) do - its('processes') { should include 'sshd' } - its('protocols') { should include 'tcp' } - its('addresses') { should include '0.0.0.0' } - end - -## Properties - -### address - -The `addresses` property tests if the specified address is associated with a port: - - its('addresses') { should include '0.0.0.0' } - -### be_listening - -The `be_listening` property tests if the port is listening for traffic: - - it { should be_listening } - -### pids - -The `pids` property tests the process identifiers (PIDs): - - its('pids') { should cmp 27808 } - -### processes - -The `processes` property tests if the named process is running on the system: - - its('processes') { should cmp 'syslog' } - -### protocols - -The `protocols` property tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`): - - its('protocols') { should include 'tcp' } - -or for the IPv6 protocol: - - its('protocols') { should include 'tcp6' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test port 80, listening with the TCP protocol - - describe port(80) do - it { should be_listening } - its('protocols') { should cmp 'tcp' } - end - -### Test port 80, on a specific address - -A specific port address may be checked using either of the following examples: - - describe port(80) do - it { should be_listening } - its('addresses') {should include '0.0.0.0'} - end - -or: - - describe port('0.0.0.0', 80) do - it { should be_listening } - end - -### Test port 80, listening with TCP version IPv6 protocol - - describe port(80) do - it { should be_listening } - its('protocols') { should cmp 'tcp6' } - end - -### Test that only secure ports accept requests - - describe port(80) do - it { should_not be_listening } - end - - describe port(443) do - it { should be_listening } - its('protocols') { should cmp 'tcp' } - end - -### Verify port 65432 is not listening - - describe port(22) do - it { should be_listening } - its('protocols') { should include('tcp') } - its('protocols') { should_not include('udp') } - end - - describe port(65432) do - it { should_not be_listening } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postfix_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postfix_conf.md deleted file mode 100644 index 6c1ec59e57..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postfix_conf.md +++ /dev/null @@ -1,74 +0,0 @@ -+++ -title = "postfix_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "postfix_conf" - identifier = "inspec/resources/os/postfix_conf.md postfix_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `postfix_conf` Chef InSpec audit resource to test the main configuration of the Postfix Mail Transfer Agent. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -## Syntax - -A `postfix_conf` resource block declares the configuration settings to be tested: - - describe postfix_conf do - its('setting_name') { should cmp 'value' } - end - -where - -- `'setting_name'` is a setting key defined in main.cf -- `{ should cmp 'value' }` is the value to be expected - -When using `postfix_conf` with a custom configuration directory, the following syntax can be used: - - describe postfix_conf('path') do - ... - end - -where - -- `'path'` is the path to your Postfix configuration (ex. '/etc/path/to/postfix/main.cf') - -## Properties - -This resource supports any of the settings listed in the main.cf file as properties. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test basic Postfix configuration settings in the main.cf file - -For example, the following Postfix configuration: - - /etc/postfix/main.cf: - myorigin = $myhostname - myhostname = host.local.domain - mynetworks = 127.0.0.0/8 - -can be tested like this: - - describe postfix_conf do - its('myorigin') { should cmp '$myhostname' } - its('myhostname') { should cmp 'host.local.domain' } - its('mynetworks') { should cmp '127.0.0.0/8' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_conf.md deleted file mode 100644 index 33a47d7976..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_conf.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "postgres_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "postgres_conf" - identifier = "inspec/resources/os/postgres_conf.md postgres_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `postgres_conf` Chef InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql//main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test: - - describe postgres_conf('path') do - its('setting') { should eq 'value' } - end - -where - -- `'setting'` specifies a setting in the `postgresql.conf` file -- `('path')` is the non-default path to the `postgresql.conf` file (optional) -- `should eq 'value'` is the value that is expected - -## Properties - -This resource supports any of the settings listed in an postgresql.conf file as properties for e.g. max_connections - - its('max_connections') { should eq '5' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the maximum number of allowed client connections - - describe postgres_conf do - its('max_connections') { should eq '5' } - end - -### Test system logging - - describe postgres_conf do - its('logging_collector') { should eq 'on' } - its('log_connections') { should eq 'on' } - its('log_disconnections') { should eq 'on' } - its('log_duration') { should eq 'on' } - its('log_hostname') { should eq 'on' } - its('log_line_prefix') { should eq '%t %u %d %h' } - its(['pgaudit.log_parameter']) { should cmp 'on' } - end - -### Test the port on which PostgreSQL listens - - describe postgres_conf do - its('port') { should eq '5432' } - end - -### Test the Unix socket settings - - describe postgres_conf do - its('unix_socket_directories') { should eq '.s.PGSQL.5432' } - its('unix_socket_group') { should eq nil } - its('unix_socket_permissions') { should eq '0770' } - end - -where `unix_socket_group` is set to the PostgreSQL default setting (the group to which the server user belongs). - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_hba_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_hba_conf.md deleted file mode 100644 index 96ed120628..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_hba_conf.md +++ /dev/null @@ -1,84 +0,0 @@ -+++ -title = "postgres_hba_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "postgres_hba_conf" - identifier = "inspec/resources/os/postgres_hba_conf.md postgres_hba_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `postgres_hba_conf` Chef InSpec audit resource to test the client authentication data defined in the pg_hba.conf file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.31.0 of InSpec. - -## Syntax - -An `postgres_hba_conf` Chef InSpec audit resource block declares client authentication data that should be tested: - - describe postgres_hba_conf.where { type == 'local' } do - its('auth_method') { should eq ['peer'] } - end - -where - -- `'attribute'` is a attribute in the pg hba configuration file -- `'filter_value'` is the value that is to be filtered for -- `'value'` is the value that is to be matched expected - -## Properties - -### address([String]) - -`address` returns a an array of strings that matches the where condition of the filter table - - describe postgres_hba_conf.where { type == 'local' } do - its('address') { should cmp 'value' } - end - -### auth_method([String]) - -`auth_method` returns a an array of strings that matches the where condition of the filter table - - describe postgres_hba_conf.where { type == 'local' } do - its('auth_method') { should cmp 'value' } - end - -### database([String]) - -`database` returns a an array of strings that matches the where condition of the filter table - - describe postgres_hba_conf.where { type == 'local' } do - its('database') { should cmp 'value' } - end - -### type([String]) - -`type` returns a an array of strings that matches the where condition of the filter table - - describe postgres_hba_conf.where { database == 'acme_test_db' } do - its('type') { should cmp 'value' } - end - -### user([String]) - -`user` returns a an array of strings that matches the where condition of the filter table - - describe postgres_hba_conf.where { database == 'acme_test_db' } do - its('user') { should cmp 'value' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_ident_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_ident_conf.md deleted file mode 100644 index 1aedf60096..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_ident_conf.md +++ /dev/null @@ -1,68 +0,0 @@ -+++ -title = "postgres_ident_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "postgres_ident_conf" - identifier = "inspec/resources/os/postgres_ident_conf.md postgres_ident_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `postgres_ident_conf` Chef InSpec audit resource to test the client authentication data defined in the pg_ident.conf file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.31.0 of InSpec. - -## Syntax - -An `postgres_ident_conf` Chef InSpec audit resource block declares client authentication data that should be tested: - - describe postgres_ident_conf.where { pg_username == 'filter_value' } do - its('attribute') { should eq ['value'] } - end - -where - -- `'attribute'` is a attribute in the pg ident configuration file -- `'filter_value'` is the value that is to be filtered for -- `'value'` is the value that is to be matched expected - -## Properties - -### map_name([String]) - -`map_name` returns a an array of strings that matches the where condition of the filter table - - describe postgres_ident_conf.where { pg_username == 'name' } do - its('map_name') { should eq ['value'] } - end - -### pg_username([String]) - -`pg_username` returns a an array of strings that matches the where condition of the filter table - - describe postgres_ident_conf.where { pg_username == 'name' } do - its('pg_username') { should eq ['value'] } - end - -### system_username([String]) - -`system_username` returns a an array of strings that matches the where condition of the filter table - - describe postgres_ident_conf.where { pg_username == 'name' } do - its('system_username') { should eq ['value'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_session.md deleted file mode 100644 index 2813687fd2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/postgres_session.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "postgres_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "postgres_session" - identifier = "inspec/resources/os/postgres_session.md postgres_session resource" - parent = "inspec/resources/os" -+++ - -Use the `postgres_session` Chef InSpec audit resource to test SQL commands run against a PostgreSQL database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run: - - # Create a PostgreSQL session: - sql = postgres_session('username', 'password', 'host', 'port', 'socketpath') - - # default values: - # username: 'postgres' - # host: 'localhost' - # port: 5432 - # socketpath (optional): nil - - # Run an SQL query with an optional database to execute - sql.query('sql_query', ['database_name'])` - -A full example is: - - sql = postgres_session('username', 'password', 'host', 'port', 'socketpath') - describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do - its('output') { should eq '' } - end - -where - - `its('output') { should eq '' }` compares the results of the query against the expected result in the test - - `socketpath` is an optional parameter. Use `socketpath` to establish a socket connection with Postgres by specifying one of the Postgres Unix domain socket paths. Only supported on Unix-based platforms. - -## Properties - -### output - -The `output` property tests the results of the query: - - its('output') { should eq(/^0/) } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the PostgreSQL shadow password - - sql = postgres_session('my_user', 'password', '192.168.1.2', 5432) - - describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do - its('output') { should eq('') } - end - -### Test for risky database entries - - describe postgres_session('my_user', 'password').query('SELECT count (*) - FROM pg_language - WHERE lanpltrusted = \'f\' - AND lanname!=\'internal\' - AND lanname!=\'c\';', ['postgres']) do - its('output') { should eq '0' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/powershell.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/powershell.md deleted file mode 100644 index 2b9f27db82..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/powershell.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "powershell resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "powershell" - identifier = "inspec/resources/os/powershell.md powershell resource" - parent = "inspec/resources/os" -+++ - -Use the `powershell` Chef InSpec audit resource to test a Powershell script on the Windows platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `powershell` resource block declares a Powershell script to be tested, and then compares the output of that command to the matcher in the test: - - script = <<-EOH - # a PowerShell script - EOH - - describe powershell(script) do - its('property') { should eq 'output' } - end - -where - -- `'script'` must specify a Powershell script to be run -- `'matcher'` is one of `exit_status`, `stderr`, or `stdout` -- `'output'` tests the output of the command run on the system versus the output value stated in the test - -## Properties - -### exit_status - -The `exit_status` property tests the exit status for the command: - - its('exit_status') { should eq 123 } - -### stderr - -The `stderr` property tests results of the command as returned in standard error (stderr): - - its('stderr') { should eq 'error' } - -### stdout - -The `stdout` property tests results of the command as returned in standard output (stdout): - - its('stdout') { should eq '/^1$/' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Get all groups of Administrator user - - script = <<-EOH - # find user - $user = Get-WmiObject Win32_UserAccount -filter "Name = 'Administrator'" - # get related groups - $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status - $groups | ConvertTo-Json - EOH - - describe powershell(script) do - its('stdout') { should_not eq '' } - end - -### Write-Output 'hello' - -The following Powershell script: - - script = <<-EOH - Write-Output 'hello' - EOH - -can be tested in the following ways. - -For a newline: - - describe powershell(script) do - its('stdout') { should eq "hello\r\n" } - its('stderr') { should eq '' } - end - -Removing whitespace `\r\n` from `stdout`: - - describe powershell(script) do - its('strip') { should eq "hello" } - end - -No newline: - - describe powershell("'hello' | Write-Host -NoNewLine") do - its('stdout') { should eq 'hello' } - its('stderr') { should eq '' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ppa.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ppa.md deleted file mode 100644 index a711c398c9..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ppa.md +++ /dev/null @@ -1,64 +0,0 @@ -+++ -title = "ppa resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "ppa" - identifier = "inspec/resources/os/ppa.md ppa resource" - parent = "inspec/resources/os" -+++ - -Use the `ppa` Chef InSpec audit resource to verify the PPA repositories on Debian-based Linux distributions. The Personal Package Archives (PPAs) are software repositories designed for Ubuntu users and are easier to install than other third-party repositories. - -The following ppa formats are supported: - -- `ubuntu-wine/ppa` -- `ppa:ubuntu-wine/ppa` -- `http://ppa.launchpad.net/juju/stable/ubuntu` - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -## Syntax - - describe ppa('PATH') do - it { should exist } - it { should be_enabled } - end -where - -- `ppa('PATH')` represents PPA repository -- `exist` and `be_enabled` are a valid matchers for this resource. - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/). - -### exist - -The `exist` matcher tests if a repository exists on the system: - - it { should exist } - -### be_enabled - -The `be_enabled` matcher tests if a repository is enabled on the system: - - it { should be_enabled } - -## Example - -The following example shows how to use this Chef InSpec audit resource. - -### Verify that a PPA repository exists and is enabled - - describe ppa('ppa:nginx/stable') do - it { should exist } - it { should be_enabled } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/processes.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/processes.md deleted file mode 100644 index 0a261758e2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/processes.md +++ /dev/null @@ -1,137 +0,0 @@ -+++ -title = "processes resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "processes" - identifier = "inspec/resources/os/processes.md processes resource" - parent = "inspec/resources/os" -+++ - -Use the `processes` Chef InSpec audit resource to test the properties of system programs. - -## Availability - -### Install - -The Chef InSpec distributes this resource. - -### Version - -This resource is available from InSpec 1.0 version. - -## Syntax - -A `processes` resource block declares the process name that must be tested and defines one or more property and value pairs. - - describe processes('NAME') do - its('property_name') { should eq ['VALUE'] } - end - -> where -> -> - `process_name` specifies the name of the process to test. If the value is a string, it is converted to a `Regexp`. You can pass a `Regexp` directly for more accurate results. If left blank returns all processes. -> - `property_name` is a valid property of this resource. -> - `property_value` is the expected value for the specified property. - -## Properties - -The specific properties of this resource are: `labels`, `pids`, `cpus`, `mem`, `vsz`, `rss`, `tty`, `states`, `start`, `time`, `users`, `commands`, `count`, and `list` - -Usage of these properties is as follows: - - its('property_name') { should eq ['VALUE'] } - -## Matchers - -For a full list of available matchers, please visit the [matchers page](/inspec/matchers/). - -The specific matcher of this resource is: `be_running`. - -### be_running - -The `be_running` matcher tests if the named process is running: - - it { should be_running } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the mysqld process list length is 1 - - describe processes('SQLD') do - its('list.length') { should eq 1 } - end - -### Test if the mysqld process count is 1 - - describe processes('SQLD') do - its('count') { should eq 1 } - end - -### Test if the user owns the process - - describe processes('init') do - its('users') { should eq ['ROOT'] } - end - - describe processes('winlogon') do - its('users') { should cmp "NT AUTHORITY\\SYSTEM" } - end - -### Test if a high-priority process is running - - describe processes('linux_process') do - its('states') { should eq ['R<'] } - end - - describe processes('windows_process') do - its('labels') { should cmp "HIGH" } - end - -### Test if a process exists on the system - - describe processes('some_process') do - it { should exist } - end - -### Test if a process is running on the system - - describe processes('some_process') do - it { should be_running } - end - -### Test for a process using a specific Regexp - -Use `regexp` if the process name is too common for a string to find it uniquely. You may need to include whitespace characters. - - describe processes(Regexp.new("/usr/local/bin/swap -d")) do - its('list.length') { should eq 1 } - end - -### Notes for auditing Windows systems - -Sometimes there is no direct comparison between different operating systems and system properties. Most of the `property_name` do align between the various operating systems. - -However, there are some exceptions. For example, within Linux operating system, `states` offer multiple properties. Windows operating systems do not have a direct comparison on a single property. Hence, `states` is mapped to the property of `Responding` and determines a boolean (true/false) flag if the process is hung. - -The following mapping table aids you in understanding the Unix field property mapping to the Windows `Get-Process` property: - -| _unix ps field_ | _windows PowerShell Property_ | -| :-------------: | :---------------------------: | -| labels | PriorityClass | -| pids | Id | -| cpus | CPU | -| mem | PM | -| vsz | VirtualMemorySize | -| rss | NPM | -| tty | SessionId | -| states | Responding | -| start | StartTime | -| time | TotalProcessorTime | -| users | UserName | -| commands | Path | diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/rabbitmq_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/rabbitmq_config.md deleted file mode 100644 index 6baacb04c4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/rabbitmq_config.md +++ /dev/null @@ -1,51 +0,0 @@ -+++ -title = "rabbitmq_config resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "rabbitmq_config" - identifier = "inspec/resources/os/rabbitmq_config.md rabbitmq_config resource" - parent = "inspec/resources/os" -+++ - -Use the `rabbitmq_config` Chef InSpec audit resource to test configuration data for the RabbitMQ daemon located at `/etc/rabbitmq/rabbitmq.config` on Linux and Unix platforms. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.20.0 of InSpec. - -## Syntax - -A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested: - - describe rabbitmq_config.params('rabbit', 'ssl_listeners') do - it { should cmp 5671 } - end - -where - -- `params` is the list of parameters configured in the RabbitMQ config file -- `{ should cmp 5671 }` tests the value of `rabbit.ssl_listeners` as read from `rabbitmq.config` versus the value declared in the test - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the list of TCP listeners - - describe rabbitmq_config.params('rabbit', 'tcp_listeners') do - it { should eq [5672] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/registry_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/registry_key.md deleted file mode 100644 index 293f42d940..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/registry_key.md +++ /dev/null @@ -1,210 +0,0 @@ -+++ -title = "registry_key resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "registry_key" - identifier = "inspec/resources/os/registry_key.md registry_key resource" - parent = "inspec/resources/os" -+++ - -Use the `registry_key` Chef InSpec audit resource to test key values in the Windows registry. