From e442fa87da2d5fada2f87bd2c592a80c2dc51add Mon Sep 17 00:00:00 2001 From: Nirbhay Kumar Date: Thu, 25 Nov 2021 00:22:53 +0530 Subject: [PATCH 01/14] added resourcce and test Signed-off-by: Nirbhay Kumar --- docs/resources/aws_s3_storage_lens.md | 0 docs/resources/aws_s3_storage_lenses.md | 0 libraries/aws_backend.rb | 5 ++ libraries/aws_s3_storage_lens.rb | 40 ++++++++++++++++ libraries/aws_s3_storage_lenses.rb | 47 +++++++++++++++++++ .../verify/controls/aws_s3_storage_lens.rb | 0 .../verify/controls/aws_s3_storage_lenses.rb | 0 .../resources/aws_s3_storage_lens_test.rb | 43 +++++++++++++++++ .../resources/aws_s3_storage_lenses_test.rb | 0 9 files changed, 135 insertions(+) create mode 100644 docs/resources/aws_s3_storage_lens.md create mode 100644 docs/resources/aws_s3_storage_lenses.md create mode 100644 libraries/aws_s3_storage_lens.rb create mode 100644 libraries/aws_s3_storage_lenses.rb create mode 100644 test/integration/verify/controls/aws_s3_storage_lens.rb create mode 100644 test/integration/verify/controls/aws_s3_storage_lenses.rb create mode 100644 test/unit/resources/aws_s3_storage_lens_test.rb create mode 100644 test/unit/resources/aws_s3_storage_lenses_test.rb diff --git a/docs/resources/aws_s3_storage_lens.md b/docs/resources/aws_s3_storage_lens.md new file mode 100644 index 000000000..e69de29bb diff --git a/docs/resources/aws_s3_storage_lenses.md b/docs/resources/aws_s3_storage_lenses.md new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/aws_backend.rb b/libraries/aws_backend.rb index 7d5d009d4..67dc1a1f3 100644 --- a/libraries/aws_backend.rb +++ b/libraries/aws_backend.rb @@ -56,6 +56,7 @@ require 'aws-sdk-simpledb' require 'aws-sdk-emr' require 'aws-sdk-securityhub' +require 'aws-sdk-s3control' # AWS Inspec Backend Classes # @@ -316,6 +317,10 @@ def simpledb_client def emr_client aws_client(Aws::EMR::Client) end + + def storage_client + aws_client(Aws::S3Control::Client) + end end # Base class for AWS resources diff --git a/libraries/aws_s3_storage_lens.rb b/libraries/aws_s3_storage_lens.rb new file mode 100644 index 000000000..96a101ed4 --- /dev/null +++ b/libraries/aws_s3_storage_lens.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'aws_backend' + +class AWSS3StorageLens < AwsResourceBase + name 'aws_s3_storage_lens' + desc 'Retrieves information about a patch baseline.' + + example " + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + it { should exist } + end + " + + def initialize(opts = {}) + super(opts) + validate_parameters(required: %i(config_id account_id)) + raise ArgumentError, "#{@__resource_name__}: config_id must be provided" unless opts[:config_id] && !opts[:config_id].empty? + raise ArgumentError, "#{@__resource_name__}: account_id must be provided" unless opts[:account_id] && !opts[:account_id].empty? + @display_name = opts[:config_id] + catch_aws_errors do + resp = @aws.storage_client.get_storage_lens_configuration({ config_id: opts[:config_id], account_id: opts[:account_id] }) + @res = resp.storage_lens_configuration[0].to_h + create_resource_methods(@res) + end + end + + def config_id + return nil unless exists? + @res[:config_id] + end + + def exists? + !@res.nil? && !@res.empty? + end + + def to_s + "S3 Storage lens: #{@display_name}" + end +end diff --git a/libraries/aws_s3_storage_lenses.rb b/libraries/aws_s3_storage_lenses.rb new file mode 100644 index 000000000..bdbe731f8 --- /dev/null +++ b/libraries/aws_s3_storage_lenses.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'aws_backend' + +class AWSS3StorageLenses < AwsResourceBase + name 'aws_s3_storage_lenses' + desc 'Returns information about S3 Storage lens.' + + example " + describe aws_s3_storage_lenses(account_id: 'ACCOUNT_ID') do + it { should exist } + end + " + + attr_reader :table + + FilterTable.create + .register_column(:ids, field: :id) + .register_column(:storage_lens_arns, field: :storage_lens_arn) + .register_column(:home_regions, field: :home_region) + .register_column(:is_enabled, field: :is_enabled) + .install_filter_methods_on_resource(self, :table) + + def initialize(opts = {}) + super(opts) + validate_parameters(required: %i(account_id)) + @query_params = {} + raise ArgumentError, "#{@__resource_name__}: account_id must be provided" unless