Merge 1cd4416 into 58d2b01

docs/resources/aws_billing_report.md.erb

@@ -0,0 +1,98 @@
+
+---
+title: About the aws_billing_report Resource
+platform: aws
+---
+
+# aws\_billing\_report
+
+Use the `aws_billing_report` InSpec audit resource to test properties of a single AWS Cost and Billing report.
+
+<br>
+
+## Syntax
+
+  # Verify the time_unit used by the 'inspec1' Billing Report.
+  describe aws_billing_report('inspec1') do
+    its('time_unit') { should cmp 'DAILY' }
+  end
+
+  # Hash Syntax to verify the time_unit used by the 'inspec1' Billing Report.
+  describe aws_billing_report(report_definition: 'inspec1') do
+    its('time_unit') { should cmp 'DAILY' }
+  end
+
+## Properties
+
+  `report_name`, `time_unit`, `compression`, `s3_bucket`, `s3_prefix`, `s3_region`, `additional_artifacts`
+
+<br>
+
+## Propery Examples
+
+### report_name
+ The reports name.
+  describe aws_billing_report('inspec1') do
+    its('report_name') { should cmp 'inspec1' }
+  end
+
+### time_unit
+ The interval of time covered by the report. Valid values: HOURLY, or Daily.
+
+  describe aws_billing_report('inspec1') do
+    its('time_unit') { should cmp 'HOURLY' }
+  end
+
+### compression
+ The reports compression type. Valid values: ZIP, or GZIP.
+
+  describe aws_billing_report('inspec1') do
+    its('compression') { should cmp 'ZIP' }
+  end
+
+### s3_bucket
+ The s3_bucket the report is stored in.
+
+  describe aws_billing_report('inspec1') do
+    its('s3_bucket') { should cmp 'inspec-s3-bucket' }
+  end
+
+### s3_prefix
+ The prefix that AWS adds to the report when stored.
+
+  describe aws_billing_report('inspec1') do
+    its('s3_prefix') { should cmp 'inspec1' }
+  end
+
+### s3_region
+ The AWS region of the S3 bucket.
+
+  describe aws_billing_report('inspec1') do
+    its('s3_region') { should cmp 'us-east-1' }
+  end
+
+### additional_artifacts
+ The list of manifests created for the report. Valid values: REDSHIFT, or QUICKSIGHT.
+
+  describe aws_billing_report('inspec1') do
+    its('additional_artifacts') { should cmp 'QUICKSIGHT' }
+  end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exist
+
+Indicates that the Billing Report provided was found.  Use `should_not` to test for Billing Reports that should not exist.
+
+  # Verify that the 'inspec1' Billing Report exists.
+  describe aws_billing_report('inspec1') do
+    it { should exist }
+  end
+
+  # Verify that the 'inspec2' Billing Report does not exist.
+  describe aws_billing_report('invalid-inspec') do
+    it { should_not exist }
+  end
+

docs/resources/aws_billing_reports.md.erb

@@ -0,0 +1,93 @@
+---
+title: About the aws_billing_reports Resource
+platform: aws
+---
+
+# aws\_billing\_reports
+
+Use the `aws_billing_reports` InSpec audit resource to test properties of a some or all AWS Cost and Billing reports.
+
+<br>
+
+## Syntax
+
+  # Verify the number of Billing Reports in the AWS account.
+  describe aws_billing_reports do
+    its('entries.count') { should cmp 2 }
+  end
+
+  # Use the .where clause to match a property to one or more rules in the available reports.
+  describe aws_billing_reports.where { report_name =~ /inspec.*/ } do
+    its('report_name') { should include 'inspec1' }
+    its('time_unit') { should include 'DAILY' }
+    its('s3_bucket') { should include 'inspec1-s3-bucket' }
+  end
+
+## Properties
+
+  `report_name`, `time_unit`, `compression`, `s3_bucket`, `s3_prefix`, `s3_region`, `additional_artifacts`
+
+<br>
+
+## Propery Examples
+
+### report_name
+ The reports name.
+  describe aws_billing_reports do
+    its('report_name') { should cmp ['inspec1', 'inspec2'] }
+  end
+
+### time_unit
+ The interval of time covered by the report. Valid values: HOURLY, or Daily.
+
+  describe aws_billing_reports do
+    its('time_unit') { should_not include 'HOURLY' }
+  end
+
+### compression
+ The reports compression type. Valid values: ZIP, or GZIP.
+
+  describe aws_billing_reports do
+    its('compression') { should_not include 'ZIP' }
+  end
+
+### s3_bucket
+ The s3_bucket the report is stored in.
+
+  describe aws_billing_reports do
+    its('s3_bucket') { should cmp ['inspec-s3-bucket', 'example-s3-bucket'] }
+  end
+
+### s3_prefix
+ The prefix that AWS adds to the report when stored.
+
+  describe aws_billing_reports do
+    its('s3_prefix') { should cmp ['inspec1', 'inspec2'] }
+  end
+
+### s3_region
+ The AWS region of the S3 bucket.
+
+  describe aws_billing_reports do
+    its('s3_region') { should cmp ['us-east-1', 'us-west-1'] }
+  end
+
+### additional_artifacts
+ The list of manifests created for the report. Valid values: REDSHIFT, or QUICKSIGHT.
+
+  describe aws_billing_reports do
+    its('additional_artifacts') { should_not include 'QUICKSIGHT' }
+  end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exist
+
+Indicates that the Billing Report provided was found.  Use `should_not` to test for Billing Reports that should not exist.
+
+  # Verify that at least one Billing Report exists.
+  describe aws_billing_reports
+    it { should exist }
+  end