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested. - -Use a registry key name and path: - - describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do - its('Start') { should eq 2 } - end - -Use only a registry key path: - - describe registry_key('HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do - its('Start') { should eq 2 } - end - -Or use a Ruby Hash: - - describe registry_key({ - name: 'Task Scheduler', - hive: 'HKEY_LOCAL_MACHINE', - key: '\SYSTEM\CurrentControlSet\services\Schedule' - }) do - its('Start') { should eq 2 } - end - -### Registry Key Path Separators - -A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key: - - HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes - -may be enclosed in a single-quoted string with a single backslash: - - 'HKCU\SOFTWARE\path\to\key\Themes' - -or may be enclosed in a double-quoted string with an extra backslash as an escape character: - - "HKCU\\SOFTWARE\\path\\to\\key\\Themes" - -**Warning**: Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys. - - # The following will not work: - # describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do - # its('Release') { should eq 378675 } - # end - # You should use: - describe registry_key('HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\1033') do - its('Release') { should eq 378675 } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the start time for the Schedule service - - describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do - its('Start') { should eq 2 } - end - -where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting. - -### Use a regular expression in responses - - describe registry_key({ - hive: 'HKEY_LOCAL_MACHINE', - key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' - }) do - its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ } - end - -## Properties - -### user_permissions - -The `user_permissions` property returns a hash containing a list of users or groups and their registry key permissions on Windows. For example: - - its('user_permissions') { should cmp { "NT AUTHORITY\\SYSTEM" => "FullControl", "NT AUTHORITY\\Authenticated Users" => "ReadAndExecute", "BUILTIN\\Administrators" => "FullControl" } } - - its('user_permissions') { should include "NT AUTHORITY\\SYSTEM"=>"FullControl" } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### children - -The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items: - - describe registry_key('Key Name', '\path\to\key').children(regex) - ... - end - -For example, to get all child items for a registry key: - - describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do - it { should_not eq [] } - end - -The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located: - - describe registry_key({ - hive: 'HKEY_USERS' - }).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key| - describe registry_key(key) do - its('AlwaysInstallElevated') { should eq 'value' } - end - } - -### exist - -The `exist` matcher tests if the registry key is present: - - it { should exist } - -### have_property - -The `have_property` matcher tests if a property exists for a registry key: - - it { should have_property 'value' } - -### have_property_value - -The `have_property_value` matcher tests if a property value exists for a registry key: - - it { should have_property_value 'value' } - -### have_value - -The `have_value` matcher tests if a value exists for a registry key: - - it { should have_value 'value' } - -### name - -The `name` matcher tests the value for the specified registry setting: - - its('name') { should eq 'value' } - -### be_inherited - -`be_inherited` is a boolean matcher which returns `true` if a registry key has inheritance enabled, otherwise `false`. This matcher only works on Windows systems. - - registry_key('HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop') do - it { should be_inherited } - end - -**Warning**: Any name with a dot will not work as expected: its('explorer.exe') { should eq 'test' }. For details, see https://github.com/inspec/inspec/issues/1281 - - # instead of: - # its('explorer.exe') { should eq 'test' } - # either use have_property_value... - it { should have_property_value('explorer.exe', :string, 'test') } - - # ...or provide the name in an array - its(['explorer.exe']) { should eq 'test' } - -The latter workaround may be preferable because upon failure, Chef InSpec will present the expected and actual values: - - inspec> describe registry_key('HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop') do - inspec> its(["SCRNSAVE.EXE"]) { should eq "FlyingToasters.scr" } - inspec> end - - Profile: inspec-shell - Version: (not specified) - - Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop - × ["SCRNSAVE.EXE"] should eq "FlyingToasters.scr" - - expected: "FlyingToasters.scr" - got: "scrnsave.scr" - - (compared using ==) - - - Test Summary: 0 successful, 1 failure, 0 skipped - -`have_property_value` only presents a false assertion: - - Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop - × should have property value "SCRNSAVE.EXE", "FlyingToasters.scr" - expected #has_property_value?("SCRNSAVE.EXE", "FlyingToasters.scr") to return true, got false diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/routing_table.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/routing_table.md deleted file mode 100644 index 2c8cc9df20..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/routing_table.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = "routing_table resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "routing_table" - identifier = "inspec/resources/os/routing_table.md routing_table resource" - parent = "inspec/resources/os" -+++ - -Use the `routing_table` Chef InSpec audit resource to test the routing information parameters, destination, gateway, and interface present in the routing table. The rule matches with the output information of `netstat -rn`. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -## Syntax - -A `routing_table` Chef InSpec audit resource tests if an entry of destination, gateway, and interface is present as part of the routing table information. All three keys and their values must be passed when testing. - -```ruby - describe routing_table do - it { should have_entry(destination: '0.0.0.0', interface: 'eth0', gateway: '172.31.80.1') } - end -``` - -> where -> -> - `destination`, `interface`, and `gateway` are parameters of the routing table. -> - `have_entry` is a matcher of this resource. - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/). - -### have_entry - -The `have_entry` matcher tests the if the given destination, interface, and gateway exist as an entry in the routing table. - -```ruby - it { should have_entry(destination: '0.0.0.0', interface: 'eth0', gateway: '172.31.80.1') } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Ensures an entry with the destination as '10.123.137.0', gateway as '0.0.0.0', and interface as 'eth0' exists in the routing table - -`have_entry` returns *true* if the given combination of destination, gateway, and interface is a valid entry in the routing table. - -```ruby - describe routing_table do - it { should have_entry(destination: '10.123.137.0', interface: 'eth0', gateway: '0.0.0.0') } - end -``` - -### Ensures an entry with the destination as '192.168.43.1/32', gateway as '172.31.80.1', and interface as 'lxdbr0' exists in the routing table - -```ruby - describe routing_table do - it do - should have_entry( - :destination => '192.168.43.1/32', - :interface => 'lxdbr0', - :gateway => '172.31.80.1', - ) - end - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/runit_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/runit_service.md deleted file mode 100644 index d7c93d1857..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/runit_service.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "runit_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "runit_service" - identifier = "inspec/resources/os/runit_service.md runit_service resource" - parent = "inspec/resources/os" -+++ - -Use the `runit_service` Chef InSpec audit resource to test a service using runit. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service: - - describe runit_service('service_name') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end - -where - -- `('service_name')` must specify a service name -- `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used - -The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example: - - describe runit_service('service_name', '/path/to/control') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - - it { should be_enabled } - -### be_installed - -The `be_installed` matcher tests if the named service is installed: - - it { should be_installed } - -### be_running - -The `be_running` matcher tests if the named service is running: - - it { should be_running } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/security_identifier.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/security_identifier.md deleted file mode 100644 index dd4c3c707d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/security_identifier.md +++ /dev/null @@ -1,73 +0,0 @@ -+++ -title = "security_identifier resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "security_identifier" - identifier = "inspec/resources/os/security_identifier.md security_identifier resource" - parent = "inspec/resources/os" -+++ - -Use the `security_identifier` Chef InSpec resource to test the [Security Identifier (SID)](https://docs.microsoft.com/en-us/windows/desktop/secauthz/security-identifiers) for user and group trustees on Windows. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Resource Parameters - -A `security_identifier` resource should specify the name and type of the trustee to test the SID for: - - describe security_identifier(group: 'Everyone') do - its('sid') { should eq 'S-1-1-0' } - end - -where - -- `group:` specifies that `'Everyone'` should be a group. `user:` can be used to specify a user account. - \*\* It is necessary to declare the type of the trustee because Windows allows users, groups and other entities to share names. If you really need to not specify the type, `unspecified:` can be used. This will attempt to match the name to a group and then a user account. This may take longer to execute and comes with the risk of Chef InSpec matching the name to an unintended trustee. - -## Examples - -The following examples show how to use this Chef InSpec resource. - -### Verify that the Administrator user has a SID - - describe security_identifier(user: 'Administrator') do - it { should exist } - end - -### Verify that a SID is the expected value - - describe security_identifier(group: 'Everyone') do - its('sid') { should eq 'S-1-1-0' } - end - -### Use in conjunction with the security_policy resource to specify the trustee to test for in the audit policy - - describe security_policy do - its("SeRemoteInteractiveLogonRight") { should_not include security_identifier(group: 'Guests') } - end - -## Properties - -### sid - - describe security_identifier(group: 'Everyone') do - its('sid') { should eq 'S-1-1-0' } - end - -## Matchers - -This Chef InSpec audit resource has the following special matchers. {{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -For this resource, `exist` is true if a Security Identifier (SID) exists on the target host for the specified trustee. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/security_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/security_policy.md deleted file mode 100644 index 92544bd2af..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/security_policy.md +++ /dev/null @@ -1,62 +0,0 @@ -+++ -title = "security_policy resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "security_policy" - identifier = "inspec/resources/os/security_policy.md security_policy resource" - parent = "inspec/resources/os" -+++ - -Use the `security_policy` Chef InSpec audit resource to test security policies on the Windows platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `security_policy` resource block declares the name of a security policy and the value to be tested: - - describe security_policy do - its('policy_name') { should eq 'value' } - end - - describe security_policy(translate_sid: true) do - its('policy_name') { should include 'sid_name' } - end - -where - -- `'policy_name'` must specify a security policy -- `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test -- `translate_sid` converts the security identifier (SID) into a human readable SID name if `true`. Default value is `false`. - -## Properties - -This resource supports any of the security policy name as properties for e.g. `SeNetworkLogonRigth`, `SeRemoteInteractiveLogonRight` etc. - - its('SeNetworkLogonRight') { should eq '*S-1-5-11' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Verify that only the Administrators group has remote access - - describe security_policy do - its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/selinux.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/selinux.md deleted file mode 100644 index 1db04794a8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/selinux.md +++ /dev/null @@ -1,175 +0,0 @@ -+++ -title = "selinux resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "selinux" - identifier = "inspec/resources/os/selinux.md selinux resource" - parent = "inspec/resources/os" -+++ - -Use the `selinux` Chef InSpec audit resource to test the configuration data of the SELinux policy, SELinux modules and SELinux booleans. - -The `selinux` resource extracts and exposes data reported by the `sestatus`, `semodule -lfull`, and `semanage boolean -l -n` command. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v4.35.1 of InSpec. - -## Syntax - -The `selinux` Chef InSpec resource block tests the state and mode of SELinux policy. - - describe selinux do - it { should be_installed } - it { should_not be_disabled } - it { should be_enforcing } - it { should_not be_permissive } - end - -The `selinux` resource block also allows you to write tests for multiple modules: - - describe selinux.modules.where("zebra") do - it { should exist } - it { should be_installed } - it { should be_enabled } - end - -or: - - describe selinux.modules.where(status: "installed") do - it { should exist } - its('count') { should cmp 404 } - end - -where: - -- `.where()` specifies the parameter and expected value. -- `name`, `status`, `state`, and `priority` are valid parameters. - -The `selinux` resource block also allows you to write tests for multiple booleans: - - describe selinux.booleans.where(name: "httpd_enable_homedirs") do - it { should_not be_on } - end - -or: - - describe selinux.booleans.where(name: "xend_run_blktap", state: "on") do - it { should exist } - its('defaults') { should cmp "on" } - end - -- `.where()` specifies the parameter and expected value. -- `name`, `state`, and `default` are valid parameters for `booleans`. - -## Examples - -The following examples show how to use this Chef InSpec selinux resource. - -### Test if SELinux is installed and enabled - - describe selinux do - it { should be_installed } - it { should_not be_disabled } - end - -### Test if SELinux is enabled and running in enforcing mode - - describe selinux do - it { should_not be_disabled } - it { should be_enforcing } - end - -### Test the selinux policy type - - describe selinux do - its('policy') { should eq "targeted"} - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the SElinux policy or SElinux modules are installed on the system: - - it { should be_installed } - -### be_disabled - -The `be_disabled` matcher tests if the SELinux is disabled on the system: - - it { should be_disabled } - -### be_enforcing - -The `be_enforcing` matcher tests if the SELinux mode is set to enforcing: - - it { should be_enforcing } - -### be_permissive - -The `be_permissive` matcher tests if the SELinux mode is set to permissive: - - it { should be_permissive } - -### be_on - -The `be_on` matcher tests if the SELinux boolean is on: - - it { should be_on } - -### be_enabled - -The `be_enabled` matcher tests if the SElinux module is enabled: - - it { should be_enabled } - -## Resource Parameters - -- `names`, `status`, `states`, and `priorities` are valid parameters for SELinux policy modules. - -- `names`, `status`, `states`, and `defaults` are valid parameters for SELinux `booleans`. - -## Resource Parameter Examples - -### modules - -`modules` returns information about SELinux modules using the [semodule -lfull](https://man7.org/linux/man-pages/man8/semodule.8.html) command. - -Note: The `semodule -l` command [does not provide version information](https://access.redhat.com/solutions/2760071) for newer versions of Linux-based systems like RHEL8 and Centos8, so we do not support that option. - -```ruby -describe selinux.modules do - its("names") { should include "zebra" } - its("status") { should include "installed" } - its("states") { should include "enabled" } - its("priorities") { should include "100" } -end -``` -### booleans - -`booleans` returns information about SELinux booleans using the [semanage boolean -l -n](https://man7.org/linux/man-pages/man8/semanage-boolean.8.html) command. - -```ruby -describe selinux.booleans do - its("names") { should include "httpd_enable_homedirs" } - its("states") { should include "on" } - its("states") { should include "off" } - its("defaults") { should include "on" } - its("defaults") { should include "off" } -end -``` \ No newline at end of file diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/service.md deleted file mode 100644 index 2698fb7cd5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/service.md +++ /dev/null @@ -1,169 +0,0 @@ -+++ -title = "service resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "service" - identifier = "inspec/resources/os/service.md service resource" - parent = "inspec/resources/os" -+++ - -Use the `service` Chef InSpec audit resource to test whether the installation of the named service is successful and enabled. - -It may be necessary to specify the service manager by using one of the following service manager-specific resources: `bsd_service`, `launchd_service`, `runit_service`, `systemd_service`, `sysv_service`, and `upstart_service`. These resources are based on the `service` resource. - -## Availability - -### Install - -The Chef InSpec distributes this resource. - -### Version - -This resource is available from Chef Inspec version 1.0.0. - -## Syntax - -A `service` resource block declares the name of a service and one or more matchers to test the service state. - -```ruby - describe service('NAME') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end -``` - -> where -> -> - `('service_name')` must specify a service name -> - `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the PostgreSQL service is both running and enabled - -```ruby - describe service('PostgreSQL') do - it { should be_enabled } - it { should be_running } - end -``` - -### Test if the MYSQL service is running and enabled - -```ruby - describe service('MYSQL') do - it { should be_enabled } - it { should be_running } - end -``` - -### Test if the installation of ClamAV (an antivirus engine) is successful and running - -```ruby - describe package('clamav') do - it { should be_installed } - its('version') { should eq '0.98.7' } - end - - describe service('clamd') do - it { should_not be_enabled } - it { should_not be_installed } - it { should_not be_running } - end -``` - -### Test Unix SystemV run levels - -On targets that are using SystemV services, the existing run levels can also be checked: - -```ruby - describe service('SSH').runlevels do - its('keys') { should include(2) } - end - - describe service('SSH').runlevels(2,4) do - it { should be_enabled } - end -``` - -### Override the service manager - -It may be required to override the logic to select the right service manager. For example, to check a service managed by Upstart. - -```ruby - describe upstart_service('SERVICE') do - it { should_not be_enabled } - it { should be_installed } - it { should be_running } - end -``` - -This is also possible with `systemd_service`, `runit_service`, `sysv_service`, `bsd_service`, and `launchd_service`. If not found at the default location, provide the **control** command. For example, if the `sv` command for services managed by `runit` is not in the `PATH`. - -```ruby - describe runit_service('SERVICE', '/opt/chef/embedded/sbin/sv') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end -``` - -### Verify IIS is running - -```ruby - describe service('W3SVC') do - it { should be_installed } - it { should be_running } - end -``` - -## Matchers - -For a full list of available matchers, please visit the [matchers page](/inspec/matchers/). - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - -```ruby - it { should be_enabled } -``` - -### be_installed - -The `be_installed` matcher tests if the named service is installed. - -```ruby - it { should be_installed } -``` - -### be_running - -The `be_running` matcher tests if the named service is running. - -```ruby - it { should be_running } -``` - -### be_monitored_by - -The `be_monitored_by` matcher accepts the name of a monitoring tool as input and test if the named service is monitored respectively. The monitoring tool supports `monit` and `god` resources. - -```ruby - it { should be_monitored_by("god") } -``` - -### have_start_mode - -The `have_start_mode` matcher tests accept a mode as input and test if the named service's start mode is the same as specified in the input. This matcher is supported on the Windows systems only. - -```ruby - it { should have_start_mode('Manual') } -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/shadow.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/shadow.md deleted file mode 100644 index 7c35f05984..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/shadow.md +++ /dev/null @@ -1,279 +0,0 @@ -+++ -title = "shadow resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "shadow" - identifier = "inspec/resources/os/shadow.md shadow resource" - parent = "inspec/resources/os" -+++ - -Use the `shadow` Chef InSpec audit resource to test the contents of `/etc/shadow`, which contains password details that are readable only by the `root` user. `shadow` is a [plural resource](/inspec/glossary/#plural_resource). Like all plural resources, it functions by performing searches across multiple entries in the shadow file. - -The format for `/etc/shadow` includes: - -- A username -- The hashed password for that user -- The last date a password was changed, as the number of days since Jan 1, 1970 -- The minimum number of days a password must exist before it may be changed -- The maximum number of days after which a password must be changed -- The number of days a user is warned about an expiring password -- The number of days a user must be inactive before the user account is disabled -- The date on which a user account was disabled, as the number of days since Jan 1, 1970 - -These entries are defined as a colon-delimited row in the file, one row per user: - - username:Gb7crrO5CDF.:10063:0:99999:7::: - -The `shadow` resource understands this format, allows you to search on the fields, and exposes the selected users' properties. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Resource Parameters - -The `shadow` resource takes one optional parameter: the path to the shadow file. If omitted, `/etc/shadow` is assumed. - - # Expect a file to exist at the default location and have 32 users - describe shadow do - its('count') { should eq 32 } - end - - # Use a custom location - describe shadow('/etc/my-custom-place/shadow') do - its('count') { should eq 32 } - end - -## Examples - -A `shadow` resource block uses `where` to filter entries from the shadow file. If `where` is omitted, all entries are selected. - - # Select all users. Among them, there should not be a user with the name 'forbidden_user'. - describe shadow do - its('users') { should_not include 'forbidden_user' } - end - - # Ensure there is only one user named 'root' (Select all with name 'root', then count them). - describe shadow.where(user: 'root') do - its('count') { should eq 1 } - end - -Use `where` to match any of the supported [filter criteria](#filter_criteria). `where` has a method form for simple equality and a block form for more complex queries. - - # Method form, simple - # Select just the root user (direct equality) - describe shadow.where(user: 'root') do - its ('count') { should eq 1 } - end - - # Method form, with a regex - # Select all users whose names begin with smb - describe shadow.where(user: /^smb/) do - its ('count') { should eq 2 } - end - - # Block form - # Select users whose passwords have expired - describe shadow.where { expiry_date > 0 } do - # This test directly asserts that there should be 0 such users - its('count') { should eq 0 } - # But if the count test fails, this test outputs the users that are causing the failure. - its('users') { should be_empty } - end - -Use `where` with [expect syntax](/inspec/profiles/#should-vs-expect-syntax) to show all users (that aren't disabled or locked) without SHA512 hashed passwords. - - # Users with password fields that are not *, !, or don't begin with $6$ - bad_users = inspec.shadow.where { password !