Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
502 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
|
||
--- | ||
title: About the aws_billing_report Resource | ||
platform: aws | ||
--- | ||
|
||
# aws\_billing\_report | ||
|
||
Use the `aws_billing_report` InSpec audit resource to test properties of a single AWS Cost and Billing report. | ||
|
||
<br> | ||
|
||
## Syntax | ||
|
||
# Verify the time_unit used by the 'inspec1' Billing Report. | ||
describe aws_billing_report('inspec1') do | ||
its('time_unit') { should cmp 'DAILY' } | ||
end | ||
|
||
# Hash Syntax to verify the time_unit used by the 'inspec1' Billing Report. | ||
describe aws_billing_report(report_definition: 'inspec1') do | ||
its('time_unit') { should cmp 'DAILY' } | ||
end | ||
|
||
## Properties | ||
|
||
`report_name`, `time_unit`, `compression`, `s3_bucket`, `s3_prefix`, `s3_region`, `additional_artifacts` | ||
|
||
<br> | ||
|
||
## Propery Examples | ||
|
||
### report_name | ||
The reports name. | ||
describe aws_billing_report('inspec1') do | ||
its('report_name') { should cmp 'inspec1' } | ||
end | ||
|
||
### time_unit | ||
The interval of time covered by the report. Valid values: HOURLY, or Daily. | ||
|
||
describe aws_billing_report('inspec1') do | ||
its('time_unit') { should cmp 'HOURLY' } | ||
end | ||
|
||
### compression | ||
The reports compression type. Valid values: ZIP, or GZIP. | ||
|
||
describe aws_billing_report('inspec1') do | ||
its('compression') { should cmp 'ZIP' } | ||
end | ||
|
||
### s3_bucket | ||
The s3_bucket the report is stored in. | ||
|
||
describe aws_billing_report('inspec1') do | ||
its('s3_bucket') { should cmp 'inspec-s3-bucket' } | ||
end | ||
|
||
### s3_prefix | ||
The prefix that AWS adds to the report when stored. | ||
|
||
describe aws_billing_report('inspec1') do | ||
its('s3_prefix') { should cmp 'inspec1' } | ||
end | ||
|
||
### s3_region | ||
The AWS region of the S3 bucket. | ||
|
||
describe aws_billing_report('inspec1') do | ||
its('s3_region') { should cmp 'us-east-1' } | ||
end | ||
|
||
### additional_artifacts | ||
The list of manifests created for the report. Valid values: REDSHIFT, or QUICKSIGHT. | ||
|
||
describe aws_billing_report('inspec1') do | ||
its('additional_artifacts') { should cmp 'QUICKSIGHT' } | ||
end | ||
|
||
## Matchers | ||
|
||
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). | ||
|
||
### exist | ||
|
||
Indicates that the Billing Report provided was found. Use `should_not` to test for Billing Reports that should not exist. | ||
|
||
# Verify that the 'inspec1' Billing Report exists. | ||
describe aws_billing_report('inspec1') do | ||
it { should exist } | ||
end | ||
|
||
# Verify that the 'inspec2' Billing Report does not exist. | ||
describe aws_billing_report('invalid-inspec') do | ||
it { should_not exist } | ||
end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
--- | ||
title: About the aws_billing_reports Resource | ||
platform: aws | ||
--- | ||
|
||
# aws\_billing\_reports | ||
|
||
Use the `aws_billing_reports` InSpec audit resource to test properties of a some or all AWS Cost and Billing reports. | ||
|
||
<br> | ||
|
||
## Syntax | ||
|
||
# Verify the number of Billing Reports in the AWS account. | ||
describe aws_billing_reports do | ||
its('entries.count') { should cmp 2 } | ||
end | ||
|
||
# Use the .where clause to match a property to one or more rules in the available reports. | ||
describe aws_billing_reports.where { report_name =~ /inspec.*/ } do | ||
its('report_name') { should include 'inspec1' } | ||
its('time_unit') { should include 'DAILY' } | ||
its('s3_bucket') { should include 'inspec1-s3-bucket' } | ||
end | ||
|
||
## Properties | ||
|
||
`report_name`, `time_unit`, `compression`, `s3_bucket`, `s3_prefix`, `s3_region`, `additional_artifacts` | ||
|
||
<br> | ||
|
||
## Propery Examples | ||
|
||
### report_name | ||
The reports name. | ||
describe aws_billing_reports do | ||
its('report_name') { should cmp ['inspec1', 'inspec2'] } | ||
end | ||
|
||
### time_unit | ||
The interval of time covered by the report. Valid values: HOURLY, or Daily. | ||
|
||
describe aws_billing_reports do | ||
its('time_unit') { should_not include 'HOURLY' } | ||
end | ||
|
||
### compression | ||
The reports compression type. Valid values: ZIP, or GZIP. | ||
|
||
describe aws_billing_reports do | ||
its('compression') { should_not include 'ZIP' } | ||
end | ||
|
||
### s3_bucket | ||
The s3_bucket the report is stored in. | ||
|
||
describe aws_billing_reports do | ||
its('s3_bucket') { should cmp ['inspec-s3-bucket', 'example-s3-bucket'] } | ||
end | ||
|
||
### s3_prefix | ||
The prefix that AWS adds to the report when stored. | ||
|
||
describe aws_billing_reports do | ||
its('s3_prefix') { should cmp ['inspec1', 'inspec2'] } | ||
end | ||
|
||
### s3_region | ||
The AWS region of the S3 bucket. | ||
|
||
describe aws_billing_reports do | ||
its('s3_region') { should cmp ['us-east-1', 'us-west-1'] } | ||
end | ||
|
||