lib/resource_support/aws.rb

@@ -12,6 +12,8 @@
 # Load all AWS resources
 # TODO: loop over and load entire directory
 # for f in ls lib/resources/aws/*; do t=$(echo $f | cut -c 5- | cut -f1 -d. ); echo "require '${t}'"; done
+require 'resources/aws/aws_billing_report'
+require 'resources/aws/aws_billing_reports'
 require 'resources/aws/aws_cloudtrail_trail'
 require 'resources/aws/aws_cloudtrail_trails'
 require 'resources/aws/aws_cloudwatch_alarm'

lib/resources/aws/aws_billing_report.rb

@@ -0,0 +1,79 @@
+require 'utils/filter'
+
+class AwsBillingReport < Inspec.resource(1)
+  name 'aws_billing_report'
+  supports platform: 'aws'
+  desc 'Verifies settings for AWS Cost and Billing Reports.'
+  example "
+    describe aws_billing_report('inspec1') do
+      its('report_name') { should cmp 'inspec1' }
+      its('time_unit') { should cmp 'DAILY' }
+    end
+
+    describe aws_billing_report(report_definition: 'inspec1') do
+      it { should exist }
+    end"
+
+  include AwsSingularResourceMixin
+
+  attr_reader :report_name, :time_unit, :format, :compression, :s3_bucket,
+              :s3_prefix, :s3_region, :additional_artifacts, :additional_schema_elements
+
+  def to_s
+    "AWS Billing Report #{@report_definition}"
+  end
+
+  def validate_params(raw_params)
+    validated_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:report_definition],
+      allowed_scalar_name: :report_definition,
+      allowed_scalar_type: String,
+    )
+
+    if validated_params.empty?
+      raise ArgumentError, "You must provide the parameter 'report_definition' to aws_billing_report."
+    end
+
+    validated_params
+  end
+
+  def fetch_from_api
+    r = report
+    @exists = !r.nil?
+    unless r.nil?
+      @report_name = r.report_name
+      @time_unit = r.time_unit
+      @format = r.format
+      @compression = r.compression
+      @s3_bucket = r.s3_bucket
+      @s3_prefix = r.s3_prefix
+      @s3_region = r.s3_region
+      @additional_artifacts = r.additional_artifacts
+      @additional_schema_elements = r.additional_schema_elements
+    end
+  end
+
+  private
+
+  def report
+    definitions = backend.describe_report_definitions.report_definitions
+    report = definitions.select { |r| r.report_name.eql?(@report_definition) }
+    report.first
+  end
+
+  def backend
+    BackendFactory.create(inspec_runner)
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      AwsBillingReport::BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::CostandUsageReportService::Client
+
+      def describe_report_definitions
+        aws_service_client.describe_report_definitions
+      end
+    end
+  end
+end

lib/resources/aws/aws_billing_reports.rb

@@ -0,0 +1,65 @@
+require 'utils/filter'
+
+class AwsBillingReports < Inspec.resource(1)
+  name 'aws_billing_reports'
+  supports platform: 'aws'
+  desc 'Verifies settings for AWS Cost and Billing Reports.'
+  example "
+      describe aws_billing_reports do
+        its('report_name') { should include 'inspec1' }
+        its('s3_bucket') { should include 'inspec1-s3-bucket' }
+      end
+
+     describe aws_billing_reports.where { report_name =~ /inspec.*/ } do
+       its ('report_name') { should include ['inspec1'] }
+       its ('time_unit') { should include ['DAILY'] }
+       its ('s3_bucket') { should include ['inspec1-s3-bucket'] }
+     end"
+
+  include AwsPluralResourceMixin
+
+  filtertable = FilterTable.create
+  filtertable.add_accessor(:entries)
+             .add_accessor(:where)
+             .add(:exists?) { |x| !x.entries.empty? }
+             .add(:report_name, field: :report_name)
+             .add(:time_unit, field: :time_unit)
+             .add(:format, field: :format)
+             .add(:compression, field: :compression)
+             .add(:s3_bucket, field: :s3_bucket)
+             .add(:s3_prefix, field: :s3_prefix)
+             .add(:s3_region, field: :s3_region)
+             .add(:additional_artifacts, field: :additional_artifacts)
+             .add(:additional_schema_elements, field: :additional_schema_elements)
+  filtertable.connect(self, :table)
+
+  def validate_params(resource_params)
+    unless resource_params.empty?
+      raise ArgumentError, 'aws_billing_reports does not accept resource parameters.'
+    end
+    resource_params
+  end
+
+  def to_s
+    'AWS Billing Reports'
+  end
+
+  def fetch_from_api
+    @table = []
+    backend = BackendFactory.create(inspec_runner)
+    backend.describe_report_definitions.report_definitions.each do |r|
+      @table << r.to_h
+    end
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      AwsBillingReports::BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::CostandUsageReportService::Client
+
+      def describe_report_definitions
+        aws_service_client.describe_report_definitions
+      end
+    end
+  end
+end