~ /^[*!]$|^\$6\$.*/ }.users - - describe 'Password hashes in /etc/shadow' do - it 'should only contain SHA512 hashes' do - message = "Users without SHA512 hashes: #{bad_users.join(', ')}" - expect(bad_users).to be_empty, message - end - end - -## Properties - -As a [plural resource](/inspec/glossary/#plural_resource), all of `shadow`'s properties return lists (that is, Ruby Arrays). `include` and `be_empty` are two useful matchers when working with lists. You can also perform manipulation of the lists, such as calling `uniq`, `sort`, `count`, `first`, `last`, `min`, and `max`. - -### users - -A list of strings, representing the usernames matched by the filter. - - describe shadow - its('users') { should include 'root' } - end - -### passwords - -A list of strings, representing the encrypted password strings for entries matched by the `where` filter. Each string may not be an encrypted password, but rather a `*` or similar which indicates that direct logins are not allowed. Different operating systems use different flags here (such as `*LK*` to indicate the account is locked). - - # Use uniq to remove duplicates, then determine - # if the only password left on the list is '*' - describe shadow.where(user: /adm$/) do - its('passwords.uniq.first') { should cmp '*' } - its('passwords.uniq.count') { should eq 1 } - end - -### last_changes - -A list of integers, indicating the number of days since Jan 1, 1970 since the password for each matching entry was changed. - - # Ensure all entries have changed their password in the last 90 days. (Probably want a filter on that) - describe shadow do - its('last_changes.min') { should be < Date.today - 90 - Date.new(1970,1,1) } - end - -### min_days - -A list of integers reflecting the minimum number of days a password must exist, before it may be changed, for the users that matched the filter. - - # min_days seems crazy today; make sure it is zero for everyone - describe shadow do - its('min_days.uniq') { should eq [0] } - end - -### max_days - -A list of integers reflecting the maximum number of days after which the password must be changed for each user matching the filter. - - # Make sure there is no policy allowing longer than 90 days - describe shadow do - its('max_days.max') { should be < 90 } - end - -### warn_days - -A list of integers reflecting the number of days a user is warned about an expiring password for each user matching the filter. - - # Ensure everyone gets the same 7-day policy - describe shadow do - its('warn_days.uniq.count') { should eq 1 } - its('warn_days.uniq.first') { should eq 7 } - end - -### inactive_days - -A list of integers reflecting the number of days a user must be inactive before the user account is disabled for each user matching the filter. - - # Ensure everyone except admins has an stale policy of no more than 14 days - describe shadow.where { user !~ /adm$/ } do - its('inactive_days.max') { should be <= 14 } - end - -### expiry_dates - -A list of integers reflecting the number of days since Jan 1, 1970 that a user account has been disabled, for each user matching the filter. Value is `nil` if the account has not expired. - - # No one should have an expired account. - describe shadow do - its('expiry_dates.compact') { should be_empty } - end - -### count - -The `count` property tests the number of records that the filter matched. - - # Should probably only have one root user - describe shadow.user('root') do - its('count') { should eq 1 } - end - -## Filter Criteria - -You may use any of these filter criteria with the `where` function. They are named after the columns in the shadow file. Each has a related list [property](#properties). - -### user - -The string username of a user. Always present. Not required to be unique. - - # Expect all users whose name ends in adm to have a disabled password via the '*' flag - describe shadow.where(user: /adm$/) do - its('password.uniq') { should eq ['*'] } - end - -### password - -The encrypted password strings, or an account status string. Each string may not be an encrypted password, but rather a `*` or similar which indicates that direct logins are not allowed. Different operating systems use other flags here (such as `*LK*` to indicate the account is locked). - - # Find 'locked' accounts and ensure 'nobody' is on the list - describe shadow.where(password: '*LK*') do - its('users') { should include 'nobody' } - end - -### last_change - -An integer reflecting the number of days since Jan 1, 1970 since the user's password was changed. - - # Find users who have not changed their password within 90 days - describe shadow.where { last_change > Date.today - 90 - Date.new(1970,1,1) } do - its('users') { should be_empty } - end - -### min_days - -An integer reflecting the minimum number of days a user is required to wait before -changing their password again. - - # Find users who have a nonzero wait time - describe shadow.where { min_days > 0 } do - its('users') { should be_empty } - end - -### max_days - -An integer reflecting the maximum number of days a user may go without changing their password. - - # All users should have a 30-day policy - describe shadow.where { max_days != 30 } do - its('users') { should be_empty } - end - -### warn_days - -An integer reflecting the number of days before a password expiration that a user receives an alert. - - # All users should have a 7-day warning policy - describe shadow.where { warn_days != 7 } do - its('users') { should be_empty } - end - -### inactive_days - -An integer reflecting the number of days that must pass before a user who has not logged in will be disabled. - - # Ensure everyone has a stale policy of no more than 14 days. - describe shadow.where { inactive_days.nil? || inactive_days > 14 } do - its('users') { should be_empty } - end - -### expiry_date - -An integer reflecting the number of days since Jan 1, 1970 on which the user was disabled. The `expiry_date` criterion is `nil` for enabled users. - - # Ensure no one is disabled due to a old password - describe shadow.where { !expiry_date.nil? } do - its('users') { should be_empty } - end - - # Ensure no one is disabled for more than 14 days - describe shadow.where { !expiry_date.nil? && expiry_date - Date.new(1970,1,1) > 14} do - its('users') { should be_empty } - end - -## Matchers - -This resource has no resource-specific matchers. - -For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssh_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssh_config.md deleted file mode 100644 index 32bbb2d1da..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssh_config.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "ssh_config resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "ssh_config" - identifier = "inspec/resources/os/ssh_config.md ssh_config resource" - parent = "inspec/resources/os" -+++ - -Use the `ssh_config` Chef InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v6.8.0 of InSpec. - -## Syntax - -An `ssh_config` resource block declares the client OpenSSH configuration data to be tested: - - describe ssh_config('path') do - its('name') { should include('foo') } - end - -where - -- `name` is a configuration setting in `ssh_config` -- `('path')` is the non-default `/path/to/ssh_config` -- `{ should include('foo') }` tests the value of `name` as read from `ssh_config` versus the value declared in the test - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test SSH configuration settings - - describe ssh_config do - its('cipher') { should contain '3des' } - its('port') { should eq '22' } - its('hostname') { should include('example.com') } - end - -### Test which variables from the local environment are sent to the server - - only_if do - command('sshd').exist? or command('ssh').exists? - end - - describe ssh_config do - its('SendEnv') { should include('CI_ENABLE_COVERAGE') } - end - -### Test SSH configuration - - describe ssh_config do - its('Host') { should eq '*' } - its('Tunnel') { should eq nil } - its('SendEnv') { should eq 'LANG LC_*' } - its('HashKnownHosts') { should eq 'yes' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### name - -The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test: - - its('name') { should eq 'foo' } - -or: - - its('name') { should include('bar') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssh_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssh_key.md deleted file mode 100644 index 77f2e4cd52..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssh_key.md +++ /dev/null @@ -1,114 +0,0 @@ -+++ -title = "ssh_key resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "ssh_key" - identifier = "inspec/resources/os/ssh_key.md ssh_key resource" - parent = "inspec/resources/os" -+++ - -Use the `ssh_key` Chef InSpec audit resource to test ssh keys. Supported key types RSA, DSA(Limited support. Not verifies private key) , ECDSA, Ed25519 - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.18.0 of Chef InSpec. - -## Syntax - -The `ssh_key` resource tests the properties of an SSH key file. Provide the path to a key file or a key filename. If you pass in a filename, this resource checks for keys on default path `~/.ssh/`. - -```rb -describe ssh_key('~/.ssh/id_rsa') do - it { should be_private } - it { should be_public } - its('type') { should cmp /rsa/ } - its('key_length') { should eq 2048 } - its('mode') { should cmp '0400' } -end -``` - -You can use an optional passphrase with `ssh_key`: - -```rb -describe ssh_key('~/.ssh/id_rsa', '') do - it { should be_private } -end -``` - -Replace `` with the private key passphrase. - -## Properties - -### key_length - -The `key_length` property tests the number of bits in the key pair. This only works with RSA keys. - -```rb -describe ssh_key('~/.ssh/id_rsa') do - its('key_length') { should eq 4096 } -end -``` - -### type - -The `type` property verifies the key type. - -```rb -describe ssh_key('~/.ssh/id_ecdsa') do - its('type') { should cmp /ecdsa/ } -end -``` - -Allowed values: - -- `rsa` -- `ecdsa` -- `ed25519` -- `dsa` - -### file properties - -The ssh_key resource also tests the same properties that the [file resource](/inspec/resources/file#properties) tests. -For example, you can use the `mode` property to test if the mode assigned to the SSH key matches the specified value. - -```rb -describe ssh_key('~/.ssh/id_rsa') do - its('mode') { should cmp '0400' } -end -``` - -## Matchers - -For a full list of available matchers, see the [matchers page](/inspec/matchers/). - -### be_public - -Use `be_public` to verify that a key is public key: - -```rb -describe ssh_key('~/.ssh/id_ed25519.pub') do - it { should be_public } -end -``` - -### be_private - -Use `be_private` to verify that a key is a private key: - -```rb -describe ssh_key('~/.ssh/id_ecdsa', '') do - it { should be_private } -end -``` - -Replace `` with the private key passphrase. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sshd_active_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sshd_active_config.md deleted file mode 100644 index e0e1364b6f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sshd_active_config.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "sshd_active_config resource" -draft = false -gh_repo = "inspec" -platform = "linux" -[menu] - [menu.inspec] - title = "sshd_active_config" - identifier = "inspec/resources/os/sshd_active_config.md sshd_active_config resource" - parent = "inspec/resources/os" -+++ -Use the `sshd_active_config` Chef InSpec audit resource to find and test configuration data for the OpenSSH daemon. By default, this configuration data is located at `/etc/ssh/sshd_config` on Linux and Unix platforms. However, this resource is designed to retrieve the active configuration file by the sshd process itself. sshd---the OpenSSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges. -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v6.8.0 of InSpec. - -## Syntax - -An `sshd_active_config` resource block declares the OpenSSH daemon configuration data to be tested: - - describe sshd_active_config do - its('name') { should include('foo') } - end - -where - -- `name` is a configuration setting in `sshd_config` -- `{ should include('foo') }` tests the value of `name` as read from `sshd_active_config` versus the value declared in the test - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Inspect the file and path found by the `sshd_active_config` resource - - describe sshd_active_config.active_path do - it { should match '/expected/path/sshd_config' } - end - -### Test which variables may be sent to the server - - describe sshd_active_config do - its('AcceptEnv') { should include('CI_ENABLE_COVERAGE') } - end - -### Test for IPv6-only addresses - - describe sshd_active_config do - its('AddressFamily') { should cmp 'inet6' } - end - -### Test the Protocol setting - - describe sshd_active_config do - its('Protocol') { should cmp 2 } - end - -### Test for approved, strong ciphers - - describe sshd_active_config do - its('Ciphers') { should cmp('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') } - end - -### Test SSH protocols - - describe sshd_active_config do - its('Port') { should cmp 22 } - its('UsePAM') { should eq 'yes' } - its('ListenAddress') { should eq nil } - its('HostKey') do - should eq [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_dsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - ] - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### name - -The `name` matcher tests the value of `name` as read from `sshd_active_config` versus the value declared in the test: - - its('name') { should cmp 'foo' } - -or: - - its('name') {should include('bar') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sshd_config.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sshd_config.md deleted file mode 100644 index bbb6196018..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sshd_config.md +++ /dev/null @@ -1,97 +0,0 @@ -+++ -title = "sshd_config resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "sshd_config" - identifier = "inspec/resources/os/sshd_config.md sshd_config resource" - parent = "inspec/resources/os" -+++ - -Use the `sshd_config` Chef InSpec audit resource to test configuration data for the OpenSSH daemon located at `/etc/ssh/sshd_config` on Linux and Unix platforms. sshd---the OpenSSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `sshd_config` resource block declares the OpenSSH daemon configuration data to be tested: - - describe sshd_config('path') do - its('name') { should include('foo') } - end - -where - -- `name` is a configuration setting in `sshd_config` -- `('path')` is the non-default `/path/to/sshd_config` -- `{ should include('foo') }` tests the value of `name` as read from `sshd_config` versus the value declared in the test - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test which variables may be sent to the server - - describe sshd_config do - its('AcceptEnv') { should include('CI_ENABLE_COVERAGE') } - end - -### Test for IPv6-only addresses - - describe sshd_config do - its('AddressFamily') { should cmp 'inet6' } - end - -### Test the Protocol setting - - describe sshd_config do - its('Protocol') { should cmp 2 } - end - -### Test for approved, strong ciphers - - describe sshd_config do - its('Ciphers') { should cmp('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') } - end - -### Test SSH protocols - - describe sshd_config do - its('Port') { should cmp 22 } - its('UsePAM') { should eq 'yes' } - its('ListenAddress') { should eq nil } - its('HostKey') do - should eq [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_dsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - ] - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### name - -The `name` matcher tests the value of `name` as read from `sshd_config` versus the value declared in the test: - - its('name') { should cmp 'foo' } - -or: - - its('name') {should include('bar') } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssl.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssl.md deleted file mode 100644 index 2d357cf77e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/ssl.md +++ /dev/null @@ -1,166 +0,0 @@ -+++ -title = "ssl resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "ssl" - identifier = "inspec/resources/os/ssl.md ssl resource" - parent = "inspec/resources/os" -+++ - -Use the `ssl` Chef InSpec audit resource to test SSL settings for the named port. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `ssl` resource block declares an SSL port, and then other properties of the test like cipher and/or protocol: - - describe ssl(port: #) do - it { should be_enabled } - end - -or: - - describe ssl(port: #).filter('value') do - it { should be_enabled } - end - -where - -- `ssl(port: #)` is the port number, such as `ssl(port: 443)` -- `filter` may take any of the following arguments: `ciphers`, `protocols`, and `handshake` - -## Properties - -### ciphers - -The `ciphers` property tests the named cipher: - - its('ciphers') { should_not eq '/rc4/i' } - -or: - - describe ssl(port: 443).ciphers(/rc4/i) do - it { should_not be_enabled } - end - -### protocols - -The `protocols` property tests what protocol versions (SSLv3, TLSv1.1, etc) are enabled: - - its('protocols') { should eq 'ssl2' } - -or: - - describe ssl(port: 443).protocols('ssl2') do - it { should_not be_enabled } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Run the ssl-baseline example profile - -The following shows how to use the `ssl` Chef InSpec audit resource to find all TCP ports on the system, including IPv4 and IPv6. (This is a partial example based on the `ssl_text.rb` file in the `ssl-baseline` profile on GitHub.) - - ... - - control 'tls1.2' do - title 'Run TLS 1.2 whenever SSL is active on a port' - impact 0.5 - - sslports.each do |socket| - proc_desc = "on node == #{command('hostname').stdout.strip} running #{socket.process.inspect} (#{socket.pid})" - describe ssl(port: socket.port).protocols('tls1.2') do - it(proc_desc) { should be_enabled } - it { should be_enabled } - end - end - end - - ... - - control 'rc4' do - title 'Disable RC4 ciphers from all exposed SSL/TLS ports and versions.' - impact 0.5 - - sslports.each do |socket| - proc_desc = "on node == #{command('hostname').stdout.strip} running #{socket.process.inspect} (#{socket.pid})" - describe ssl(port: socket.port).ciphers(/rc4/i) do - it(proc_desc) { should_not be_enabled } - it { should_not be_enabled } - end - end - end - -There are two ways to run the `ssl-baseline` example profile to test SSL via the `ssl` resource. - -Clone the profile: - - $ git clone https://github.com/dev-sec/ssl-baseline - -and then run: - - $ inspec exec ssl-baseline - -Or execute the profile directly via URL: - - $ inspec exec https://github.com/dev-sec/ssl-baseline - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if SSL is enabled: - - it { should be_enabled } - -### ciphers - -The `ciphers` matcher tests the named cipher: - - its('ciphers') { should_not eq '/rc4/i' } - -or: - - describe ssl(port: 443).ciphers(/rc4/i) do - it { should_not be_enabled } - end - -### protocols - -The `protocols` matcher tests what protocol versions (SSLv3, TLSv1.1, etc) are enabled: - - its('protocols') { should eq 'ssl2' } - -or: - - describe ssl(port: 443).protocols('ssl2') do - it { should_not be_enabled } - end - -Supported protocols: - -- `ssl2` -- `ssl3` -- `tls1.0` -- `tls1.1` -- `tls1.2` -- `tls1.3` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sybase_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sybase_conf.md deleted file mode 100644 index 433a5e0009..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sybase_conf.md +++ /dev/null @@ -1,72 +0,0 @@ -+++ -title = "sybase_conf resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "sybase_conf" - identifier = "inspec/resources/os/sybase_conf.md sybase_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `sybase_conf` Chef InSpec audit resource to test the configuration of an SAP Adaptive Server Enterprise (ASE) database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Requirements - -The `isql` command line tool must be installed on the target system. - -You must have access to a database user that has access to the `sa` role on the `master` database. - -## Syntax - -A `sybase_conf` resource block declares the configuration item name, server, and password to use. - - describe sybase_session('config item', server: 'SYBASE', password: 'PASSWORD') do - its('run_value') { should cmp 'EXPECTED' } - its('config_value') { should cmp 'EXPECTED' } - end - -where - -- `sybase_conf` declares a configuration item, server, and password with permission to run `sp_configure`. -- `its('run_value') { should cmp 'expected' }` compares the current running value of the configuration item against an expected value. -- `its('config_value') { should cmp 'expected' }` compares the saved value of the configuration item against an expected value. - -### Optional Parameters - -The `sybase_conf` resource is based on the `sybase_session` resource and accepts all parameters that `sybase_session` accepts, including optional parameters `username`, `database`, `sybase_home`, and `bin`. - -In particular: - -#### `database` - -Defaults to `master`. - -#### `username` - -Defaults to `sa`. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for max memory configuration - -```ruby -describe sybase_session('max memory', server: 'SYBASE', password: 'PASSWORD') do - its('run_value') { should cmp 180224 } - its('config_value') { should cmp 180224 } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sybase_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sybase_session.md deleted file mode 100644 index 7d65b2db06..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sybase_session.md +++ /dev/null @@ -1,88 +0,0 @@ -+++ -title = "sybase_session resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "sybase_session" - identifier = "inspec/resources/os/sybase_session.md sybase_session resource" - parent = "inspec/resources/os" -+++ - -Use the `sybase_session` Chef InSpec audit resource to test the SQL commands run against an SAP Adaptive Server Enterprise (ASE) database. