Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding support for SDB Resource #654

Merged
merged 6 commits into from Nov 17, 2021
Merged

Adding support for SDB Resource #654

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4c5d47e
adding SDB Resource
Sep 30, 2021
3a26075
modified and fixed
soumyo13 Sep 30, 2021
b449ce4
added integration tests
Oct 1, 2021
1a8c822
fix-unit-test
Oct 1, 2021
4bdd56f
Docs edits
IanMadd Nov 16, 2021
0531ba7
resolved conflicts
soumyo13 Nov 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
61 changes: 61 additions & 0 deletions docs/resources/aws_sdb_domains.md
View file
Open in desktop
@@ -0,0 +1,61 @@
---
title: About the aws_sdb_domains Resource
platform: aws
---

# aws_sdb_domains

Use the `aws_sdb_domains` InSpec audit resource to test multiple SimpleDB domain names.

## Syntax

Ensure that a domain exists.

describe aws_sdb_domains do
it { should exist }
end

For additional information, see the [AWS documentation on AWS SDB Domains.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-simpledb.html).


## Parameters

This resource does not require any parameters.

## Properties

| Property | Description | Field |
| --- | --- | --- |
| domain_names | A list of domain names that match the expression. | domain_names |

## Examples

### Ensure a domain name is available.

describe aws_sdb_domains do
its('domain_names') { should include 'DOMAIN_NAME')' }
end

## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).

The controls will pass if the `list` method returns at least one result.

### exist

Use `should` to test that the entity exists.

describe aws_sdb_domains do
it { should exist }
end

Use `should_not` to test the entity does not exist.

describe aws_sdb_domains do
it { should_not exist }
end

## AWS Permissions

Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `SimpleDB:Client:ListDomainsResult` action with `Effect` set to `Allow`.
5 changes: 5 additions & 0 deletions libraries/aws_backend.rb
View file
Open in desktop
Expand Up @@ -53,6 +53,7 @@
require 'aws-sdk-networkmanager'
require 'aws-sdk-signer'
require 'aws-sdk-amplify'
require 'aws-sdk-simpledb'

# AWS Inspec Backend Classes
#
Expand Down Expand Up @@ -301,6 +302,10 @@ def amplify_client
def network_firewall_client
aws_client(Aws::NetworkFirewall::Client)
end

def simpledb_client
aws_client(Aws::SimpleDB::Client)
end
end

# Base class for AWS resources
Expand Down
37 changes: 37 additions & 0 deletions libraries/aws_sdb_domains.rb
View file
Open in desktop
@@ -0,0 +1,37 @@
# frozen_string_literal: true

require 'aws_backend'

class AWSSDBDomains < AwsResourceBase
name 'aws_sdb_domains'
desc 'Verifies settings for SDB Domain in bulk.'

example "
describe aws_sdb_domains do
it { should exist }
end
"

attr_reader :table

def initialize(opts = {})
super(opts)
validate_parameters
@table = fetch_data
end

FilterTable.create
.register_column(:domain_names, field: :domain_names, style: :simple)
.install_filter_methods_on_resource(self, :table)

def fetch_data
catch_aws_errors do
@resp = @aws.simpledb_client.list_domains.map do |table|
table.map { |table_name| {
domain_names: table_name[:domain_names],
}
}
end.flatten
end
end
end
4 changes: 4 additions & 0 deletions test/integration/build/aws.tf
View file
Open in desktop
Expand Up @@ -4817,4 +4817,8 @@ resource "aws_amplify_branch" "main" {
environment_variables = {
REACT_APP_API_SERVER = "https://api.example.com"
}
}

resource "aws_simpledb_domain" "users" {
name = "users"
}
4 changes: 4 additions & 0 deletions test/integration/build/outputs.tf
View file
Open in desktop
Expand Up @@ -830,6 +830,10 @@ output "aws_network_interface_id1" {
value = aws_network_interface.aws_network_interface_test.id
}

output "domain-names-sdb" {
value = aws_simpledb_domain.users.name
}

output "aws_api_gateway_deployement_id_test" {
value = aws_api_gateway_stage.aws_api_gateway_stage_test.deployment_id
}
Expand Down
13 changes: 13 additions & 0 deletions test/integration/verify/controls/aws_sdb_domains.rb
View file
Open in desktop
@@ -0,0 +1,13 @@
title 'Test AWS SimpleDB Domains'

domain_names_sdb = attribute(:domain_names_sdb , value: '', description: '')

control 'aws-sdb-domains-1.0' do

impact 1.0
title 'Ensure AWS Simple DB.'
describe aws_sdb_domains do
it { should exist }
its('domain_names') { should include domain_names_sdb }
end
end
35 changes: 35 additions & 0 deletions test/unit/resources/aws_sdb_domains_test.rb
View file
Open in desktop
@@ -0,0 +1,35 @@
require 'helper'
require 'aws_sdb_domains'
require 'aws-sdk-core'

class AWSSDBDomainsConstructorTest < Minitest::Test

def test_empty_params_ok
AWSSDBDomains.new(client_args: { stub_responses: true })
end

def test_rejects_other_args
assert_raises(ArgumentError) { AWSSDBDomains.new('rubbish') }
end
end

class AWSSDBDomainsHappyPathTest < Minitest::Test

def setup
data = {}
data[:method] = :list_domains
mock_data = {}
mock_data[:domain_names] = ['DomainName']
data[:data] = [mock_data]
data[:client] = Aws::SimpleDB::Client
@resp = AWSSDBDomains.new(client_args: { stub_responses: true }, stub_data: [data])
end

def test_domain_name_exists
assert @resp.exist?
end

def test_domain_names
assert_equal(@resp.domain_names, ['DomainName'])
end
end