Merge 2d15370 into e275f33

inspec · Jun 10, 2019 · db75b80 · db75b80
2 parents e275f33 + 2d15370
commit db75b80
Show file tree

Hide file tree

Showing 50 changed files with 84 additions and 92 deletions.
diff --git a/examples/profile-attribute/controls/example.rb b/examples/profile-attribute/controls/example.rb
@@ -1,5 +1,5 @@
-val_user = attribute('user', value: 'alice', description: 'An identification for the user')
-val_password = attribute('password', description: 'A value for the password')
+val_user = input('user', value: 'alice', description: 'An identification for the user')
+val_password = input('password', description: 'A value for the password')
 
 describe val_user do
   it { should eq 'bob' }

diff --git a/kitchen.yml b/kitchen.yml
@@ -22,8 +22,6 @@ provisioner:
 verifier:
   name: inspec
   sudo: true
-  attributes:
-    verifier_attribute: 'Attribute Override!'
 
 platforms:
 - name: amazonlinux

diff --git a/test/integration/aws/default/verify/controls/aws_cloudtrail_trail.rb b/test/integration/aws/default/verify/controls/aws_cloudtrail_trail.rb
@@ -10,7 +10,7 @@
   'cloudtrail_trail_2_arn',
   'cloudtrail_trail_2_s3_bucket_name'
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/cloudtrail.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_cloudwatch_alarm.rb b/test/integration/aws/default/verify/controls/aws_cloudwatch_alarm.rb
@@ -4,7 +4,7 @@
   'cloudwatch_alarm_1_metric_name',
   'cloudwatch_alarm_1_namespace',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
   fixture_name,
   default: "default.#{fixture_name}",
   description: 'See ../build/cloudwatch.tf',
@@ -26,4 +26,4 @@
   ) do
     it { should_not exist }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_cloudwatch_log_metric_filter.rb b/test/integration/aws/default/verify/controls/aws_cloudwatch_log_metric_filter.rb
@@ -7,7 +7,7 @@
 'log_metric_filter_2_log_group_name',
 'log_metric_filter_2_pattern',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
   fixture_name,
   default: "default.#{fixture_name}",
   description: 'See ../build/cloudwatch.tf',
@@ -71,4 +71,4 @@
   ) do
     its('filter_name') { should cmp fixtures['log_metric_filter_2_name'] }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_config_delivery_channel.rb b/test/integration/aws/default/verify/controls/aws_config_delivery_channel.rb
@@ -6,7 +6,7 @@
   'delivery_channel_01_bucket_prefix',
   'sns_topic_for_delivery_channel_arn'
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_config_recorder.rb b/test/integration/aws/default/verify/controls/aws_config_recorder.rb
@@ -3,7 +3,7 @@
   'role_for_config_recorder_arn',
   'config_recorder_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/config.tf',
@@ -59,4 +59,4 @@
     it { should be_recording_all_resource_types }
     it { should_not be_recording_all_global_types }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_ec2_instance.rb b/test/integration/aws/default/verify/controls/aws_ec2_instance.rb
@@ -12,7 +12,7 @@
   'ec2_instance_debian_id',  
   'ec2_ami_id_debian',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',
@@ -74,4 +74,4 @@
   describe aws_ec2_instance(fixtures['ec2_instance_debian_id']) do
     its('image_id') { should eq fixtures['ec2_ami_id_debian'] }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_ec2_instances.rb b/test/integration/aws/default/verify/controls/aws_ec2_instances.rb
@@ -4,7 +4,7 @@
   'ec2_instance_centos_id',
   'ec2_instance_debian_id',  
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_eks_cluster.rb b/test/integration/aws/default/verify/controls/aws_eks_cluster.rb
@@ -5,7 +5,7 @@
   'eks_cluster_security_group_id',
   'eks_vpc_subnets',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/eks.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_elb.rb b/test/integration/aws/default/verify/controls/aws_elb.rb
@@ -13,7 +13,7 @@
   'elb_security_group_to_lb_id',
   'elb_vpc_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_elbs.rb b/test/integration/aws/default/verify/controls/aws_elbs.rb
@@ -13,7 +13,7 @@
   'elb_security_group_to_lb_id',
   'elb_vpc_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_flow_log.rb b/test/integration/aws/default/verify/controls/aws_flow_log.rb
@@ -1,7 +1,7 @@
 fixtures = {}
 %w[flow_log_alpha_vpc_log_id flow_log_alpha_subnet_log_id
    flow_log_alpha_subnet_id flow_log_vpc_id].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/flow_log.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_iam_access_key.rb b/test/integration/aws/default/verify/controls/aws_iam_access_key.rb
@@ -6,7 +6,7 @@
   'iam_access_key_recall_hit',
   'iam_access_key_recall_miss',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_iam_access_keys.rb b/test/integration/aws/default/verify/controls/aws_iam_access_keys.rb
@@ -4,7 +4,7 @@
   'iam_user_without_access_key',  
   'iam_access_key_recall_hit',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',
@@ -55,4 +55,4 @@
   describe aws_iam_access_keys(username: fixtures['iam_user_without_access_key']) do
     it { should_not exist }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_iam_group.rb b/test/integration/aws/default/verify/controls/aws_iam_group.rb
@@ -3,7 +3,7 @@
   'iam_group_administrators',
   'iam_user_recall_hit'
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',
@@ -24,4 +24,4 @@
   describe aws_iam_group(fixtures['iam_group_administrators']) do
     its('users') { should include fixtures['iam_user_recall_hit'] }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_iam_groups.rb b/test/integration/aws/default/verify/controls/aws_iam_groups.rb
@@ -2,7 +2,7 @@
 [
   'iam_group_administrators',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',