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Requirements - -The `isql` command line tool must be installed on the target system. - -## Syntax - -A `sybase_session` resource block declares the server, database, username and password to use for the session, and then the command to be run: - - describe sybase_session(database: 'pubs2', server: 'SYBASE', username: 'USERNAME', password: 'PASSWORD').query('QUERY').row(0).column('RESULT') do - its('value') { should eq('EXPECTED') } - end - -where - -- `sybase_session` declares a server, database, username, and password with permission to run the query. -- `query('QUERY')` contains the query to be run. -- `its('value') { should eq('expected') }` compares the results of the query against the expected result in the test. - -### Optional Parameters - -#### bin - -You may use the `bin` parameter to specify the path to the `isql` cli tool. - -```ruby -describe sybase_session(database: 'pubs2', - server: 'SYBASE', - username: 'USERNAME', - password: 'PASSWORD', - bin: '/opt/sap/OCS-16_0/bin/isql', - ).query('QUERY').row(0).column('RESULT') do - its('value') { should eq('EXPECTED') } -end -``` - -#### sybase_home - -You may use the `sybase_home` parameter to specify the path to the sybase installation. - -```ruby -describe sybase_session(database: 'pubs2', - server: 'SYBASE', - username: 'USERNAME', - password: 'PASSWORD', - sybase_home: '/opt/sap', - ).query('QUERY').row(0).column('RESULT') do - its('value') { should eq('EXPECTED') } -end -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for matching values in the pubs2 sample database - -```ruby -sql = sybase_session(database: 'pubs2', server: 'SYBASE', username: 'MY_USER', password: 'PASSWORD') - -describe sql.query("SELECT au_lname FROM authors").row(0).column('AU_LNAME') do - its("value") { should eq 'BENNET' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sys_info.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sys_info.md deleted file mode 100644 index 0728a8d854..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sys_info.md +++ /dev/null @@ -1,104 +0,0 @@ -+++ -title = "sys_info resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "sys_info" - identifier = "inspec/resources/os/sys_info.md sys_info resource" - parent = "inspec/resources/os" -+++ - -Use the `sys_info` Chef InSpec audit resource to test for operating system properties for the named host, and then returns that info as standard output. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `sys_info` resource block declares the hostname to be tested: - - describe sys_info do - its('hostname') { should eq 'value' } - end - -## Properties - -### hostname - -The `hostname` property tests the host for which standard output is returned: - - its('hostname') { should eq 'value' } - -### fqdn - -The `fqdn` property tests the 'fully qualified domain name' of the system: - - its('fqdn') { should eq 'value' } - -### domain - -The `domain` property tests the name of the DNS domain: - - its('domain') { should eq 'value' } - -### ip-address - -The `ip-address` property tests all network addresses of the host: - - its('ip-address') { should eq 'value' } - -### short - -The `short` property tests the host name cut at the first dot: - - its('short') { should eq 'value' } - -### manufacturer - -The `manufacturer` property tests the host for which standard output is returned: - - its('manufacturer') { should eq 'ACME Corp.' } - -### model - -The `model` property tests the host for which standard output is returned: - - its('model') { should eq 'Flux Capacitor' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Get system information for example.com - - describe sys_info do - its('hostname') { should eq 'example.com' } - end - -### Compare content to hostname - - describe file('/path/to/some/file') do - its('content') { should match sys_info.hostname } - end - -Options can be passed as arguments to hostname as well. - - describe file('/path/to/some/file') do - its('content') { should match sys_info.hostname('full') } - end - -Currently supported arguments to `hostname` on Linux platforms are 'full'|'f'|'fqdn'|'long', 'domain'|'d', 'ip_address'|'i', and 'short'|'s'. Mac currently supports 'full'|'f'|'fqdn'|'long' and 'short'|'s' - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/systemd_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/systemd_service.md deleted file mode 100644 index 7932162c2d..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/systemd_service.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "systemd_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "systemd_service" - identifier = "inspec/resources/os/systemd_service.md systemd_service resource" - parent = "inspec/resources/os" -+++ - -Use the `systemd_service` Chef InSpec audit resource to test a service using SystemD. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `systemd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service: - - describe systemd_service('service_name') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end - -where - -- `('service_name')` must specify a service name -- `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used - -The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example: - - describe systemd_service('service_name', '/path/to/control') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - - it { should be_enabled } - -### be_installed - -The `be_installed` matcher tests if the named service is installed: - - it { should be_installed } - -### be_running - -The `be_running` matcher tests if the named service is running: - - it { should be_running } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sysv_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sysv_service.md deleted file mode 100644 index 2b7c7e3923..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/sysv_service.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "sysv_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "sysv_service" - identifier = "inspec/resources/os/sysv_service.md sysv_service resource" - parent = "inspec/resources/os" -+++ - -Use the `sysv_service` Chef InSpec audit resource to test a service using SystemV. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `sysv_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service: - - describe sysv_service('service_name') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end - -where - -- `('service_name')` must specify a service name -- `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used - -The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example: - - describe sysv_service('service_name', '/path/to/control') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - - it { should be_enabled } - -### be_installed - -The `be_installed` matcher tests if the named service is installed: - - it { should be_installed } - -### be_running - -The `be_running` matcher tests if the named service is running: - - it { should be_running } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/timezone.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/timezone.md deleted file mode 100644 index 8585984926..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/timezone.md +++ /dev/null @@ -1,88 +0,0 @@ -+++ -title = "timezone resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "timezone" - identifier = "inspec/resources/os/timezone.md timezone resource" - parent = "inspec/resources/os" -+++ - -Use the `timezone` Chef InSpec audit resource to test timezone configurations of the system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `timezone` resource block fetches the time zone configuration of a system and compares the output with the test: - - describe timezone do - its('property') { should eq 'expected value' } - end - -where - -- `'property'` is one of `identifier` , `name` and `time_offset` -- `'expected value'` tests the output of the command run on the system versus the expected output stated in the test - -For example: - - describe timezone do - its('identifier') { should eq 'Asia/Kolkata' } - its('name') { should eq 'IST' } - its('time_offset') { should eq '+0530' } - end - -## Properties - -### identifier - -The `identifier` property verifies the time zone name of a system. - -An example of checking the **identifier** for the Asia/Kolkata time zone name: - - its('identifier') { should eq 'Asia/Kolkata' } - -### name - -The `name` property verifies the time zone of a system. - -{{< note >}} - -The `name` property accepts the time zone abbreviation on Linux systems and the full time zone name on Windows systems. - -{{< /note >}} - -An example of verifying that the time zone is set to IST on a Linux system: - - its('name') { should eq 'IST' } - - -{{< note >}} - -Several time zones share the same time zone abbreviation. Use one of the other properties to verify a specific time zone with a common abbreviation. - -{{< /note >}} - -An example of verifying that the time zone is set to India Standard Time on a Windows system: - - its('name') { should eq 'India Standard Time' } - -### time_offset - -The `time_offset` property verifies the time offset of a system from UTC (Coordinated Universal Time). - -An example of verifying that the **time_offset** is UTC+05:30: - - its('time_offset') { should eq '+0530' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/toml.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/toml.md deleted file mode 100644 index ba01b239fe..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/toml.md +++ /dev/null @@ -1,85 +0,0 @@ -+++ -title = "toml resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "toml" - identifier = "inspec/resources/os/toml.md toml resource" - parent = "inspec/resources/os" -+++ - -Use the `toml` Chef InSpec audit resource to test settings in a TOML file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `toml` resource block declares the configuration settings to be tested: - -```ruby -describe toml('path') do - its('setting_name') { should eq 'value' } -end -``` - -where: - -- `'setting_name'` is a setting key defined in the TOML file. -- `('path')` is the path to the TOML file. -- `{ should eq 'value' }` is the value that is expected. - - -## Properties - -This resource supports any of the settings listed in a TOML file as properties. - -## Examples - -In the examples below, the `example.toml` file contains the following data: - -```toml -port = 8080 -fruits = ["apple", "banana", "cantaloupe"] - -[section] -key1 = "value1" -``` - -**Verify the port number:** - -```ruby -describe toml('path/to/example.toml') do - its('port') { should eq 8080 } -end -``` - -**Verify the value of an array using brackets:** - -```ruby -describe toml('path/to/example.toml') do - its(['fruits', 0]) { should eq 'apple' } -end -``` - -**Verify the value of a key in a table using brackets:** - -```ruby -describe toml('path/to/example.toml') do - its(['section', 'key1']) { should cmp 'value1' } -end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/upstart_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/upstart_service.md deleted file mode 100644 index 4c59fb748b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/upstart_service.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "upstart_service resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "upstart_service" - identifier = "inspec/resources/os/upstart_service.md upstart_service resource" - parent = "inspec/resources/os" -+++ - -Use the `upstart_service` Chef InSpec audit resource to test a service using Upstart. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `upstart_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service: - - describe upstart_service('service_name') do - it { should be_installed } - it { should be_enabled } - it { should be_running } - end - -where - -- `('service_name')` must specify a service name -- `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used - -The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example: - - describe upstart_service('service_name', '/path/to/control') do - it { should be_enabled } - it { should be_installed } - it { should be_running } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the named service is enabled: - - it { should be_enabled } - -### be_installed - -The `be_installed` matcher tests if the named service is installed: - - it { should be_installed } - -### be_running - -The `be_running` matcher tests if the named service is running: - - it { should be_running } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/user.md deleted file mode 100644 index 8af62366f5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/user.md +++ /dev/null @@ -1,310 +0,0 @@ -+++ -title = "user resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "user" - identifier = "inspec/resources/os/user.md user resource" - parent = "inspec/resources/os" -+++ - -Use the `user` Chef InSpec audit resource to test user profiles of a single, known or expected local user, including the groups to which the user belongs, the frequency of password changes, and the directory paths to home and shell. - -## Availability - -### Install - -This resource is distributed with Chef InSpec. - -### Version - -This resource is available from InSpec version 1.0.0. - -## Syntax - -A `user` resource block declares a user name and then one (or more) matchers. - -```ruby - describe user('root') do - it { should exist } - its('uid') { should eq 1234 } - its('gid') { should eq 1234 } - its('group') { should eq 'root' } - its('groups') { should eq ['root', 'other']} - its('home') { should eq '/root' } - its('shell') { should eq '/bin/bash' } - its('mindays') { should eq 0 } - its('maxdays') { should eq 90 } - its('warndays') { should eq 8 } - its('passwordage') { should eq 355 } - its('maxbadpasswords') { should eq nil } // Only valid on Windows OS - its('badpasswordattempts') { should eq 0 } - its('lastlogin') { should eq nil } // Only valid on Windows OS - end -``` - -> Where -> -> - `('root')` is the user to be tested. -> - `it { should exist }` tests if the user exists. -> - `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, `warndays`´, `passwordage`, `maxbadpasswords`, `badpasswordattempts`, and `lastlogin` are valid matchers for this resource. - -## Properties - -### gid - -The `gid` property tests the group identifier. - -```ruby - its('gid') { should eq 1234 } -``` - -> Where `1234` represents the user identifier. - -The `gid` option is only available on Linux and returns `nil` for Windows OS (Operating System). - -### group - -The `group` property tests the group to which the user belongs. - -```ruby - its('group') { should eq 'root' } -``` - -> where `root` represents the group. - -The `group` option is only available on Linux and returns `nil` for Windows OS. - -### groups - -The `groups` property tests two (or more) groups to which the user belongs. - -```ruby - its('groups') { should eq ['root', 'other'] } -``` - -### home - -The `home` property tests the home directory path for the user. - -```ruby - its('home') { should eq '/root' } -``` - -### maxdays - -The `maxdays` property tests the maximum number of days between password changes. - -```ruby - its('maxdays') { should eq 99 } -``` - -> where `99` represents the maximum number of days. - -### maximum_days_between_password_change - -The `maximum_days_between_password_change` property is equivalent to `maxdays`. This property tests the maximum number of days between password changes. - -```ruby - its('maximum_days_between_password_change') { should eq 99 } -``` - -> where `99` represents the maximum number of days. - -### mindays - -The `mindays` property tests the minimum number of days between password changes. - -```ruby - its('mindays') { should eq 0 } -``` - -> where `0` represents the minimum number of days. - -### minimum_days_between_password_change - -The `minimum_days_between_password_change` property is equivalent to `mindays`. - -```ruby - its('minimum_days_between_password_change') { should eq 0 } -``` - -> where `0` represents the minimum number of days. - -### shell - -The `shell` property tests the path to the default shell for the user. - -```ruby - its('shell') { should eq '/bin/bash' } -``` - -### uid - -The `uid` property tests the user identifier. - -```ruby - its('uid') { should eq 1234 } -``` - -> where `1234` represents the user identifier. - -### warndays - -The `warndays` property tests the number of days a user is warned before a password should be changed. - -```ruby - its('warndays') { should eq 5 } -``` - -> where `5` represents the number of days a user is warned. - -### passwordage - -The `passwordage` property tests the number of days a user changed the password. - -```ruby - its('passwordage') { should_be <= 365 } -``` - -> where `365` represents the number of days since the last password change. - -### maxbadpasswords - -The `maxbadpasswords` property tests the count of maximum number of incorrect password settings for a specific user. - -```ruby - its('maxbadpasswords') { should eq 7 } -``` - -> where `7` is the count of maximum incorrect password settings. - -### badpasswordattempts - -The `badpasswordattempts` property tests the count of incorrect password attempts for a user. - -```ruby - its('badpasswordattempts') { should eq 0 } -``` - -> where `0` is the count of incorrect passwords for a user. - -These settings reset to `0` depending on your operating system configuration. For Linux-based operating systems, it relies on `lastb`, and for Windows OS, it uses information stored for the user object. - -### lastlogin - -The `lastlogin` property tests the last login date for a specific user. - -```ruby - its('lastlogin') { should eq nil } -``` - -The `nil` value means this user has never logged in. - -### encrypted_password - -The `encrypted_password` property allows tests against the hashed password stored in shadow files on Unix systems with `getent` utility. - -```ruby - its('encrypted_password') { should eq "!" } -``` - -> The `!` value means the user cannot log in to the system using password authentication. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Verify available users for the MySQL server - -```ruby - describe user('ROOT') do - it { should exist } - its('uid') { should eq 0 } - its('groups') { should eq ['ROOT'] } - end - - describe user('MYSQL') do - it { should_not exist } - end -``` - -### Test users on multiple platforms - -The `nginx` user is typical `www-data`, but it's `nginx` on CentOS. The following example shows how to test for the `nginx` user with a single test but accounting for all platforms. - -```ruby - web_user = 'www-data' - web_user = 'nginx' if os[:family] == 'centos' - - describe user(web_user) do - it { should exist } - end -``` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the named user exists: - -```ruby - it { should exist } -``` - -### have_home_directory - -The `have_home_directory` matcher tests if the given path is the home directory path. This matcher is similar to `home` property. - -```ruby - it { should have_home_directory '/home/ubuntu' } -``` - -### have_login_shell - -The `have_login_shell` matcher tests if the given path to shell is the default shell for the user. This matcher is similar to `shell` property. - -```ruby - it { should have_login_shell '/bin/bash' } -``` - -### have_uid - -The `have_uid` matcher tests if the given user identifier is *true*. This matcher is similar to `uid` property. - -```ruby - it { should have_uid 1234 } -``` - -> where `1234` represents the user identifier. - -### belong_to_primary_group - -The `belong_to_primary_group` matcher tests if the given group is the primary group for the user. This matcher is similar to `group` property. - -```ruby - it { should belong_to_primary_group 'ubuntu' } -``` - -### belong_to_group - -The `belong_to_group` matcher tests if the given group is a valid group for the user. This group can be either primary or any other group. - -```ruby - it { should belong_to_group 'sudo' } -``` - -### have_authorized_keys - -The `have_authorized_keys` matcher tests if the given key is valid as part of the `authorized_keys` file. - -```ruby - it { should have_authorized_key 'ssh-ed25519 50m3r4nd0m57r1ng mockkey' } -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/users.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/users.md deleted file mode 100644 index 93c0567deb..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/users.md +++ /dev/null @@ -1,181 +0,0 @@ -+++ -title = "users resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "users" - identifier = "inspec/resources/os/users.md users resource" - parent = "inspec/resources/os" -+++ - -Use the `users` Chef InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `users` resource block declares a user name, and then one (or more) matchers: - - describe users.where(uid: 0).entries do - it { should eq ['root'] } - its('uids') { should eq [1234] } - its('gids') { should eq [1234] } - end - -where - -- `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, `warndays`, `passwordage`, `maxbadpasswords` and `badpasswordattempts` are valid matchers for this resource -- `where(uid: 0).entries` represents a filter that runs the test only against matching users - -For example: - - describe users.where { username =~ /.*/ } do - it { should exist } - end - -or: - - describe users.where { uid =~ /^S-1-5-[0-9-]+-501$/ } do - it { should exist } - end - -## Properties - -### gid - -The `gid` property tests the group identifier: - - its('gid') { should eq 1234 } } - -where `1234` represents the user identifier. - -### group - -The `group` property tests the group to which the user belongs: - - its('group') { should eq 'root' } - -where `root` represents the group. - -### groups - -The `groups` property tests two (or more) groups to which the user belongs: - - its('groups') { should eq ['root', 'other']} - -### home - -The `home` property tests the home directory path for the user: - - its('home') { should eq '/root' } - -### maxdays - -The `maxdays` property tests the maximum number of days between password changes: - - its('maxdays') { should eq 99 } - -where `99` represents the maximum number of days. - -### mindays - -The `mindays` property tests the minimum number of days between password changes: - - its('mindays') { should eq 0 } - -where `0` represents the maximum number of days. - -### shell - -The `shell` property tests the path to the default shell for the user: - - its('shells') { should eq ['/bin/bash'] } - -### uid - -The `uid` property tests the user identifier: - - its('uid') { should eq 1234 } } - -where `1234` represents the user identifier. - -### warndays - -The `warndays` property tests the number of days a user is warned before a password must be changed: - - its('warndays') { should eq 5 } - -where `5` represents the number of days a user is warned. - -### passwordage - -The `passwordage` property tests the number of days a user changed its password: - - its('passwordage') { should_be <= 365 } - -where `365` represents the number of days since the last password change. - -### maxbadpasswords - -The `maxbadpasswords` property tests the count of max badpassword settings for a specific user. - - its('maxbadpasswords') { should eq 7 } - -where `7` is the count of maximum bad password attempts. - -### badpasswordattempts - -The `badpasswordattempts` property tests the count of bad password attempts for a user. - - its('badpasswordattempts') { should eq 0 } - -where `0` is the count of bad passwords for a user. -On Linux based operating systems it relies on `lastb` and for Windows it uses information stored for the user object. -These settings will reset to `0` depending on your operating system configuration. - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Use a regular expression to find users: - - describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do - it { should exist } - end - -### Test that only allowed users exist: - - allowed_users = %w(user1 user2 user3) - - users.where { uid > 1000 && uid < 65534 }.usernames.sort.each do |u| - describe user(u) do - if allowed_users.include?