### additional_artifacts | ||
The list of manifests created for the report. Valid values: REDSHIFT, or QUICKSIGHT. | ||
|
||
describe aws_billing_reports do | ||
its('additional_artifacts') { should_not include 'QUICKSIGHT' } | ||
end | ||
|
||
## Matchers | ||
|
||
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). | ||
|
||
### exist | ||
|
||
Indicates that the Billing Report provided was found. Use `should_not` to test for Billing Reports that should not exist. | ||
|
||
# Verify that at least one Billing Report exists. | ||
describe aws_billing_reports | ||
it { should exist } | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
require 'utils/filter' | ||
|
||
class AwsBillingReport < Inspec.resource(1) | ||
name 'aws_billing_report' | ||
supports platform: 'aws' | ||
desc 'Verifies settings for AWS Cost and Billing Reports.' | ||
example " | ||
describe aws_billing_report('inspec1') do | ||
its('report_name') { should cmp 'inspec1' } | ||
its('time_unit') { should cmp 'DAILY' } | ||
end | ||
describe aws_billing_report(report_definition: 'inspec1') do | ||
it { should exist } | ||
end" | ||
|
||
include AwsSingularResourceMixin | ||
|
||
attr_reader :report_name, :time_unit, :format, :compression, :s3_bucket, | ||
:s3_prefix, :s3_region, :additional_artifacts, :additional_schema_elements | ||
|
||
def to_s | ||
"AWS Billing Report #{@report_definition}" | ||
end | ||
|
||
def validate_params(raw_params) | ||
validated_params = check_resource_param_names( | ||
raw_params: raw_params, | ||
allowed_params: [:report_definition], | ||
allowed_scalar_name: :report_definition, | ||
allowed_scalar_type: String, | ||
) | ||
|
||
if validated_params.empty? | ||
raise ArgumentError, "You must provide the parameter 'report_definition' to aws_billing_report." | ||
end | ||
|
||
validated_params | ||
end | ||
|
||
def fetch_from_api | ||
r = report | ||
@exists = !r.nil? | ||
unless r.nil? | ||
@report_name = r.report_name | ||
@time_unit = r.time_unit | ||
@format = r.format | ||
@compression = r.compression | ||
@s3_bucket = r.s3_bucket | ||
@s3_prefix = r.s3_prefix | ||
@s3_region = r.s3_region | ||
@additional_artifacts = r.additional_artifacts | ||
@additional_schema_elements = r.additional_schema_elements | ||
end | ||
end | ||
|
||
private | ||
|
||
def report | ||
definitions = backend.describe_report_definitions.report_definitions | ||
report = definitions.select { |r| r.report_name.eql?(@report_definition) } | ||
report.first | ||
end | ||
|
||
def backend | ||
BackendFactory.create(inspec_runner) | ||
end | ||
|
||
class Backend | ||
class AwsClientApi < AwsBackendBase | ||
AwsBillingReport::BackendFactory.set_default_backend(self) | ||
self.aws_client_class = Aws::CostandUsageReportService::Client | ||
|
||
def describe_report_definitions | ||
aws_service_client.describe_report_definitions | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
require 'utils/filter' | ||
|
||
class AwsBillingReports < Inspec.resource(1) | ||
name 'aws_billing_reports' | ||
supports platform: 'aws' | ||
desc 'Verifies settings for AWS Cost and Billing Reports.' | ||
example " | ||
describe aws_billing_reports do | ||
its('report_name') { should include 'inspec1' } | ||
its('s3_bucket') { should include 'inspec1-s3-bucket' } | ||
end | ||
describe aws_billing_reports.where { report_name =~ /inspec.*/ } do | ||
its ('report_name') { should include ['inspec1'] } | ||
its ('time_unit') { should include ['DAILY'] } | ||
its ('s3_bucket') { should include ['inspec1-s3-bucket'] } | ||
end" | ||
|
||
include AwsPluralResourceMixin | ||
|
||
filtertable = FilterTable.create | ||
filtertable.add_accessor(:entries) | ||
.add_accessor(:where) | ||
.add(:exists?) { |x| !x.entries.empty? } | ||
.add(:report_name, field: :report_name) | ||
.add(:time_unit, field: :time_unit) | ||
.add(:format, field: :format) | ||
.add(:compression, field: :compression) | ||
.add(:s3_bucket, field: :s3_bucket) | ||
.add(:s3_prefix, field: :s3_prefix) | ||
.add(:s3_region, field: :s3_region) | ||
.add(:additional_artifacts, field: :additional_artifacts) | ||
.add(:additional_schema_elements, field: :additional_schema_elements) | ||
filtertable.connect(self, :table) | ||
|
||
def validate_params(resource_params) | ||
unless resource_params.empty? | ||
raise ArgumentError, 'aws_billing_reports does not accept resource parameters.' | ||
end | ||
resource_params | ||
end | ||
|
||
def to_s | ||
'AWS Billing Reports' | ||
end | ||
|
||
def fetch_from_api | ||
@table = [] | ||
backend = BackendFactory.create(inspec_runner) | ||
backend.describe_report_definitions.report_definitions.each do |r| | ||
@table << r.to_h | ||
end | ||
end | ||
|
||
class Backend | ||
class AwsClientApi < AwsBackendBase | ||
AwsBillingReports::BackendFactory.set_default_backend(self) | ||
self.aws_client_class = Aws::CostandUsageReportService::Client | ||
|
||
def describe_report_definitions | ||
aws_service_client.describe_report_definitions | ||
end | ||
end | ||
end | ||
end |
Oops, something went wrong.