@@ -28,4 +28,4 @@
   describe aws_iam_groups do
     its('group_names') { should include fixtures['iam_group_administrators'] }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_iam_policy.rb b/test/integration/aws/default/verify/controls/aws_iam_policy.rb
@@ -3,7 +3,7 @@
   'aws_iam_policy_alpha_name',
   'aws_iam_policy_beta_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',
@@ -107,4 +107,4 @@
   describe aws_iam_policy('PowerUserAccess') do
     it { should_not have_statement 'Action' => 'iam:*' }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_iam_root_user.rb b/test/integration/aws/default/verify/controls/aws_iam_root_user.rb
@@ -2,7 +2,7 @@
 [
   'aws_account_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_iam_user.rb b/test/integration/aws/default/verify/controls/aws_iam_user.rb
@@ -20,7 +20,7 @@
   'iam_policy_user_attached_0i_2a_2_arn',
   'iam_policy_user_attached_0i_2a_2_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',
@@ -108,4 +108,4 @@
       end
     end
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_iam_users.rb b/test/integration/aws/default/verify/controls/aws_iam_users.rb
@@ -14,7 +14,7 @@
   'iam_policy_user_attached_0i_2a_2_arn',
   'iam_policy_user_attached_0i_2a_2_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/iam.tf',
@@ -52,4 +52,4 @@
     its('attached_policy_arns.count') { should eq 3 }    
     its('attached_policy_arns') { should include fixtures['iam_policy_user_attached_1i_1a_1_arn'] }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_kms_key.rb b/test/integration/aws/default/verify/controls/aws_kms_key.rb
@@ -5,7 +5,7 @@
   'kms_key_disabled_key_id',
   'kms_key_enabled_key_description'
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
   fixture_name,
   default: "default.#{fixture_name}",
   description: 'See ../build/kms.tf',
@@ -48,4 +48,4 @@
   describe aws_kms_key(fixtures['kms_key_disabled_key_id']) do
     it { should_not have_rotation_enabled }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_rds_instance.rb b/test/integration/aws/default/verify/controls/aws_rds_instance.rb
@@ -2,7 +2,7 @@
 [
   'rds_db_instance_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/rds.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_route_table.rb b/test/integration/aws/default/verify/controls/aws_route_table.rb
@@ -3,7 +3,7 @@
   'route_table_1_id',
   'route_table_1_vpc_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/route_table.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_route_tables.rb b/test/integration/aws/default/verify/controls/aws_route_tables.rb
@@ -4,7 +4,7 @@
   'route_table_2_id',
   'route_table_1_vpc_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',
@@ -25,4 +25,4 @@
     its('vpc_ids') { should include fixtures['route_table_1_vpc_id'] }
     its('route_table_ids') { should include fixtures['route_table_1_id'], fixtures['route_table_2_id'] }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_s3_bucket.rb b/test/integration/aws/default/verify/controls/aws_s3_bucket.rb
@@ -10,7 +10,7 @@
   's3_bucket_access_logging_enabled_name',
   's3_bucket_access_logging_not_enabled_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/s3.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_s3_buckets.rb b/test/integration/aws/default/verify/controls/aws_s3_buckets.rb
@@ -3,7 +3,7 @@
   's3_bucket_public_name',
   's3_bucket_private_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/s3.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_security_group.rb b/test/integration/aws/default/verify/controls/aws_security_group.rb
@@ -7,7 +7,7 @@
   'ec2_security_group_gamma_group_id',
   'ec2_security_group_alpha_group_name',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_security_groups.rb b/test/integration/aws/default/verify/controls/aws_security_groups.rb
@@ -3,7 +3,7 @@
   'ec2_security_group_default_vpc_id',
   'ec2_security_group_default_group_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/ec2.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_sns_subscription.rb b/test/integration/aws/default/verify/controls/aws_sns_subscription.rb
@@ -5,7 +5,7 @@
   'sqs_for_sub_03_arn',
   'aws_account_id',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/sns.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_sns_topic.rb b/test/integration/aws/default/verify/controls/aws_sns_topic.rb
@@ -4,7 +4,7 @@
   'sns_topic_with_subscription_arn',
   'sns_topic_no_subscription_arn',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
   fixture_name,
   default: "default.#{fixture_name}",
   description: 'See ../build/sns.tf',
@@ -36,4 +36,4 @@
   describe aws_sns_topic(fixtures['sns_topic_no_subscription_arn']) do
     its('confirmed_subscription_count') { should be_zero }
   end
-end
+end
diff --git a/test/integration/aws/default/verify/controls/aws_sns_topics.rb b/test/integration/aws/default/verify/controls/aws_sns_topics.rb
@@ -2,7 +2,7 @@
 [
   'sns_topic_recall_hit_arn',
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
     fixture_name,
     default: "default.#{fixture_name}",
     description: 'See ../build/sns.tf',

diff --git a/test/integration/aws/default/verify/controls/aws_sqs_queue.rb b/test/integration/aws/default/verify/controls/aws_sqs_queue.rb
@@ -3,7 +3,7 @@
   'sqs_queue_1_url',
   'sqs_queue_2_url',  
 ].each do |fixture_name|
-  fixtures[fixture_name] = attribute(
+  fixtures[fixture_name] = input(
   fixture_name,
   default: "default.#{fixture_name}",
   description: 'See ../build/sqs.tf',
@@ -44,4 +44,4 @@
       its('is_fifo_queue') { should be true }
       its('content_based_deduplication') { should be true }
     end  
-end
+end