(u) - it { should exist } - else - it { should_not exist } - end - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `exist` matcher tests if the named user exists: - - it { should exist } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/vbscript.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/vbscript.md deleted file mode 100644 index 4ede4d2122..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/vbscript.md +++ /dev/null @@ -1,65 +0,0 @@ -+++ -title = "vbscript resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "vbscript" - identifier = "inspec/resources/os/vbscript.md vbscript resource" - parent = "inspec/resources/os" -+++ - -Use the `vbscript` Chef InSpec audit resource to test a VBScript on the Windows platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `vbscript` resource block tests the output of a VBScript on the Windows platform: - - describe vbscript('script contents') do - its('stdout') { should eq 'output' } - end - -where - -- `'script_name'` is the name of the VBScript to test -- `('output')` is the expected output of the VBScript - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a VBScript - -A VBScript file similar to: - - script = <<-EOH - WScript.Echo "hello" - EOH - -may be tested for multiple lines: - - describe vbscript(script) do - its('stdout') { should eq "hello\r\n" } - end - -and tested for whitespace removal from standard output: - - describe vbscript(script) do - its('strip') { should eq "hello" } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/virtualization.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/virtualization.md deleted file mode 100644 index 71bcdcadf5..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/virtualization.md +++ /dev/null @@ -1,112 +0,0 @@ -+++ -title = "virtualization resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "virtualization" - identifier = "inspec/resources/os/virtualization.md virtualization resource" - parent = "inspec/resources/os" -+++ - -Use the `virtualization` Chef InSpec audit resource to test the virtualization platform on which the system is running. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.28.0 of InSpec. - -## Syntax - -An `virtualization` resource block declares the virtualization platform that should be tested: - - describe virtualization do - its('system') { should MATCHER 'value' } - end - -where - -- `('system')` is the name of the system information of the virtualization platform (e.g. docker, lxc, vbox, kvm, etc) -- `MATCHER` is a valid matcher for this resource -- `'value'` is the value to be tested - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test for Docker - - describe virtualization do - its('system') { should eq 'docker' } - end - -### Test for VirtualBox - - describe virtualization do - its('system') { should eq 'vbox' } - its('role') { should eq 'guest' } - end - -### Detect the virtualization platform - - if virtualization.system == 'vbox' - describe package('name') do - it { should be_installed } - end - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### virtualization.virtual_system? Helper - -This helper returns, if any of the supported virtualization platforms was detected and the machine under test is a guest. You can use this in a `only_if { virtual_system? }` clause to execute test only on virtualized systems. - -### virtualization.physical_system? Helper - -If no virtualization platform is detected, this will return `true`. For unsupported virtualization platforms this can result in false positives. - -### virtualization.system names - -The resource supports the following virtualization platforms: - -On Linux machines: - -- `docker` (`guest` role only) -- `hyper-v` (`guest` role only) -- `kvm` -- `linux vserver` -- `lxc` / `lxd` -- `openstack` (`host` role only) -- `openvz` -- `parallels` (`guest` role only) -- `virtualbox` -- `vmware` (`guest` role only) -- `xen` - -On Windows machines (`guest` role only) - -- `hyper-v` -- `kvm` -- `vmware` -- `virtualbox` -- `xen` - -### virtualization.role - -Can be either - -- `guest` -- `host` - -Please see the documentation on `virtualization.system` to check supported roles per platform. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_feature.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_feature.md deleted file mode 100644 index beb0a97b2b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_feature.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "windows_feature resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "windows_feature" - identifier = "inspec/resources/os/windows_feature.md windows_feature resource" - parent = "inspec/resources/os" -+++ - -Use the `windows_feature` Chef InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature: - - describe windows_feature('feature_name') do - it { should be_installed } - end - -where - -- `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver` -- `be_installed` is a valid matcher for this resource - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test the DHCP feature (Attempts PowerShell then DISM) - - describe windows_feature('DHCP') do - it{ should be_installed } - end - -### Test the IIS-WebServer feature using DISM - - describe windows_feature('IIS-WebServer', DISM) do - it{ should be_installed } - end - -### Test the NetFx3 feature using DISM - - describe windows_feature('NetFx3', :dism) do - it{ should be_installed } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named Windows feature is installed: - - it { should be_installed } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_firewall.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_firewall.md deleted file mode 100644 index 0fdd98bd27..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_firewall.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "windows_firewall resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "windows_firewall" - identifier = "inspec/resources/os/windows_firewall.md windows_firewall resource" - parent = "inspec/resources/os" -+++ - -Use the `windows_firewall` Chef InSpec audit resource to test if a firewall profile is correctly configured on a Windows system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `windows_firewall` resource block specifies which profile to validate: - - describe windows_firewall('name') do - it { should be_enabled } - end - -where - -* `('name')` must specify the name of a firewall profile, such as `'Public'`, `'Private'` or `'Domain'` -* `be_enabled` is a valid matcher for this resource - - -## Examples - -The following example shows how to use this Chef InSpec audit resource. - -### Test if the firewall has the appropriate amount of rules and default Accept - - describe windows_firewall('Public') do - it { should be_enabled } - it { should have_default_inbound_allowed } - its('num_rules') { should eq 219 } - end - -## Properties - -The resource compiles the following list of firewall profile properties: - -* `description` -* `default_inbound_action` -* `default_outbound_action` -* `allow_inbound_rules` -* `allow_local_firewall_rules` -* `allow_local_ipsec_rules` -* `allow_user_apps` -* `allow_user_ports` -* `allow_unicast_response_to_multicast` -* `notify_on_listen` -* `enable_stealth_mode_for_ipsec` -* `log_max_size_kilobytes` -* `log_allowed` -* `log_blocked` -* `log_ignored` -* `num_rules` - -Each of these properties can be used in two distinct ways: - - its('default_inbound_action') { should cmp 'Allow' } - -or via matcher: - - it { should have_default_inbound_action 'Allow' } - -Shortcuts are defined for: - -* `have_default_inbound_allow?` -* `have_default_outbound_allow?` - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the Profile is enabled: - - it { should be_enabled } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_firewall_rule.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_firewall_rule.md deleted file mode 100644 index d3b330d337..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_firewall_rule.md +++ /dev/null @@ -1,142 +0,0 @@ -+++ -title = "windows_firewall_rule resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "windows_firewall_rule" - identifier = "inspec/resources/os/windows_firewall_rule.md windows_firewall_rule resource" - parent = "inspec/resources/os" -+++ - -Use the `windows_firewall_rule` Chef InSpec audit resource to test if a firewall rule is correctly configured on a Windows system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -## Syntax - -A `windows_firewall_rule` resource block specifies which rule to validate: - - describe windows_firewall_rule('name') do - it { should be_enabled } - end - -where - -* `('name')` must specify the name of a firewall rule, which is not the firewall rule's display name -* `be_enabled` is a valid matcher for this resource - -## Examples - -The following example shows how to use this Chef InSpec audit resource. - -### Test If the Firewall Contains a Rule for Outbound HTTPS - - describe windows_firewall_rule('HTTPS Out') do - it { should be_enabled } - it { should be_allowed } - it { should be_outbound } - it { should be_tcp } - - its('remote_port') { should eq 443 } - end - -## Properties - -The resource compiles the following list of firewall rule properties: - -* `description` -* `displayname` -* `group` -* `local_address` -* `local_port` -* `remote_address` -* `remote_port` -* `direction` -* `protocol` -* `icmp_type` -* `action` -* `profile` -* `program` -* `service` -* `interface_type` - -Each of these properties can be used in two distinct ways: - - its('remote_address') { should cmp '192.0.2.42' } - -or via matcher: - - it { should have_remote_address '192.0.2.42' } - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### exist - -The `be_enabled` matcher tests if the rule does exist: - - it { should exist } - -### be_enabled - -The `be_enabled` matcher tests if the rule is enabled: - - it { should be_enabled } - -### be_allowed - -The `be_allowed` matcher tests if the rule is allowing traffic: - - it { should be_allowed } - -### be_inbound - -The `be_inbound` matcher tests if the rule is an inbound rule: - - it { should be_inbound } - -### be_outbound - -The `be_outbound` matcher tests if the rule is an outbound rule: - - it { should be_outbound } - -### be_tcp - -The `be_tcp` matcher tests if the rule is for the TCP protocol: - - it { should be_tcp } - -### be_ucp - -The `be_ucp` matcher tests if the rule is for the DCP protocol: - - it { should be_dcp } - -### be_icmp - -The `be_icmp` matcher tests if the rule is for any ICMP protocol: - - it { should be_icmp } - -### be_icmpv4 - -The `be_icmpv4` matcher tests if the rule is for the ICMPv4 protocol: - - it { should be_icmpv4 } - -### be_icmpv6 - -The `be_icmpv6` matcher tests if the rule is for any ICMPv6 protocol: - - it { should be_icmpv6 } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_hotfix.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_hotfix.md deleted file mode 100644 index 1f893f74aa..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_hotfix.md +++ /dev/null @@ -1,65 +0,0 @@ -+++ -title = "windows_hotfix resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "windows_hotfix" - identifier = "inspec/resources/os/windows_hotfix.md windows_hotfix resource" - parent = "inspec/resources/os" -+++ - -Use the `windows_hotfix` Chef InSpec audit resource to test if the hotfix has been installed on a Windows system. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.39.1 of InSpec. - -## Syntax - -A `windows_hotfix` resource block declares a hotfix to validate: - - describe windows_hotfix('name') do - it { should be_installed } - end - -where - -- `('name')` must specify the name of a hotfix, such as `'KB4012213'` -- `be_installed` is a valid matcher for this resource - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if KB4012213 is installed - - describe windows_hotfix('KB4012213') do - it { should be_installed } - end - -### Test that a hotfix is not installed - - describe windows_hotfix('KB9999999') do - it { should_not be_installed } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_installed - -The `be_installed` matcher tests if the named hotfix is installed on the system: - - it { should be_installed } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_task.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_task.md deleted file mode 100644 index 08c10ba623..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/windows_task.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "windows_task resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "windows_task" - identifier = "inspec/resources/os/windows_task.md windows_task resource" - parent = "inspec/resources/os" -+++ - -Use the `windows_task` Chef InSpec audit resource to test a scheduled tasks configuration on a Windows platform. -Microsoft and application vendors use scheduled tasks to perform a variety of system maintenance tasks but system administrators can schedule their own. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.10.0 of InSpec. - -## Syntax - -A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration: - - describe windows_task('task name uri') do - its('parameter') { should eq 'value' } - it { should be_enabled } - end - -where - -- `'parameter'` must be a valid parameter defined within this resource ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user` -- `'value'` will be used to compare the value gather from your chosen parameter -- `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled` - -## Examples - -The following examples show how to use this Chef InSpec resource. - -### Tests that a task is enabled - - describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do - it { should be_enabled } - end - -### Tests that a task is disabled - - describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do - it { should be_disabled } - end - -### Tests the configuration parameters of a task - - describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do - its('logon_mode') { should eq 'Interactive/Background' } - its('last_result') { should eq '1' } - its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' } - its('run_as_user') { should eq 'LOCAL SERVICE' } - end - -### Tests that a task is defined - - describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do - it { should exist } - end - -## Gathering Task Names - -Rather than use the GUI, you can use the `schtasks.exe` to output a full list of tasks available on the system - -`schtasks /query /FO list` - -rather than use the `list` output you can use `CSV` if it is easier. - -Please make sure you use the full TaskName (include the prefix `\`) within your control - - C:\>schtasks /query /FO list - ... - Folder: \Microsoft\Windows\Diagnosis - HostName: XPS15 - TaskName: \Microsoft\Windows\Diagnosis\Scheduled - Next Run Time: N/A - Status: Ready - Logon Mode: Interactive/Background - ... - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/wmi.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/wmi.md deleted file mode 100644 index ad78710ad3..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/wmi.md +++ /dev/null @@ -1,91 +0,0 @@ -+++ -title = "wmi resource" -draft = false -gh_repo = "inspec" -platform = "windows" - -[menu] - [menu.inspec] - title = "wmi" - identifier = "inspec/resources/os/wmi.md wmi resource" - parent = "inspec/resources/os" -+++ - -Use the `wmi` Chef InSpec audit resource to test WMI settings on the Windows platform. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `wmi` resource block tests WMI settings on the Windows platform: - - describe wmi({ - class: 'class_name', - namespace: 'path\\to\\setting', - filter: 'filter', - query: 'query' - }) do - its('setting_name') { should eq '' } - end - -where - -- `class`, `namespace`, `filter`, and `query` comprise a Ruby Hash of the WMI object -- `('class')` is the WMI class to which the setting belongs, such as `win32_service` -- `('namespace')` is path to that object, such as `root\\cimv2` -- Use `('filter')` fine-tune the information defined by the WMI class, such as to find a specific service (`filter: "name like '%winrm%'")`, to find a specific setting (`filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'`), and so on -- Use `('query')` to run a query that returns data to be tested, such as `"SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"` -- `('setting_name')` is a setting in the WMI object to be tested, and then `should eq ''` is the expected value for that setting - -For example, both of the following tests will verify if WinRM is present on the target node. The first tests if WinRM belongs to the list of services running under the `win32_service` class: - - describe wmi({class: 'win32_service'}) do - its('DisplayName') { should include 'Windows Remote Management (WS-Management)'} - end - -and the second uses a filter in the Ruby Hash to first identify WinRM, and then perform additional tests: - - describe wmi({ - class: 'win32_service', - filter: "name like '%winrm%'" - }) do - its('Status') { should cmp 'ok' } - its('State') { should cmp 'Running' } - its('ExitCode') { should cmp 0 } - its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'} - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a password expiration policy - - describe wmi({ - class: 'RSOP_SecuritySettingNumeric', - namespace: 'root\\rsop\\computer', - filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1' - }) do - its('Setting') { should eq 1 } - end - -### Test if an anonymous user can query the Local Security Authority (LSA) - - describe wmi({ - namespace: 'root\\rsop\\computer', - query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1" - }) do - its('Setting') { should eq false } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/x509_certificate.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/x509_certificate.md deleted file mode 100644 index 238ac5d03a..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/x509_certificate.md +++ /dev/null @@ -1,225 +0,0 @@ -+++ -title = "x509_certificate resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "x509_certificate" - identifier = "inspec/resources/os/x509_certificate.md x509_certificate resource" - parent = "inspec/resources/os" -+++ - -Use the `x509_certificate` Chef InSpec audit resource to test the fields and validity of an x.509 certificate. - -X.509 certificate uses public or private key pairs to sign and encrypt communications and documents over a network. These certificates are also used for network authentication. Examples include Secure Sockets Layer (SSL) certificates, Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates, and Virtual Private Network (VPN) authentication certificates. - -## Availability - -### Install - -Chef InSpec distributes this resource. - -### Version - -This resource is available from InSpec version 1.18. - -## Syntax - -An `x509_certificate` resource block declares a certificate `key file` to be tested. - - describe x509_certificate('certificate.pem') do - its('validity_in_days') { should be > 30 } - end - -The `filepath` property can also be used. - - describe x509_certificate(filepath: 'certificate.pem') do - its('validity_in_days') { should be > 30 } - end - -This resource also supports passing the content of the certificate. - - cert_content = file('certificate.pem').content - - describe x509_certificate(content: cert_content) do - its('validity_in_days') { should be > 30 } - end - -The `content` value is used if the `content` and `filepath` are specified. - -## Properties - -### subject.XX - -The `subject` (string) property accesses the individual subject elements. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('subject.CN') { should eq "www.example.com" } - end - -### subject_dn - -The `subject_dn` (string) property returns the distinguished name of the subject field. It contains many fields separated by forward slashes (/). The field identifiers are the same ones used by OpenSSL to generate Certificate Signing Requests (CSR's) and certificates. To access the parsed version, use `subject.XX` instead. - -For example, `/C=US/L=Seattle/O=Chef Software Inc/OU=Chefs/CN=Richard Nixon` - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('subject_dn') { should match "CN=www.example.com" } - end - -### issuer.XX - -The `issuer` (string) property accesses the individual issuer elements. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('issuer.CN') { should eq "Acme Trust CA" } - end - -### issuer_dn - -During the certificate signing process, the `issuer_dn` (string) property is the distinguished name from a Certificate Authority (CA). This property states which authority is guaranteeing the identity of the certificate. - -For example, `/C=US/L=Seattle/CN=Acme Trust CA/emailAddress=support@acmetrust.org` - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('issuer_cn') { should match "CN=NAME CA" } - end - -### public_key - -The `public_key` (string) property returns a base64 encoded public key in PEM format. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('public_key') { should match "-----BEGIN PUBLIC KEY-----\nblah blah blah..." } - end - -### key_length - -The `key_length` (integer) property calculates the number of bits in the public key. If the length of bits in the public key increases, the public keys are secure. However, at the cost of speed and compatibility. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('key_length') { should be 2048 } - end - -### keylength - -The `keylength` (integer) property is an alias of the `key_length` property. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('keylength') { should be 2048 } - end - -### signature_algorithm - -The `signature_algorithm` (string) property describes the CA's hash function to sign the certificate. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('signature_algorithm') { should be 'sha256WithRSAEncryption' } - end - -### validity_in_days - -The `validity_in_days` (float) property is used to check the validity of the certificates. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('validity_in_days') { should be > 30 } - end - -### not_before and not_after - -The `not_before` and `not_after` (time) properties expose the start and end dates of certificate validity. These dates are exposed as Ruby **Time** class and perform date calculations. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('not_before') { should be <= Time.utc.now } - its('not_after') { should be >= Time.utc.now } - end - -### serial - -The `serial` (integer) property exposes the certificate's serial number. The CA sets the serial number during the signing process and should be unique within that CA. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('serial') { should eq 9623283588743302433 } - end - -### version - -The `version` (integer) property exposes the certificate version. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('version') { should eq 2 } - end - -### extensions - -The `extensions` (hash) property is mainly used to determine the purpose of the certificate. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - # Check what extension categories we have - its('extensions') { should include 'keyUsage' } - its('extensions') { should include 'extendedKeyUsage' } - its('extensions') { should include 'subjectAltName' } - - # Check examples of basic 'keyUsage' - its('extensions.keyUsage') { should include 'Digital Signature' } - its('extensions.keyUsage') { should include 'Non Repudiation' } - its('extensions.keyUsage') { should include 'Data Encipherment' } - - # Check examples of newer 'extendedKeyUsage' - its('extensions.extendedKeyUsage') { should include 'TLS Web Server Authentication' } - its('extensions.extendedKeyUsage') { should include 'Code Signing' } - - # Check examples of 'subjectAltName' - its('extensions.subjectAltName') { should include 'email:support@chef.io' } - end - -### email - -The `email` (string) property checks for the email address of the certificate. This is equivalent to invoking the property `subject.emailAddress`. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('email') { should_not be_empty } - its('email') { should eq 'admin@example.com' } - end - -### subject_alt_names - -The `subject_alt_names` (string) property checks for the subject alternative names (additional host names) of the certificate. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - its('subject_alt_names') { should include 'DNS:example.com' } - its('subject_alt_names') { should include 'DNS:www.example.com' } - end - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/). - -The specific matchers of this resource are: `be_valid`, `be_certificate` and `have_purpose`. - -### be_valid - -The `be_valid` matcher tests if the specified certificate is valid. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - it { should be_valid } - end - -### be_certificate - -The `be_certificate` matcher tests if the specified content or file is a certificate. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - it { should be_certificate } - end - -### have_purpose - -The `have_purpose` matcher tests if the certificate meets the specified purpose. - - describe x509_certificate('/etc/pki/www.example.com.pem') do - it { should have_purpose('SSL client CA : Yes') } - it { should have_purpose('SSL server CA : Yes') } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/x509_private_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/x509_private_key.md deleted file mode 100644 index 28d84e5134..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/x509_private_key.md +++ /dev/null @@ -1,113 +0,0 @@ -+++ -title = "x509_private_key resource" -draft = false -gh_repo = "inspec" -platform = "unix" - -[menu] - [menu.inspec] - title = "x509_private_key" - identifier = "inspec/resources/os/x509_private_key.md x509_private_key resource" - parent = "inspec/resources/os" -+++ - -Use the `x509_private_key` Chef InSpec audit resource to test the x509 private key. - -## Availability - -### Install - -The Chef InSpec distributes this resource. - -## Syntax - -An `x509_private_key` Chef InSpec audit resource allows you to test the x509 private key. - -```ruby - describe x509_private_key("/home/x509_private_key.pem", "key_password") do - it { should be_valid } - it { should be_encrypted } - it { should have_matching_certificate("/home/x509_certificate.crt") } - end -``` - -> where -> -> - `"/home/x509_private_key.pem"` is the path of the private key. -> - `"key_password"` is the password of the private key. This is optional for private keys without password. -> - `be_valid`, `be_encrypted`, and `have_matching_certificate` are matchers of this resource -> - `"/home/x509_certificate.crt"` is a x509 certificate generated using the specified private key. - -## Matchers - -For a full list of available matchers, please visit the [matchers page](https://docs.chef.io/inspec/matchers/). - -The specific matchers of this resource are: `be_valid`, `be_encrypted`, and `have_matching_certificate`. - -### be_valid - -The `be_valid` matcher tests if the specified private key is valid. - -```ruby - it { should be_valid } -``` - -### be_encrypted - -The `be_encrypted` matcher tests if the specified private key is encrypted. - -```ruby - it { should be_encrypted } -``` - -### have_matching_certificate - -The `have_matching_certificate` matcher tests if the x509 private key has a matching certificate. - -```ruby - it { should have_matching_certificate("/home/x509_certificate.crt") } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Checks if the x509 private key is valid - -`be_valid` checks if the x509 private key is valid. - -```ruby - describe x509_private_key("/home/x509_private_key.pem", "key_password") do - it { should be_valid } - end -``` - -### Checks if the x509 private key is valid without a password - -`be_valid` checks if the x509 private key is valid. - -```ruby - describe x509_private_key("/home/x509_private_key.pem") do - it { should be_valid } - end -``` - -### Checks if the x509 private key is encrypted - -`be_encrypted` checks if the x509 private key is encrypted. - -```ruby - describe x509_private_key("/home/x509_private_key.pem", "key_password") do - it { should be_encrypted } - end -``` - -### Checks if the x509 private key has a matching certificate - -`be_valid` checks if the x509 private key has a matching certificate. - -```ruby - describe x509_private_key("/home/x509_private_key.pem", "key_password") do - it { should have_matching_certificate("/home/x509_certificate.crt") } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/xinetd_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/xinetd_conf.md deleted file mode 100644 index 8cd9e3997c..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/xinetd_conf.md +++ /dev/null @@ -1,172 +0,0 @@ -+++ -title = "xinetd_conf resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "xinetd_conf" - identifier = "inspec/resources/os/xinetd_conf.md xinetd_conf resource" - parent = "inspec/resources/os" -+++ - -Use the `xinetd_conf` Chef InSpec audit resource to test services under `/etc/xinet.d` on Linux and Unix platforms. xinetd---the extended Internet service daemon---listens on all ports, and then loads the appropriate program based on a request. The `xinetd.conf` file is typically located at `/etc/xinetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service: - - describe xinetd_conf.services('service_name') do - it { should be_enabled } # or be_disabled - its('setting') { should eq 'value' } - end - -where - -- `'service_name'` is a service located under `/etc/xinet.d` -- `('setting')` is a setting in the `xinetd.conf` file -- `should eq 'value'` is the value that is expected - -## Properties - -### ids - -The `ids` property tests if the named service is located under `/etc/xinet.d`: - - its('ids') { should include 'service_name' } - -For example: - - its('ids') { should include 'chargen-stream chargen-dgram'} - -### services - -The `services` property tests if the named service is listed under `/etc/xinet.d`: - - its('services') { should include 'service_name' } - -### socket_types - -The `socket_types` property tests if a service listed under `/etc/xinet.d` is configured to use the named socket type. - -Use `socket` if the socket type is `dgram`, `raw`, or `stream`: - - its('socket_types') { should eq 'socket' } - -For a UDP-based service: - - its('socket_types') { should eq 'dgram' } - -For a raw socket (such as a service using a non-standard protocol or a service that requires direct access to IP): - - its('socket_types') { should eq 'raw' } - -For a TCP-based service: - - its('socket_types') { should eq 'stream' } - -### types - -The `types` property tests the service type: - - its('type') { should eq 'TYPE' } - -where `'TYPE'` is `INTERNAL` (for a service provided by xinetd), `RPC` (for a service based on remote procedure call), or `UNLISTED` (for services not under `/etc/services` or `/etc/rpc`). - -### wait - -The `wait` property tests how a service handles incoming connections. - -For UDP (`dgram`) socket types, the `wait` property should test for `yes`: - - its('socket_types') { should eq 'dgram' } - its('wait') { should eq 'yes' } - -For TCP (`stream`) socket types, the `wait` property should test for `no`: - - its('socket_types') { should eq 'stream' } - its('wait') { should eq 'no' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a socket_type - -The network socket type: `dgram` (a datagram-based service), `raw` (a service that requires direct access to an IP address), `stream` (a stream-based service), or `seqpacket` (a service that requires a sequenced packet). - - describe xinetd_conf.services('service_name') do - its('socket_types') { should include 'dgram' } - end - -### Test a service type - -The type of service: `INTERNAL` (a service provided by xinetd), `RPC` (an RPC-based service), `TCPMUX` (a service that is started on a well-known TCPMUX port), or `UNLISTED` (a service that is not listed in a standard system file location). - - describe xinetd_conf.services('service_name') do - its('type') { should include 'RPC' } - end - -### Test the telnet service - -For example, a `telnet` file under `/etc/xinet.d` contains the following settings: - - service telnet - { - disable = yes - flags = REUSE - socket_type = stream - wait = no - user = root - server = /usr/sbin/in.telnetd - log_on_failure += USERID - } - -Some examples of tests that can be run against that file include: - - describe xinetd_conf.services('telnet') do - it { should be_disabled } - end - -and - - describe xinetd_conf.services('telnet') do - its('socket_type') { should include 'stream' } - end - -and - - describe xinetd_conf.services('telnet') do - its('wait') { should eq 'no' } - end - -All three settings can be tested in the same block as well: - - describe xinetd_conf.services('telnet') do - it { should be_disabled } - its('socket_type') { should include 'stream' } - its('wait') { should eq 'no' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if a service listed under `/etc/xinet.d` is enabled: - - it { should be_enabled } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/xml.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/xml.md deleted file mode 100644 index e1de692c51..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/xml.md +++ /dev/null @@ -1,99 +0,0 @@ -+++ -title = "xml resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "xml" - identifier = "inspec/resources/os/xml.md xml resource" - parent = "inspec/resources/os" -+++ - -Use the `xml` Chef InSpec audit resource to test data in an XML file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.37.6 of InSpec. - -## Syntax - -An `xml` resource block declares the data to be tested. Assume the following XML file: - - - hello - - John Doe - - - one - two - - - - - - - -This file can be queried for elements using: - - describe xml('/path/to/name.xml') do - its('root/name') { should eq ['hello'] } - its('root/meta/creator') { should eq ['John Doe'] } - its('root/array[2]/element') { should eq ['two'] } - end - -This file can be queried for attributes using: - - describe xml('/path/to/name.xml') do - its('root/array[2]/element/@value') { should eq ['one', 'two'] } - its('root/array[2]/element/attribute::value') { should eq ['one', 'two'] } - its('root/array[2]/element[2]/attribute::value') { should eq ['two'] } - its('count(//*)') { should eq [42] } - its('boolean(root/array[2]/element[2]/@valid)') { should eq [false] } - end - -where - -- `root/name` and `root/array[2]/element/@value` is an XPath expression -- `should eq ['foo']` tests a value of `root/name` as read from an XML file versus the value declared in the test - -In the above example, you see the use of `@` and `attribute::` which are both methods of fetching attributes. - -In the event the path contains an element which contains periods, the alternate syntax can be used: - - its(['root/name.with.a.period']) { should cmp 'so_many_dots' } - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test an AppPool's presence in an applicationHost.config file or the default site under applicationHost.sites - - describe xml('applicationHost.config') do - # using the alternate syntax as described above because of the . in the key name - its(['configuration/system.applicationHost/applicationPools/add@name']) { should contain('my_pool') } - end - - describe xml('applicationHost.sites') do - its('site[@name="Default Web Site"]/application/virtualDirectory/@path') { should eq ['/'] } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### name - -The `name` matcher tests the value of `name` as read from a JSON file versus the value declared in the test: - - its('name') { should eq 'foo' } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/yaml.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/yaml.md deleted file mode 100644 index a3e1b6bfbc..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/yaml.md +++ /dev/null @@ -1,81 +0,0 @@ -+++ -title = "yaml resource" -draft = false -gh_repo = "inspec" -platform = "os" - -[menu] - [menu.inspec] - title = "yaml" - identifier = "inspec/resources/os/yaml.md yaml resource" - parent = "inspec/resources/os" -+++ - -Use the `yaml` Chef InSpec audit resource to test configuration data in a Yaml file. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `yaml` resource block declares the configuration data to be tested. Assume the following Yaml file: - - name: foo - array: - - zero - - one - -This file can be queried using: - - describe yaml('filename.yml') do - its('name') { should eq 'foo' } - its(['array', 1]) { should eq 'one' } - end - -where - -- `name` is a configuration setting in a Yaml file -- `should eq 'foo'` tests a value of `name` as read from a Yaml file versus the value declared in the test - -Like the `json` resource, the `yaml` resource can read a file, run a command, or accept content inline: - - describe yaml('config.yaml') do - its(['driver', 'name']) { should eq 'vagrant' } - end - - describe yaml({ command: 'retrieve_data.py --yaml' }) do - its('state') { should eq 'open' } - end - - describe yaml({ content: "\"key1: value1\nkey2: value2\"" }) do - its('key2') { should cmp 'value2' } - end - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a kitchen.yml file driver - - describe yaml('.kitchen.yaml') do - its(['driver','name']) { should eq('vagrant') } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### name - -The `name` matcher tests the value of `name` as read from a Yaml file versus the value declared in the test: - - its('name') { should eq 'foo' } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/yum.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/yum.md deleted file mode 100644 index 7eb1f7330b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/yum.md +++ /dev/null @@ -1,110 +0,0 @@ -+++ -title = "yum resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "yum" - identifier = "inspec/resources/os/yum.md yum resource" - parent = "inspec/resources/os" -+++ - -Use the `yum` Chef InSpec audit resource to test packages in the Yum repository. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.0.0 of InSpec. - -## Syntax - -A `yum` resource block declares a package repo, tests if the package repository is present, and if it that package repository is a valid package source (i.e. "is enabled"): - - describe yum.repo('name') do - it { should exist } - it { should be_enabled } - end - -where - -- `repo('name')` is the (optional) name of a package repo, using either a full identifier (`'updates/7/x86_64'`) or a short identifier (`'updates'`) - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the yum repo exists - - describe yum do - its('repos') { should exist } - end - -### Test if the 'base/7/x86_64' repo exists and is enabled - - describe yum do - its('repos') { should include 'base/7/x86_64' } - its('epel') { should exist } - its('epel') { should be_enabled } - end - -### Test if a specific yum repo exists - - describe yum.repo('epel') do - it { should exist } - it { should be_enabled } - end - -### Test a particular repository configuration, such as its Base URL - - describe yum.repo('mycompany-artifacts') do - it { should exist } - it { should be_enabled } - its('baseurl') { should include 'mycompany.biz' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_enabled - -The `be_enabled` matcher tests if the package repository is a valid package source: - - it { should be_enabled } - -### exist - -The `exist` matcher tests if the package repository exists: - - it { should exist } - -### repo('name') - -The `repo('name')` matcher names a specific package repository: - - describe yum.repo('epel') do - ... - end - -### repos - -The `repos` matcher tests if a named repo, using either a full identifier (`'updates/7/x86_64'`) or a short identifier (`'updates'`), is included in the Yum repo: - - its('repos') { should include 'some_repo' } - -### shortname - -The `shortname` matcher names a specific package repository's group identifier. For example, if a repository's group name is "Directory Server", the corresponding group identifier is typically "directory-server": - - describe yum.repo('Directory Server') do - its('shortname') { should eq 'directory-server' } - end diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs.md deleted file mode 100644 index f9729b00b8..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs.md +++ /dev/null @@ -1,83 +0,0 @@ -+++ -title = "zfs resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "zfs" - identifier = "inspec/resources/os/zfs.md zfs resource" - parent = "inspec/resources/os" -+++ - -Use the `zfs` Chef InSpec audit resource to test the named ZFS Pool file system and its respective properties. - -## Availability - -### Install - -Chef Inspec distributes this resource. - -## Syntax - -A `zfs` Chef InSpec audit resource allows you to test if the ZFS Pool is present and has specific properties. - -```ruby - describe zfs(zfs_pool_name) do - it { should exist } - it { should have_property({ "key1" => "VALUE1", "key2" => "VALUE2" }) } - end -``` - -> where -> -> - `'zfs_pool_name'` is the name of a ZFS Pool, -> - `exist` and `have_property` are matchers of this resource, -> - `{ "key1" => "value1", "key2" => "value2" }` are properties of the ZFS Pool to test. - -## Matchers - -For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/). - -The specific matchers of this resource are: `exist` and `have_property`. - -### exist - -The `exist` matcher tests if the ZFS Pool exists on the system. - -```ruby - it { should exist } -``` - -### have_property - -The `have_property` matcher accepts properties in hash format and tests if the specified properties are valid ZFS Pool properties. - -```ruby - it { should have_property({ "key1" => "VALUE1", "key2" => "VALUE2" }) } -``` - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test if the ZFS Pool exists on the system - -`exist` matcher allows to test if the ZFS Pool exists on the system. - -```ruby - describe zfs("POOL") do - it { should exist } - end -``` - -### Test if the specified properties are valid ZFS Pool properties - -`have_property` matcher allows you to test if the specified properties are valid ZFS Pool properties. - -```ruby - describe zfs("POOL") do - it { should have_property({ "failmode" => "WAIT", "capacity" => "0" }) } - end -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs_dataset.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs_dataset.md deleted file mode 100644 index d98fcc79d4..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs_dataset.md +++ /dev/null @@ -1,65 +0,0 @@ -+++ -title = "zfs_dataset resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "zfs_dataset" - identifier = "inspec/resources/os/zfs_dataset.md zfs_dataset resource" - parent = "inspec/resources/os" -+++ - -Use the `zfs_dataset` Chef InSpec audit resource to test the ZFS datasets on FreeBSD & Linux (Check [OS Family Details](https://docs.chef.io/inspec/resources/os/#osfamily-helpers) for more details). - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.16.0 of InSpec. - -## Syntax - -A `zfs_dataset` resource block declares the ZFS dataset properties that should be tested: - - describe zfs_dataset('dataset') do - it { should MATCHER 'value' } - end - -where - -- `('dataset')` is the name of the ZFS dataset (eg: `'tank/tmp'`) -- `MATCHER` is a valid matcher for this resource -- `'value'` is the value to be tested - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a dataset of 'tank/tmp' - - describe zfs_dataset('tank/tmp') do - it { should be_mounted } - its('atime') { should eq 'on' } - its('compression') { should eq 'lz4' } - its('exec') { should eq 'off' } - its('readonly') { should eq 'off' } - its('setuid') { should eq 'off' } - end - -## Matchers - -This Chef InSpec audit resource has the matchers listed below, in addition to dynamically exposing all ZFS dataset properties available (see: `man zfs` for the list of supported properties). {{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} - -This resource has the following special matchers. - -### be_mounted - -The `be_mounted` matcher tests if the dataset is accessible from the file system: - - it { should be_mounted } diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs_pool.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs_pool.md deleted file mode 100644 index d7633d05ee..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/zfs_pool.md +++ /dev/null @@ -1,61 +0,0 @@ -+++ -title = "zfs_pool resource" -draft = false -gh_repo = "inspec" -platform = "linux" - -[menu] - [menu.inspec] - title = "zfs_pool" - identifier = "inspec/resources/os/zfs_pool.md zfs_pool resource" - parent = "inspec/resources/os" -+++ - -Use the `zfs_pool` Chef InSpec audit resource to test the ZFS pools on FreeBSD & Linux (Centos, RHEL, Ubuntu, CloudLinux, Debian) systems. - -## Availability - -### Install - -{{< readfile file="content/inspec/reusable/md/inspec_installation.md" >}} - -### Version - -This resource first became available in v1.16.0 of InSpec. - -## Syntax - -A `zfs_pool` resource block declares the ZFS pool properties that should be tested: - - describe zfs_pool('pool') do - it { should MATCHER 'value' } - end - -where: - -- `('pool')` is the name of the ZFS pool (eg: `'tank'`) -- `MATCHER` is a valid matcher for this resource -- `'value'` is the value to be tested - -## Properties - -This Chef InSpec audit resource dynamically exposes all ZFS pool properties available (see: `man zpool` for the list of supported properties). - -## Examples - -The following examples show how to use this Chef InSpec audit resource. - -### Test a pool of 'tank' - - describe zfs_pool('tank') do - its('autoexpand') { should eq 'off' } - its('failmode') { should eq 'continue' } - its('feature@lz4_compress') { should eq 'active' } - its('health') { should eq 'ONLINE' } - its('listsnapshots') { should eq 'off' } - its('readonly') { should eq 'off' } - end - -## Matchers - -{{< readfile file="content/inspec/reusable/md/inspec_matchers_link.md" >}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/index.md deleted file mode 100644 index 41de90ae49..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/index.md +++ /dev/null @@ -1,5 +0,0 @@ -+++ -headless = true -## headless = true makes this directory a headless bundle. -## See https://gohugo.io/content-management/page-bundles/#headless-bundle -+++ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_filter_table.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_filter_table.md deleted file mode 100644 index 32d3a458c6..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_filter_table.md +++ /dev/null @@ -1 +0,0 @@ -For information on using filter criteria on plural resources, see the documentation on [FilterTable](https://github.com/inspec/inspec/blob/main/dev-docs/filtertable-usage.md) diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_installation.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_installation.md deleted file mode 100644 index e376eb7104..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_installation.md +++ /dev/null @@ -1 +0,0 @@ -This resource is distributed with Chef InSpec and is automatically available for use. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_matchers_link.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_matchers_link.md deleted file mode 100644 index a9448e747b..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/inspec_matchers_link.md +++ /dev/null @@ -1 +0,0 @@ -For a full list of available matchers, see our [Universal Matchers page](/inspec/matchers/). diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/support_commercial_platforms.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/support_commercial_platforms.md deleted file mode 100644 index f031e3e5dc..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/support_commercial_platforms.md +++ /dev/null @@ -1,10 +0,0 @@ -| Platform | Architecture | Version | -| --- | --- | --- | -| Amazon Linux | `x86_64`, `aarch64` | `2.x` | -| Debian | `x86_64`, `aarch64` (10.x only) | `9`, `10`, `11` | -| macOS | `x86_64`, `aarch64` (M1 processors) | `11.x`, `12.x`, `13.x`, `14.x` | -| Oracle Enterprise Linux | `x86_64`, `aarch64` (7.x / 8.x only) | `6.x`, `7.x`, `8.x` | -| Red Hat Enterprise Linux | `x86_64`, `aarch64` (7.x, 8.x and 9.x only) | `7.x`, `8.x`, `9.x` | -| SUSE Linux Enterprise Server | `x86_64`, `aarch64` (15.x only) | `12.x`, `15.x` | -| Ubuntu | `x86_64` | `16.04`, `18.04`, `20.04` | -| Windows | `x86_64` | `2016`, `10` (all channels except "insider" builds), `2019`, `11`, `2022` | diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/support_derived_platforms.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/support_derived_platforms.md deleted file mode 100644 index c2d24dd947..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reusable/md/support_derived_platforms.md +++ /dev/null @@ -1,6 +0,0 @@ -| Platform | Architecture | Version | Parent platform | -| --- | --- | --- | --- | -| AlmaLinux | `x86_64`, `aarch64` | `8.x` | CentOS | -| Rocky Linux | `x86_64`, `aarch64` | `8.x` | CentOS | - -Chef InSpec Target Mode (`inspec --target`) may be functional on additional platforms, versions, and architectures but aren’t validated by Chef. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/shell.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/shell.md deleted file mode 100644 index bf2965276f..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/shell.md +++ /dev/null @@ -1,320 +0,0 @@ -+++ -title = "Chef InSpec Shell" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "InSpec Shell" - identifier = "inspec/Chef InSpec Shell" - parent = "inspec" - weight = 70 -+++ - -The Chef InSpec interactive shell is a pry-based REPL that can be used to -quickly run Chef InSpec controls and tests without having to write it to a -file. Its functionality is similar to [chef-shell](/chef_shell/) as it provides a way -to exercise the Chef InSpec Language, its resources, tests, and plugins without -having to create a profile or write a test file. See -[http://pryrepl.org/](http://pryrepl.org/) for an introduction to what pry is and what it can -do. - -For a hands-on example that uses Chef InSpec shell, see the Learn Chef tutorial [Test Expectations with Chef InSpec](https://www.chef.io/training/tutorials). - -## Launch the shell - -If you are using Chef InSpec from a platform-specific package (rpm, msi, -etc.) or from a Chef prepared shell in Chef Workstation, you can directly launch -Chef InSpec shell against your local machine using the `inspec shell` command. - -```bash -inspec shell -inspec help shell # This will describe inspec shell usage -``` - -If you wish to connect to a remote machine (called a target within -InSpec), you can use the `-t` flag. We support connecting using SSH, -WinRM, Docker, Podman and many other target types. If no target is provided, we implicitly support the -"local" target - i.e. tests running on the current machine running -InSpec. For an SSH connection, use `-i` for specifying SSH key files, -and the `--sudo*` commands for requesting a privilege escalation after -logging in. For a WinRM connection, use `--path` to change the login -path, `--ssl` to use SSL for transport layer encryption. - -```bash -inspec shell -t ssh://root@192.168.64.2:11022 # Login to remote machine using ssh as root. -inspec shell -t ssh://user@hostname:1234 -i /path/to/user_key # Login to hostname on port 1234 as user using given ssh key. -inspec shell -t winrm://UserName:Password@windowsmachine:1234 # Login to windowsmachine over WinRM as UserName. -inspec shell -t winrm://windowsmachine --user 'UserName@domain' --password 'Secret123!' # Login to windowsmachine as UserName@domain.org. -inspec shell -t docker://container_id # Login to a Docker container. -inspec shell -t podman://container_id --podman-url "unix:///run/user/$UID/podman/podman.sock" #Login to Podman rootless container. -``` - -## Resource Packs - -Use resource packs to share custom resources with other Chef InSpec users. -A resource pack is a Chef InSpec profile that contains only custom resources and -no other controls or tests. - -For example, the profile in [`examples/profile`](https://github.com/chef/inspec/tree/main/examples/profile) -in the Chef InSpec GitHub repository defines an -[`example_config` resource](https://github.com/chef/inspec/blob/main/examples/profile/controls/example.rb). -To use these resources within the Chef InSpec shell, you will need to download -and specify them as a dependency. - -Once you have local access to the profile, you can use the `example_config` custom -resource provided in the `examples/profile` GitHub repo in your local environment : - -```bash -inspec shell --depends examples/profile -``` - -Once inside the shell your resource will be available: - -```ruby -inspec> example_config -``` - -## Use Ruby - -Since Chef InSpec shell is pry based, you can treat the shell as an -interactive Ruby session. You can write Ruby expressions and evaluate -them. Source high-lighting, automatic indentation and command history -(using the up and down arrow keys) are available to make your experience -more delightful. You can exit the shell using `exit`. - -```bash -$ inspec shell -Welcome to the interactive InSpec Shell -To find out how to use it, type: help - -inspec> 1 + 2 -=> 3 -inspec> exit -``` - -## Use InSpec DSL - -The Chef InSpec shell automatically evaluates the result of every command as -if it were a test file. If you type in a Ruby command that is not an -Chef InSpec control or test, the shell will evaluate it as if it were a -regular Ruby command. - -Bare Chef InSpec resources are instantiated and their help text is presented. -You may also access the resource contents or other matchers that they -define. Run `help ` to get more help on using a particular -resource or see the Chef InSpec resources documentation online. - -```bash -$ inspec shell -Welcome to the interactive InSpec Shell -To find out how to use it, type: help - -inspec> file('/Users/username').directory? -=> true -inspec> os_env('HOME') -=> Environment variable HOME -inspec> os_env('HOME').content -=> /Users/username -inspec> exit -``` - -Chef InSpec tests are immediately executed. - -```bash -inspec> describe file('/Users') # Empty test. -Summary: 0 successful, 0 failures, 0 skipped -inspec> describe file('/Users') do # Test with one check. -inspec> it { should exist } -inspec> end - ✔ File /Users should exist - -Summary: 1 successful, 0 failures, 0 skipped -``` - -All tests in a control are immediately executed as well. If a control is -redefined in the shell, the old control's tests are destroyed and -replaced with the redefinition and the control is re-run. - -```bash -inspec> control 'my_control' do -inspec> describe os_env('HOME') do -inspec> its('content') { should eq '/Users/username' } -inspec> end -inspec> end - ✔ my_control: Environment variable HOME content should eq "/Users/username" - - Summary: 1 successful, 0 failures, 0 skipped -``` - -Syntax errors are illegal tests are also detected and reported. - -```bash -inspec> control 'foo' do -inspec> thisisnonsense -inspec> end -NameError: undefined local variable or method `thisisnonsense' for #<#:0x007fd639825cc8> -from /usr/local/lib/ruby/gems/2.3.0/gems/rspec-expectations-3.5.0/lib/rspec/matchers.rb:967:in `method_missing' -inspec> control 'foo' do -inspec> describe file('wut') do -inspec> its('thismakesnosense') { should cmp 'fail' } -inspec> end -inspec> end - ✖ foo: File wut thismakesnosense (undefined method `thismakesnosense' for File wut:Inspec::Resource::Registry::File) - - Summary: 0 successful, 1 failures, 0 skipped -``` - -## Run InSpec commands - -You can run a single Chef InSpec command and fetch its results using the `-c` flag. -This is similar to using `bash -c`. - -```bash -$ inspec shell -c 'describe file("/Users/username") do it { should exist } end' -Target: local:// - - ✔ File /Users/username should exist - -Summary: 1 successful, 0 failures, 0 skipped -``` - -```bash -$ inspec shell --format json -c 'describe file("/Users/test") do it { should exist } end' -{ - "version": "1.49.2", - "controls": [{ - "status": "passed", - "code_desc": "File /Users/test should exist", - "run_time": 0.002374, - "start_time": "2018-01-06 18:32:38 -0500" - }], - "other_checks": [], - "profiles": [{ - "name": "inspec-shell", - "supports": [], - "controls": [{ - "title": null, - "desc": null, - "impact": 0.5, - "refs": [], - "tags": {}, - "code": "", - "source_location": { - "ref": "/usr/local/lib/ruby/gems/2.4.0/gems/inspec-1.49.2/lib/inspec/control_eval_context.rb", - "line": 89 - }, - "id": "(generated from (eval):1 7b6f82c2cc5e4205b3e2c97c8e855f2d)", - "results": [{ - "status": "passed", - "code_desc": "File /Users/test should exist", - "run_time": 0.002374, - "start_time": "2018-01-06 18:32:38 -0500" - }] - }], - "groups": [{ - "title": null, - "controls": ["(generated from (eval):1 7b6f82c2cc5e4205b3e2c97c8e855f2d)"], - "id": "unknown" - }], - "attributes": [], - "sha256": "29c070a90b7e3521babf618215573284a790d92907783d5b2c138f411bfd2e74" - }], - "platform": { - "name": "mac_os_x", - "release": "17.3.0" - }, - "statistics": { - "duration": 0.003171 - } -} -``` - -## Set inputs - -With InSpec [profiles that support inputs]({{< relref "/inspec/profiles/inputs#profile-support" >}}), -you can set inputs using the InSpec `shell` command. -This allows you to work more consistently with InSpec profiles when switching between the `shell` and `exec` commands. - -For more details on inputs, see the [inputs reference](/inspec/profiles/inputs/). - -### Set inputs with command-line options - -The `shell` command accepts one or more inputs in the command line as single-quoted YAML or JSON structures. - -```bash -$ inspec shell --input=input_name=input_value -Welcome to the interactive InSpec Shell -To find out how to use it, type: help - -inspec> control 'my_control' do -inspec> describe input('input_name') do -inspec> it { should cmp 'input_value' } -inspec> end -inspec> end -Profile: inspec-shell - - ✔ my_control: input_value - ✔ input_value is expected to cmp == "input_value" - -Profile Summary: 1 successful control, 0 control failures, 0 controls skipped -Test Summary: 1 successful, 0 failures, 0 skipped -inspec> exit -``` - -### Set inputs with YAML file - -You can also save inputs and values to one or more YAML files and pass them to `shell` in the command line. -For example: - -```yaml -input_name: input_value -another_input: another_value -``` - -```bash -inspec shell --input-file= -``` - -## Use the InSpec Shell with a SOCKS5 proxy - -You can use the InSpec Shell to target Windows nodes using WinRM through a SOCKS5 proxy. -These connections options can be run from Linux workstations. - -To start an InSpec Shell session with a basic SOCKS5 proxy connection: - -```bash -inspec shell -t winrm:// --socks-proxy socks5h://:1080 -``` - -To start an InSpec Shell session with a SOCKS5 proxy and authentication: - -```bash -inspec shell -t winrm:// \ - --socks-proxy socks5h://:1080 \ - --socks-user \ - --socks-password -``` - -To start an InSpec Shell session with a SOCKS5 proxy using SOCKS and Kerberos authentication: - -```bash -inspec shell -t winrm:// \ - --socks-proxy socks5h://:1080 \ - --socks-user \ - --socks-password \ - --kerberos-realm \ - --kerberos-service HTTP \ - --winrm_transport kerberos -``` - -Once you're connected through the SOCKS proxy, you can interact with Windows resources normally. For example: - -```ruby -inspec> os.family -=> "windows" -inspec> file('C:\Windows\System32').exist? -=> true -inspec> service('wuauserv').installed? -=> true -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/troubleshooting.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/troubleshooting.md deleted file mode 100644 index c9b02067ed..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/troubleshooting.md +++ /dev/null @@ -1,94 +0,0 @@ -+++ -title = "Chef InSpec Troubleshooting" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Troubleshooting" - identifier = "inspec/Troubleshooting" - parent = "inspec" - weight = 120 -+++ - -## Exit code 5 - -You tried to execute a function with a signed profile, but the signature is either bad or InSpec couldn't find the validation key. -For more information, see the [profile signing documentation](/inspec/signing/). - -## Exit code 6 - -You enabled mandatory profile signing and tried to execute a function with an unsigned profile. -For more information, see the [profile signing documentation](/inspec/signing/). - -## Exit code 174 - -Exit code 174 comes from running Chef InSpec 6 or greater without setting a Chef License key. -See the [InSpec install documentation](/inspec/install/) for setting a Chef License key. -See the [Chef License documentation](/licensing/) for more information about Chef licensing. - -## Undefined Local Variable or Method Error for Cloud Resource - -This error is a result of invoking a resource from one of the cloud resource packs without initializing an InSpec profile with that resource pack (AWS, Azure, or GCP) as a dependency. - -Chef InSpec profiles that use **any cloud resource** must have the resource pack defined as a dependency. - -See the relevant resource pack readme for instructions: - -- [inspec-aws README](https://github.com/inspec/inspec-aws#use-the-resources) -- [inspec-azure README](https://github.com/inspec/inspec-azure#use-the-resources) -- [inspec-gcp README](https://github.com/inspec/inspec-gcp#use-the-resources) - -## License is not entitled to use InSpec - -The license key set with Chef InSpec is not entitled to use Chef InSpec. Each license key is entitled to one or more Chef products. To view the products that your key is entitled to, run the `inspec license list` command, which will list your license entitlements. - -To resolve this issue, set a license key that is entitled to Chef InSpec. - -See the [Chef Licensing documentation](/licensing/) for more information. - -## Unable to connect to the licensing server. InSpec requires server communication to operate - -Chef InSpec cannot connect to Chef's licensing service or a user-deployed Chef Local License Service. -This service is responsible for validating the Chef license key set with Chef InSpec. - -Check the following possible causes of this issue: - -- Network Connectivity - - Ensure that the machine running Chef InSpec has proper network connectivity. It should be able to connect to Chef's licensing service or a user-deployed Chef Local License Service. This includes checking firewall settings and network configuration. - -- Service Availability - - If you're using a user-deployed Chef Local License Service, verify that it's correctly configured and operational. Any misconfigurations or issues with the Chef Local License Service could lead to connection problems. - -- URL Configuration - - If you're using a Chef Local License Service to manage Chef licenses, verify that the URL to the server is correct. - - If you configured the URL using an environment variable, check the value for environment variable `CHEF_LICENSE_SERVER` to confirm the configured URL. - - If you configured the URL using the `--chef-license-server` InSpec CLI option, reset the URL using the same InSpec CLI option. - -- Logs and Debugging - - Check the logs generated by Chef InSpec by using `--log-level debug` for more detailed error messages. Pay close attention to the URL that Chef InSpec is attempting to connect to. - -If the issue persists, please reach out to Chef's Customer Success managers or Support Team. - -## Invalid File Format Version - -Chef licensing data is stored on the `$HOME/.chef/licenses.yaml` file. - -The file format version used in the `licenses.yaml` file is unsupported or invalid. -The `licenses.yaml` file must have the latest supported file format version. - -Restore the file to the original state to resolve this issue. - -## License file contents are corrupted - -Chef licensing data is stored on the `$HOME/.chef/licenses.yaml` file. - -The `licenses.yaml` file is malformed and corrupt. - -Restore the file content to its original state to resolve this issue. diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/uninstall.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/uninstall.md deleted file mode 100644 index a2fc1f08fd..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/uninstall.md +++ /dev/null @@ -1,63 +0,0 @@ -+++ -title = "Uninstall Chef InSpec" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Uninstall" - identifier = "inspec/install/uninstall" - parent = "inspec/install" - weight = 40 -+++ - -You can uninstall Chef InSpec using the steps below that are appropriate for the -method of Chef InSpec installation. - -## macOS - -### Homebrew - -Use the following *destructive* command to remove the Chef InSpec standalone Homebrew package: - -```bash -brew cask uninstall inspec -``` - -### CLI - -Use the following *destructive* command in your terminal to remove the Chef InSpec package: - -```bash -sudo rm -rf /opt/inspec -``` - -## Windows - -### Installer - -Use *Add / Remove Programs* to remove Chef InSpec. - -## Linux - -### CLI - -Use the following *destructive* commands to uninstall Chef InSpec from Linux-based platforms. - -For Ubuntu, use the following *destructive* command to uninstall Chef InSpec: - -```bash -sudo dpkg -P inspec -``` - -For Red Hat Enterprise Linux, use the following *destructive* command to uninstall Chef InSpec: - -```bash -sudo rpm -e inspec -``` - -For SUSE Linux Enterprise Server, use the following *destructive* command to uninstall Chef InSpec: - -```bash -sudo zypper remove inspec -``` diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/waivers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/waivers.md deleted file mode 100644 index 5e8b12e326..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/waivers.md +++ /dev/null @@ -1,92 +0,0 @@ -+++ -title = "Waivers" -draft = false -gh_repo = "inspec" - -[menu] - [menu.inspec] - title = "Waivers" - identifier = "inspec/Waivers" - parent = "inspec" - weight = 110 -+++ - -Waivers allow you to waive controls and to dictate the running and/or reporting of those controls. A waiver file identifies: - -- which controls are waived -- a description of why it is waived -- (optionally) whether they should be skipped from running -- (optionally) an expiration date for the waiver - -## Usage - -Chef InSpec supports waiver files in YAML, JSON, or CSV file formats. - -To use a waiver file, invoke `inspec exec` with `--waiver-file [path]`. For example: - -```bash -inspec exec path/to/profile --waiver-file waivers.yaml -``` - -## Parameters - -Specify the following parameters in the waiver file: - -`control_id` **required** -: The ID of the control to be waived. - -`expiration_date` **optional** -: The expiration date of the waiver file in YYYY-MM-DD format. Waiver files expire at 00:00 at the local time of the system on the specified date. Waiver files without an expiration date are permanent. - -`run` **optional** -: If absent, `true`, or `yes`, the control will run and be - reported, but failures in the control won't make the overall run fail. If `false` or `no`, the control will not run. You may use any of `yes`, `no`, `true`, or `false`. To avoid confusion, you should explicitly specify whether the control should run or not. - -`justification` **required** -: A description of the waiver. This might include a reason for the waiver or the person who signed off on the waiver. - -## Examples - -Example in YAML: - -```yaml -waiver_control_1_2_3: - expiration_date: 2019-10-15 - justification: Not needed until Q3. @secteam - -xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled: - expiration_date: 2020-03-01 - justification: "This might be a bug in the test. @qateam" - run: false -``` - -Example in JSON: - -```json -{ - "waiver_control_1_2_3": { - "expiration_date": "2019-10-15T00:00:00.000Z", - "justification": "Not needed until Q3. @secteam" - }, - "xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled": { - "expiration_date": "2020-03-01T00:00:00.000Z", - "justification": "This might be a bug in the test. @qateam", - "run": false - } -} -``` - -Example in CSV: - -```plain -control_id,justification,run,expiration_date -waiver_control_1_2_3,Not needed until Q3,TRUE,2019-10-15T00:00:00.000Z -xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled,This might be a bug in the test. @qateam,FALSE,2020-03-01T00:00:00.000Z -``` - -which looks like this: - -| control_id | justification | run | expiration_date | -|---------------------------------------------------------------------------------------------|------------------------------------------|-------|--------------------------| -| waiver_control_1_2_3 | Not needed until Q3 | TRUE | 2019-10-15T00:00:00.000Z | -| xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled | This might be a bug in the test. @qateam | FALSE | 2020-03-01T00:00:00.000Z | diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/azurerm_deprecated.html b/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/azurerm_deprecated.html deleted file mode 100644 index 61c769e9c2..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/azurerm_deprecated.html +++ /dev/null @@ -1,8 +0,0 @@ -
-

Warning

-
-

- This resource will be deprecated when version 2 of the inspec-azure resource pack is released. Please use the {{ .Get "resource" }} resource instead. -

-
-
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_count_resources.md b/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_count_resources.md deleted file mode 100644 index 28625db9e1..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_count_resources.md +++ /dev/null @@ -1,4 +0,0 @@ -{{/* Counts the number of resource pages from all repositories in content/inspec/resources */}} - -{{- $inspecResources := .Site.GetPage "inspec/resources" -}} -{{- len $inspecResources.Pages -}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_resources.html b/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_resources.html deleted file mode 100644 index b9844414b0..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_resources.html +++ /dev/null @@ -1,21 +0,0 @@ -{{/* Lists all resource pages by the specified platform. */}} -{{/* Platforms are defined in the page front matter of each InSpec resource page. */}} -{{/* See https://github.com/inspec/inspec/blob/main/docs-chef-io/content/inspec/resources/_index.md */}} - -{{ $platform := (.Get "platform") | lower }} - diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_resources_filter.html b/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_resources_filter.html deleted file mode 100644 index ba80f79c9e..0000000000 --- a/_vendor/github.com/inspec/inspec/docs-chef-io/layouts/shortcodes/inspec/inspec_resources_filter.html +++ /dev/null @@ -1,4 +0,0 @@ - - -{{/* Add an input so users can filter resources on the https://docs.chef.io/inspec/resources/ page */}} -{{/* Works with javascript defined here: https://github.com/chef/chef-web-docs/blob/main/themes/docs-new/assets/js/inspec-filter.js */}} diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls.png deleted file mode 100644 index ee2408af6a..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls_with_mod.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls_with_mod.png deleted file mode 100644 index 16f80722d4..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls_with_mod.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls_with_skip.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls_with_skip.png deleted file mode 100644 index 0716c3c56f..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/include_controls_with_skip.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/reporter_outcome_progress_bar.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/reporter_outcome_progress_bar.png deleted file mode 100644 index f8a2d1b867..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/reporter_outcome_progress_bar.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/reporter_outcome_progress_bar_enhanced_outcomes.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/reporter_outcome_progress_bar_enhanced_outcomes.png deleted file mode 100644 index 7712245fcd..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/reporter_outcome_progress_bar_enhanced_outcomes.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/require_controls.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/require_controls.png deleted file mode 100644 index d52fe09d70..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/require_controls.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/require_controls_with_mod.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/require_controls_with_mod.png deleted file mode 100644 index 8daa71e408..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/require_controls_with_mod.png and /dev/null differ diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/waivers_file_excel.png b/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/waivers_file_excel.png deleted file mode 100644 index 17f85be14b..0000000000 Binary files a/_vendor/github.com/inspec/inspec/docs-chef-io/static/images/inspec/waivers_file_excel.png and /dev/null differ diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 734c04eaf0..b192bebbdc 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -3,12 +3,6 @@ # github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20250905124722-c1a4eb639cba # github.com/habitat-sh/on-prem-builder/docs-chef-io v0.0.0-20250805192817-f8b1dae05d5e # github.com/chef/chef-server/docs-chef-io v0.0.0-20250912093648-70b79ec99736 -# github.com/inspec/inspec/docs-chef-io v0.0.0-20250922064622-0dc91d4a484a -# github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20240122032124-a1d2a214e170 -# github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20240122032232-049dcf822eef -# github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20250728075256-c374c23637d3 -# github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd -# github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20240122032042-421355eaf502 # github.com/chef/chef-workstation/docs-chef-io v0.0.0-20250930142111-8c07fe8a2202 # github.com/chef/supermarket/docs-chef-io v0.0.0-20250602140848-cded623a3f5c # github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f diff --git a/assets/release-notes/inspec-aws/release-dates.json b/assets/release-notes/inspec-aws/release-dates.json new file mode 100644 index 0000000000..41c6f19bfb --- /dev/null +++ b/assets/release-notes/inspec-aws/release-dates.json @@ -0,0 +1,7 @@ +[ + "2021-10-01", + "2021-10-13", + "2021-11-08", + "2021-11-30", + "2022-01-07" +] \ No newline at end of file diff --git a/assets/release-notes/inspec-azure/release-dates.json b/assets/release-notes/inspec-azure/release-dates.json new file mode 100644 index 0000000000..ba9ebdc999 --- /dev/null +++ b/assets/release-notes/inspec-azure/release-dates.json @@ -0,0 +1,4 @@ +[ + "2021-10-08", + "2022-01-07" +] \ No newline at end of file diff --git a/assets/release-notes/inspec/release-versions.json b/assets/release-notes/inspec/release-versions.json new file mode 100644 index 0000000000..1d6cbfe952 --- /dev/null +++ b/assets/release-notes/inspec/release-versions.json @@ -0,0 +1,223 @@ +[ + "1.0.0", + "1.3.0", + "1.4.1", + "1.5.0", + "1.6.0", + "1.7.1", + "1.14.1", + "1.15.0", + "1.16.1", + "1.17.0", + "1.18.0", + "1.19.0", + "1.19.1", + "1.19.2", + "1.20.0", + "1.21.0", + "1.22.0", + "1.23.0", + "1.24.0", + "1.25.0", + "1.25.1", + "1.26.0", + "1.27.0", + "1.28.0", + "1.28.1", + "1.29.0", + "1.30.0", + "1.31.0", + "1.31.1", + "1.32.1", + "1.33.1", + "1.33.12", + "1.34.1", + "1.35.1", + "1.36.1", + "1.37.6", + "1.38.8", + "1.39.1", + "1.40.0", + "1.41.0", + "1.42.3", + "1.43.5", + "1.43.8", + "1.44.8", + "1.45.9", + "1.45.13", + "1.46.2", + "1.47.0", + "1.48.0", + "1.49.2", + "1.50.1", + "1.51.0", + "1.51.6", + "1.51.15", + "1.51.18", + "1.51.21", + "1.51.25", + "1.51.31", + "2.0.16", + "2.0.17", + "2.0.32", + "2.0.45", + "2.1.0", + "2.1.10", + "2.1.21", + "2.1.30", + "2.1.43", + "2.1.54", + "2.1.59", + "2.1.67", + "2.1.68", + "2.1.72", + "2.1.78", + "2.1.80", + "2.1.81", + "2.1.83", + "2.1.84", + "2.2.10", + "2.2.16", + "2.2.20", + "2.2.27", + "2.2.34", + "2.2.35", + "2.2.41", + "2.2.50", + "2.2.54", + "2.2.55", + "2.2.61", + "2.2.64", + "2.2.70", + "2.2.78", + "2.2.101", + "2.2.102", + "2.2.112", + "2.3.4", + "2.3.5", + "2.3.10", + "2.3.23", + "2.3.24", + "2.3.28", + "3.0.0", + "3.0.9", + "3.0.12", + "3.0.25", + "3.0.46", + "3.0.52", + "3.0.61", + "3.0.64", + "3.1.3", + "3.2.6", + "3.3.14", + "3.4.1", + "3.5.0", + "3.6.2", + "3.6.4", + "3.6.6", + "3.7.1", + "3.7.11", + "3.9.0", + "3.9.3", + "4.3.2", + "4.6.3", + "4.6.4", + "4.6.9", + "4.7.3", + "4.7.18", + "4.7.24", + "4.10.4", + "4.11.3", + "4.12.0", + "4.16.0", + "4.17.6", + "4.17.7", + "4.17.11", + "4.17.14", + "4.17.15", + "4.17.17", + "4.18.0", + "4.18.24", + "4.18.38", + "4.18.39", + "4.18.51", + "4.18.85", + "4.18.97", + "4.18.100", + "4.18.104", + "4.18.108", + "4.18.111", + "4.18.114", + "4.19.0", + "4.19.2", + "4.20.2", + "4.20.6", + "4.20.10", + "4.21.1", + "4.21.3", + "4.22.0", + "4.22.1", + "4.22.8", + "4.22.22", + "4.23.4", + "4.23.10", + "4.23.11", + "4.23.15", + "4.24.8", + "4.24.26", + "4.24.28", + "4.24.32", + "4.25.1", + "4.26.4", + "4.26.13", + "4.28.0", + "4.29.3", + "4.31.0", + "4.31.1", + "4.32.0", + "4.33.1", + "4.36.4", + "4.37.0", + "4.37.8", + "4.37.17", + "4.37.20", + "4.37.23", + "4.37.25", + "4.37.30", + "4.38.3", + "4.38.9", + "4.41.2", + "4.41.20", + "4.46.13", + "4.49.0", + "4.50.3", + "4.52.9", + "4.56.17", + "4.56.19", + "4.56.20", + "4.56.58", + "5.7.9", + "5.10.5", + "5.12.2", + "5.14.0", + "5.17.4", + "5.18.14", + "5.21.29", + "5.22.3", + "5.22.29", + "5.22.36", + "5.22.40", + "5.22.50", + "5.22.55", + "5.22.58", + "5.22.65", + "5.22.72", + "5.22.80", + "5.22.95", + "5.23.6", + "6.6.0", + "6.8.1", + "6.8.11", + "6.8.24", + "7.0.95" +] \ No newline at end of file diff --git a/config/_default/menu.toml b/config/_default/menu.toml index f9b734fe20..d6da6afb85 100644 --- a/config/_default/menu.toml +++ b/config/_default/menu.toml @@ -355,11 +355,11 @@ identifier = "desktop" parent = "desktop" weight = 30 - [[desktop]] - title = "Zero Touch Deployment" - identifier = "desktop/zero_touch" - parent = "desktop" - weight = 50 + [[desktop]] + title = "Zero Touch Deployment" + identifier = "desktop/zero_touch" + parent = "desktop" + weight = 50 [[desktop]] title = "macOS" @@ -496,6 +496,39 @@ identifier = "habitat" # End Chef Habitat Menu #### +#### +# Chef InSpec Menu +#### + +[[inspec]] +title = "Chef InSpec" +identifier = "inspec" + + [[inspec]] + title = "version 7.0" + identifier = "inspec/7.0/" + parent = "inspec" + url = "/inspec/7.0/" + weight = 10 + + [[inspec]] + title = "version 6.8" + identifier = "inspec/6.8/" + parent = "inspec" + url = "/inspec/6.8/" + weight = 20 + + [[inspec]] + title = "Resource packs" + identifier = "inspec/resource_packs" + parent = "inspec" + url = "/inspec/resource_packs/" + weight = 30 + +#### +# End Chef InSpec Menu +#### + #### # Chef Infra Server Menu #### @@ -760,7 +793,7 @@ identifier = "chef_infra" title = "Compliance DSL" identifier = "chef_infra/extension_apis/inspec/dsl_inspec/ Compliance DSL" parent = "chef_infra/extension_apis" - url = "/inspec/dsl_inspec/" + url = "/inspec/latest/profiles/controls/" weight = 20 [[infra]] diff --git a/config/_default/module.toml b/config/_default/module.toml index 6fa4d6da47..11108b5cb9 100644 --- a/config/_default/module.toml +++ b/config/_default/module.toml @@ -117,152 +117,6 @@ workspace = '' source = "layouts" target = "layouts" -### -# Chef InSpec -### - -[[imports]] - disable = false - ignoreConfig = false - path = "github.com/inspec/inspec/docs-chef-io" - -[[imports.mounts]] - source = "content/inspec" - target = "content/inspec" - -[[imports.mounts]] - source = "static/images/inspec" - target = "static/images/inspec" - -[[imports.mounts]] - source = "layouts" - target = "layouts" - -### -# Chef InSpec AliCloud Cloud Resources -### - -[[imports]] - disable = false - ignoreConfig = false - path = "github.com/inspec/inspec-alicloud/docs-chef-io" - -[[imports.mounts]] - source = "static" - target = "static" - -[[imports.mounts]] - source = "assets" - target = "assets" - -[[imports.mounts]] - source = "content/inspec" - target = "content/inspec" - -[[imports.mounts]] - source = "layouts" - target = "layouts" - -### -# Chef InSpec AWS Cloud Resources -### - -[[imports]] - disable = false - ignoreConfig = false - path = "github.com/inspec/inspec-aws/docs-chef-io" - -[[imports.mounts]] - source = "static" - target = "static" - -[[imports.mounts]] - source = "assets" - target = "assets" - -[[imports.mounts]] - source = "content/inspec" - target = "content/inspec" - -[[imports.mounts]] - source = "layouts" - target = "layouts" - -### -# Chef InSpec Azure Cloud Resources -### - -[[imports]] - disable = false - ignoreConfig = false - path = "github.com/inspec/inspec-azure/docs-chef-io" - -[[imports.mounts]] - source = "static" - target = "static" - -[[imports.mounts]] - source = "assets" - target = "assets" - -[[imports.mounts]] - source = "content/inspec" - target = "content/inspec" - -[[imports.mounts]] - source = "layouts" - target = "layouts" - -### -# Chef InSpec Habitat Cloud Resources -### - -[[imports]] - disable = false - ignoreConfig = false - path = "github.com/inspec/inspec-habitat/docs-chef-io" - -[[imports.mounts]] - source = "static" - target = "static" - -[[imports.mounts]] - source = "assets" - target = "assets" - -[[imports.mounts]] - source = "content" - target = "content" - -[[imports.mounts]] - source = "layouts" - target = "layouts" - -### -# Chef InSpec K8s Cloud Resources -### - -[[imports]] - disable = false - ignoreConfig = false - path = "github.com/inspec/inspec-k8s/docs-chef-io" - -[[imports.mounts]] - source = "/static" - target = "static" - -[[imports.mounts]] - source = "assets" - target = "assets" - -[[imports.mounts]] - source = "content" - target = "content" - -[[imports.mounts]] - source = "layouts" - target = "layouts" - ### # Chef Workstation ### diff --git a/config/_default/params.toml b/config/_default/params.toml index 819a02c603..07dde725fe 100644 --- a/config/_default/params.toml +++ b/config/_default/params.toml @@ -32,7 +32,9 @@ sitemaps = [ "https://docs.chef.io/360/1.2/sitemap.xml", "https://docs.chef.io/360/1.3/sitemap.xml", "https://docs.chef.io/360/1.4/sitemap.xml", - "https://docs.chef.io/360/1.5/sitemap.xml" + "https://docs.chef.io/360/1.5/sitemap.xml", + "https://docs.chef.io/inspec/6.8/sitemap.xml", + "https://docs.chef.io/inspec/7.0/sitemap.xml" ] [chef-web-docs] @@ -65,7 +67,7 @@ gh_path = "https://github.com/chef/license-service/tree/main/docs-chef-io/conten [search] -default_search_product_keys = ["", "chef-360-saas", "chef-360-1.5", "automate", "desktop", "habitat", "client", "server", "inspec", "saas", "supermarket", "workstation"] +default_search_product_keys = ["", "chef-360-saas", "chef-360-1.5", "automate", "desktop", "habitat", "client", "server", "inspec", "inspec-7.0", "saas", "supermarket", "workstation"] [search.products] @@ -125,6 +127,14 @@ product_key = "server" name = "InSpec" product_key = "inspec" +[[search.products.inspec.versions]] +name = "7.0" +product_version_key = "inspec-7.0" + +[[search.products.inspec.versions]] +name = "6.8" +product_version_key = "inspec-6.8" + [search.products.saas] name = "SaaS" product_key = "saas" diff --git a/content/inspec/_index.md b/content/inspec/_index.md new file mode 100644 index 0000000000..6b96c2ee3e --- /dev/null +++ b/content/inspec/_index.md @@ -0,0 +1,7 @@ ++++ +title = "Chef InSpec" ++++ + +- [Chef InSpec resource packs](/inspec/resource_packs) +- [Chef InSpec 7.0](/inspec/7.0/) +- [Chef InSpec 6.8](/inspec/6.8/) diff --git a/content/inspec/inputs.md b/content/inspec/inputs.md new file mode 100644 index 0000000000..b5318a0ac3 --- /dev/null +++ b/content/inspec/inputs.md @@ -0,0 +1,4 @@ ++++ +layout = "redirect" +redirect_url = "/inspec/latest/inputs/" ++++ \ No newline at end of file diff --git a/content/inspec/profiles.md b/content/inspec/profiles.md new file mode 100644 index 0000000000..915ee7cac3 --- /dev/null +++ b/content/inspec/profiles.md @@ -0,0 +1,4 @@ ++++ +layout = "redirect" +redirect_url = "/inspec/latest/profiles/" ++++ \ No newline at end of file diff --git a/content/inspec/waivers.md b/content/inspec/waivers.md new file mode 100644 index 0000000000..83f0f569f1 --- /dev/null +++ b/content/inspec/waivers.md @@ -0,0 +1,4 @@ ++++ +layout = "redirect" +redirect_url = "/inspec/latest/waivers/" ++++ \ No newline at end of file diff --git a/content/platforms.md b/content/platforms.md index 6754a45853..5181b9fb1e 100644 --- a/content/platforms.md +++ b/content/platforms.md @@ -150,19 +150,7 @@ The following platforms are supported only using the community. ### Chef InSpec -#### Commercial support - -The following table lists the commercially supported platforms and versions for Chef InSpec. - -{{< readfile file="content/inspec/reusable/md/support_commercial_platforms.md" >}} - -#### Derived platforms - -The following table lists supported derived platforms and versions for Chef InSpec. - -See our policy on [support for derived platforms](#support-for-derived-platforms) for more information. - -{{< readfile file="content/inspec/reusable/md/support_derived_platforms.md" >}} +See the [Chef InSpec documentation](/inspec/latest/). ### Chef Manage diff --git a/go.mod b/go.mod index e5d21b1b68..ef8631c6cb 100644 --- a/go.mod +++ b/go.mod @@ -17,12 +17,6 @@ require ( github.com/cowboy/jquery-hashchange v0.0.0-20100902193700-0310f3847f90 // indirect github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20250905124722-c1a4eb639cba // indirect github.com/habitat-sh/on-prem-builder/docs-chef-io v0.0.0-20250805192817-f8b1dae05d5e // indirect - github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20240122032124-a1d2a214e170 // indirect - github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20240122032232-049dcf822eef // indirect - github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20250728075256-c374c23637d3 // indirect - github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd // indirect - github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20240122032042-421355eaf502 // indirect - github.com/inspec/inspec/docs-chef-io v0.0.0-20250922064622-0dc91d4a484a // indirect github.com/swiftype/swiftype-autocomplete-jquery v0.0.0-20190222215504-a90008d64b30 // indirect github.com/swiftype/swiftype-search-jquery v1.1.0 // indirect github.com/twitter/hogan.js v3.0.2+incompatible // indirect diff --git a/go.sum b/go.sum index c9d4140d25..13931f1789 100644 --- a/go.sum +++ b/go.sum @@ -26,18 +26,6 @@ github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20250905124722-c1a4 github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20250905124722-c1a4eb639cba/go.mod h1:5GKz/BtTWeTr8vdVQPkvGDQkQ+xiGWLkDsPOXhu2Ps4= github.com/habitat-sh/on-prem-builder/docs-chef-io v0.0.0-20250805192817-f8b1dae05d5e h1:qHs6EaygFn8iNJgqeGHI6Bd1jMSynG4TijKKWfqR8N8= github.com/habitat-sh/on-prem-builder/docs-chef-io v0.0.0-20250805192817-f8b1dae05d5e/go.mod h1:8gmm7JyOiJAbZHIpZNCP4XqgZ8RtUHaEwEi0X0AsJ4M= -github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20240122032124-a1d2a214e170 h1:Q9jEEyv8nZAN5NgJXwMoqjngSz6Bc5ruNc9V72Hk4b4= -github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20240122032124-a1d2a214e170/go.mod h1:tAazDDBtR5yCl/FNWHnrmkxpfxnOo9B99DyfRE7JH1c= -github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20240122032232-049dcf822eef h1:r+GoVO6zbIAtusZ2w6MwUhtDAJicQkYbX0iWwZmuXfQ= -github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20240122032232-049dcf822eef/go.mod h1:5rfIsi1/SqSiAXqU94UOcfMnebnuaEmFriU8k8t1Kes= -github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20250728075256-c374c23637d3 h1:G9vG7jWwY/QSrWVL8PAo45OjfkWPkB0pMSlJny29VeA= -github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20250728075256-c374c23637d3/go.mod h1:93+uw8FTBAWybBZIn45FzO5vnZDBh51lgMwMP1vvIqo= -github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd h1:DyqDEbj+OfJEvigVO37AsEaZMqC71rLgfb7aGR2jEEI= -github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd/go.mod h1:Q4E7QBY4b7HDE2psfGT9jqvnLq1yfg5e9KWK4VTtI/M= -github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20240122032042-421355eaf502 h1:l3NT3O2TWWbp1XTeolWRNreLWoWornD4S8+h9uIVIc0= -github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20240122032042-421355eaf502/go.mod h1:JwjkNHKgELWxc9esXuK3ELEGL371pK496OKrK+te3Lk= -github.com/inspec/inspec/docs-chef-io v0.0.0-20250922064622-0dc91d4a484a h1:+XKAV3Ka9nMLhtuorClEXTYsrZPJ3okZk1LkNKJYL0o= -github.com/inspec/inspec/docs-chef-io v0.0.0-20250922064622-0dc91d4a484a/go.mod h1:k41HVhnK+v9/X2qCX+axYBM6eME3kFeatloWoMLxXQU= github.com/swiftype/swiftype-autocomplete-jquery v0.0.0-20190222215504-a90008d64b30 h1:dhqLFBINtD1rMwwd5s9INu4BkciCvQUd+r+CWUYWIB4= github.com/swiftype/swiftype-autocomplete-jquery v0.0.0-20190222215504-a90008d64b30/go.mod h1:qnxTyatkwE84LvoaQLPaLB4h5M3n6Q2z+SB/96DcAK8= github.com/swiftype/swiftype-search-jquery v1.1.0 h1:VRYyWPQtf3Vl3B5W2xQJuFVoUBlBFGQ4tOTu94b8mNU= diff --git a/layouts/index.html b/layouts/index.html index 8805648400..98c3d88ac8 100644 --- a/layouts/index.html +++ b/layouts/index.html @@ -75,10 +75,10 @@

Chef Automate

Chef InSpec

diff --git a/layouts/partials/version_numbers.html b/layouts/partials/version_numbers.html new file mode 100644 index 0000000000..c676f17d79 --- /dev/null +++ b/layouts/partials/version_numbers.html @@ -0,0 +1,73 @@ +{{- $product := .product -}} +{{- $chefVersions := .chefVersions -}} + +{{- $versionsUrl := ""}} +{{- if eq $product "automate" -}} + {{- $versionsUrl = "https://packages.chef.io/releases/current/automate.json" -}} +{{- else if (eq $product "habitat") -}} + {{- $versionsUrl = "/release-notes/habitat/release-versions.json" -}} +{{- else if (eq $product "inspec") -}} + {{- $versionsUrl = "/release-notes/inspec/release-versions.json" -}} +{{- else if (hasPrefix $product "inspec-") -}} + {{- $versionsUrl = print "/release-notes/" $product "/release-dates.json" -}} +{{- else -}} + {{- $versionsUrl = (print "https://omnitruck.chef.io/stable/" $product "/versions/all") -}} +{{- end -}} + +{{- $versions := "" -}} + +{{- $headers := dict "Cache-Control" "no-cache" "Connection" "keep-alive" -}} +{{- $cacheKey := print $versionsUrl (now.Format "20060102") (now.Hour) | md5 -}} +{{- $opts := dict "headers" $headers "key" $cacheKey -}} + +{{- if hasPrefix $versionsUrl "https://" -}} + {{- with try (resources.GetRemote $versionsUrl $opts) -}} + {{- with .Err -}} + {{- errorf "%s" . -}} + {{- else with .Value -}} + {{- $unmarshalOpts := dict "delimiter" "," -}} + {{- $versions = . | transform.Unmarshal $unmarshalOpts -}} + {{- end -}} + {{- else -}} + {{- errorf "Unable to get remote resource %q" $versionsUrl -}} + {{- end -}} +{{- else -}} + {{- with resources.Get $versionsUrl -}} + {{- with . | transform.Unmarshal -}} + {{- $versions = . -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- if not $versions -}} + {{- errorf "Version data missing from release notes for %s." $product -}} +{{- end -}} + +{{/* We have a current version of Infra Client that they want release notes for on the Client release notes page. */}} +{{/* This allows us to add current release version numbers of Client to the list of version numbers */}} +{{/* that we want to include in the Client release notes. */}} +{{- $current_versions := slice -}} +{{- if eq $product "chef" -}} + {{- $versions = append $chefVersions $versions -}} + {{- $paddedVersions := apply $versions "partial" "zero_prefix_pad" "." -}} + {{- $sortedVersions := (sort $paddedVersions "value" "desc") -}} + {{- $versions = apply $sortedVersions "partial" "zero_prefix_trim" "." -}} +{{- end -}} + +{{- $versionsCorrectOrder := slice -}} + +{{- if eq $product "automate" -}} + {{- $len := len $versions -}} + {{- range seq $len -}} + {{- $versionsCorrectOrder = $versionsCorrectOrder | append (index $versions (sub $len .)) -}} + {{- end -}} +{{- else if eq $product "chef" -}} + {{- $versionsCorrectOrder = $versions -}} +{{- else -}} + {{- $len := len $versions -}} + {{- range seq $len -}} + {{- $versionsCorrectOrder = $versionsCorrectOrder | append (index $versions (sub $len .)) -}} + {{- end -}} +{{- end -}} + +{{- return $versionsCorrectOrder -}} diff --git a/netlify.toml b/netlify.toml index c0058abf3d..32dead91d7 100644 --- a/netlify.toml +++ b/netlify.toml @@ -101,3 +101,27 @@ from = "/client/rc2/*" to = "https://release-rc2--chef-infra-client.netlify.app/client/rc2/:splat" status = 200 + +#### +# Chef InSpec redirects +#### + +[[redirects]] + from = "/inspec/resource_packs/*" + to = "https://inspec-resource-pack-docs.netlify.app/inspec/resource_packs/:splat" + status = 200 + +[[redirects]] + from = "/inspec/7.0/*" + to = "https://release-7-0--chef-inspec-docs.netlify.app/inspec/7.0/:splat" + status = 200 + +[[redirects]] + from = "/inspec/6.8/*" + to = "https://release-6-8--chef-inspec-docs.netlify.app/inspec/6.8/:splat" + status = 200 + +[[redirects]] + from = "/inspec/latest/*" + to = "/inspec/7.0/:splat" + status = 301