opts[:account_id] && !opts[:account_id].empty? + @query_params[:account_id] = opts[:account_id] + @table = fetch_data + end + + def fetch_data + catch_aws_errors do + @table = @aws.rds_client.describe_db_proxy_endpoints(@query_params).map do |table| + table.db_proxy_endpoints.map { |table_name| { + id: table_name.id, + storage_lens_arn: table_name.storage_lens_arn, + home_region: table_name.home_region, + is_enabled: table_name.is_enabled, + + } + } + end.flatten + end + end +end diff --git a/test/integration/verify/controls/aws_s3_storage_lens.rb b/test/integration/verify/controls/aws_s3_storage_lens.rb new file mode 100644 index 000000000..e69de29bb diff --git a/test/integration/verify/controls/aws_s3_storage_lenses.rb b/test/integration/verify/controls/aws_s3_storage_lenses.rb new file mode 100644 index 000000000..e69de29bb diff --git a/test/unit/resources/aws_s3_storage_lens_test.rb b/test/unit/resources/aws_s3_storage_lens_test.rb new file mode 100644 index 000000000..8bf827553 --- /dev/null +++ b/test/unit/resources/aws_s3_storage_lens_test.rb @@ -0,0 +1,43 @@ +require 'aws-sdk-core' + +class AWSS3StorageLensConstructorTest < Minitest::Test + + def test_empty_params_not_ok + assert_raises(ArgumentError) { AWSS3StorageLens.new(client_args: { stub_responses: true }) } + end + + def test_empty_param_arg_not_ok + assert_raises(ArgumentError) { AWSS3StorageLens.new(config_id: '', account_id: '', client_args: { stub_responses: true }) } + end + + def test_rejects_unrecognized_params + assert_raises(ArgumentError) { AWSS3StorageLens.new(unexpected: 9) } + end +end + +class AWSS3StorageLensSuccessPathTest < Minitest::Test + + def setup + data = {} + data[:method] = :get_storage_lens_configuration + mock_data = {} + mock_data[:id] = 'test1' + mock_data[:storage_lens_arn] = 'test1' + mock_data[:is_enabled] = 'test1' + data[:data] = { storage_lens_configuration: [mock_data] } + data[:client] = Aws::S3Outputs::Client + @resp = AWSS3StorageLens.new(config_id: 'test1', account_id: 'test1', client_args: { stub_responses: true }, stub_data: [data]) + end + + def test_db_proxy_endpoints_exist + assert @resp.exists? + end + + def test_id + assert_equal(@resp.account_id, 'test1') + end + + def test_storage_lens_arn + assert_equal(@resp.is_enabled, 'test1') + end +end diff --git a/test/unit/resources/aws_s3_storage_lenses_test.rb b/test/unit/resources/aws_s3_storage_lenses_test.rb new file mode 100644 index 000000000..e69de29bb From a3d9fe61d117c9662875ec2466d0c00c1701d4a3 Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Thu, 25 Nov 2021 13:11:42 +0530 Subject: [PATCH 02/14] Update libraries/aws_s3_storage_lenses.rb --- libraries/aws_s3_storage_lenses.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/aws_s3_storage_lenses.rb b/libraries/aws_s3_storage_lenses.rb index bdbe731f8..5c237a054 100644 --- a/libraries/aws_s3_storage_lenses.rb +++ b/libraries/aws_s3_storage_lenses.rb @@ -32,7 +32,7 @@ def initialize(opts = {}) def fetch_data catch_aws_errors do - @table = @aws.rds_client.describe_db_proxy_endpoints(@query_params).map do |table| + @table = @aws.storage_client.list_storage_lens_configurations(@query_params).map do |table| table.db_proxy_endpoints.map { |table_name| { id: table_name.id, storage_lens_arn: table_name.storage_lens_arn, From 1e5d5c36a095675e961f869252ad32124f56c74d Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Thu, 25 Nov 2021 13:12:03 +0530 Subject: [PATCH 03/14] Update libraries/aws_s3_storage_lenses.rb --- libraries/aws_s3_storage_lenses.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/libraries/aws_s3_storage_lenses.rb b/libraries/aws_s3_storage_lenses.rb index 5c237a054..eb490eac2 100644 --- a/libraries/aws_s3_storage_lenses.rb +++ b/libraries/aws_s3_storage_lenses.rb @@ -38,7 +38,6 @@ def fetch_data storage_lens_arn: table_name.storage_lens_arn, home_region: table_name.home_region, is_enabled: table_name.is_enabled, - } } end.flatten From 9ba11ada92c216ec22852938b4032567fb2bac0a Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar Date: Thu, 25 Nov 2021 13:37:49 +0530 Subject: [PATCH 04/14] updated Signed-off-by: Soumyodeep Karmakar --- docs/resources/aws_s3_storage_lens.md | 100 ++++++++++++++++++++++++ docs/resources/aws_s3_storage_lenses.md | 79 +++++++++++++++++++ libraries/aws_backend.rb | 2 +- libraries/aws_s3_storage_lens.rb | 6 +- libraries/aws_s3_storage_lenses.rb | 4 +- 5 files changed, 185 insertions(+), 6 deletions(-) diff --git a/docs/resources/aws_s3_storage_lens.md b/docs/resources/aws_s3_storage_lens.md index e69de29bb..28594b728 100644 --- a/docs/resources/aws_s3_storage_lens.md +++ b/docs/resources/aws_s3_storage_lens.md @@ -0,0 +1,100 @@ +--- +title: About the aws_s3_storage_lens Resource +platform: aws +--- + +# aws_rds_db_cluster_snapshot + +Use the `aws_s3_storage_lens` InSpec audit resource to test the properties of the singular resource of AWS S3 StorageLens. + +## Syntax + +Ensure that S3 storage lens exists. + + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + it { should exist } + end + +## Parameters + +`config_id` _(required)_ + +The ID of the Amazon S3 Storage Lens configuration. + +`account_id` _(required)_ + +The account ID of the requester. + +For additional information, see the [AWS documentation on AWS S3 StorageLens.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html). + +## Properties + +| Property | Description | +| :----------------------------: | :----------------------------------------------------------------------------------------: | +| id | A container for the Amazon S3 Storage Lens configuration ID. | +| account_level.activity_metrics.is_enabled | A container for whether the activity metrics are enabled. | +| account_level.bucket_level.activity_metrics.is_enabled | A container for whether the activity metrics are enabled. | +| account_level.bucket_level.prefix_level.storage_metrics.is_enabled | A container for whether prefix-level storage metrics are enabled. | +| account_level.bucket_level.prefix_level.storage_metrics.selection_criteria.delimiter | A container for the delimiter of the selection criteria being used. | +| account_level.bucket_level.prefix_level.storage_metrics.selection_criteria.max_depth | The max depth of the selection criteria. | +| account_level.bucket_level.prefix_level.storage_metrics.selection_criteria.min_storage_bytes_percentage | The minimum number of storage bytes percentage whose metrics will be selected. | +| include.buckets | A container for the S3 Storage Lens bucket includes. | +| include.regions | A container for the S3 Storage Lens Region includes. | +| exclude.buckets | A container for the S3 Storage Lens bucket excludes. | +| exclude.regions | A container for the S3 Storage Lens Region excludes. | +| data_export.s3_bucket_destination.format | The format of the s3 bucket destination. | +| data_export.s3_bucket_destination.output_schema_version | The schema version of the export file. | +| data_export.s3_bucket_destination.account_id | The account ID of the owner of the S3 Storage Lens metrics export bucket. | +| data_export.s3_bucket_destination.arn | The Amazon Resource Name (ARN) of the bucket. | +| data_export.s3_bucket_destination.prefix | The prefix of the destination bucket where the metrics export will be delivered. | +| data_export.s3_bucket_destination.encryption.ssekms.key_id | A container for the ARN of the SSE-KMS encryption. | +| data_export.cloud_watch_metrics.is_enabled | A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. | +| is_enabled | A container for whether the S3 Storage Lens configuration is enabled. | +| aws_org.arn | A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. | +| storage_lens_arn | The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. | + +## Examples + +### Ensure a config ID is `available`. + + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + its('id') { should eq 'CONFIG_ID' } + end + +### Ensure that the container is enabled. + + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + its('is_enabled') { should eq true } + end + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). + +The control passes if the `get` method returns at least one result. + +### exist + +Use `should` to test that the entity exists. + + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + it { should exist } + end + +Use `should_not` to test the entity does not exist. + + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + it { should_not exist } + end + +### be_available + +Use `should` to check if the entity is available. + + describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do + it { should be_available } + end + +## AWS Permissions + +Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3:Client:GetStorageLensConfigurationResult` action with `Effect` set to `Allow`. diff --git a/docs/resources/aws_s3_storage_lenses.md b/docs/resources/aws_s3_storage_lenses.md index e69de29bb..3dbced05e 100644 --- a/docs/resources/aws_s3_storage_lenses.md +++ b/docs/resources/aws_s3_storage_lenses.md @@ -0,0 +1,79 @@ +--- +title: About the aws_s3_storage_lenses Resource +platform: aws +--- + +# aws_rds_db_cluster_snapshot + +Use the `aws_s3_storage_lenses` InSpec audit resource to test the properties of the plural resource of AWS S3 StorageLens. + +## Syntax + +Ensure that S3 storage lens exists. + + describe aws_s3_storage_lenses(config_id: 'CONFIG_ID') do + it { should exist } + end + +## Parameters + +`config_id` _(required)_ + +The ID of the Amazon S3 Storage Lens configuration. + +For additional information, see the [AWS documentation on AWS S3 StorageLens.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html). + +## Properties + +| Property | Description | Fields | +| :----------------------------: | :----------------------------------------------------------------------------------------: | :----------------------------------------------------------------------------------------: | +| ids | A container for the S3 Storage Lens configuration ID. | id | +| storage_lens_arns | The ARN of the S3 Storage Lens configuration. This property is read-only. | storage_lens_arn | +| home_regions | A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region. | home_region | +| is_enabled | A container for whether the S3 Storage Lens configuration is enabled. | is_enabled | + +## Examples + +### Ensure a config ID is `available`. + + describe aws_s3_storage_lenses(config_id: 'CONFIG_ID') do + its('ids') { should include 'CONFIG_ID' } + end + +### Ensure that the container is enabled. + + describe aws_s3_storage_lenses(config_id: 'CONFIG_ID') do + its('is_enabled') { should include true } + end + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). + +The control passes if the `get` method returns at least one result. + +### exist + +Use `should` to test that the entity exists. + + describe aws_s3_storage_lenses(config_id: 'CONFIG_ID') do + it { should exist } + end + +Use `should_not` to test the entity does not exist. + + describe aws_s3_storage_lenses(config_id: 'CONFIG_ID') do + it { should_not exist } + end + +### be_available + +Use `should` to check if the entity is available. + + describe aws_s3_storage_lenses(config_id: 'CONFIG_ID') do + it { should be_available } + end + +## AWS Permissions + +Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3:Client:GetStorageLensConfigurationResult` action with `Effect` set to `Allow`. diff --git a/libraries/aws_backend.rb b/libraries/aws_backend.rb index 67dc1a1f3..d0332dc55 100644 --- a/libraries/aws_backend.rb +++ b/libraries/aws_backend.rb @@ -318,7 +318,7 @@ def emr_client aws_client(Aws::EMR::Client) end - def storage_client + def s3control_client aws_client(Aws::S3Control::Client) end end diff --git a/libraries/aws_s3_storage_lens.rb b/libraries/aws_s3_storage_lens.rb index 96a101ed4..c2dd06b6a 100644 --- a/libraries/aws_s3_storage_lens.rb +++ b/libraries/aws_s3_storage_lens.rb @@ -19,8 +19,8 @@ def initialize(opts = {}) raise ArgumentError, "#{@__resource_name__}: account_id must be provided" unless opts[:account_id] && !opts[:account_id].empty? @display_name = opts[:config_id] catch_aws_errors do - resp = @aws.storage_client.get_storage_lens_configuration({ config_id: opts[:config_id], account_id: opts[:account_id] }) - @res = resp.storage_lens_configuration[0].to_h + resp = @aws.s3control_client.get_storage_lens_configuration({ config_id: opts[:config_id], account_id: opts[:account_id] }) + @res = resp.storage_lens_configuration.to_h create_resource_methods(@res) end end @@ -35,6 +35,6 @@ def exists? end def to_s - "S3 Storage lens: #{@display_name}" + "S3 Storage Lens: #{@display_name}" end end diff --git a/libraries/aws_s3_storage_lenses.rb b/libraries/aws_s3_storage_lenses.rb index eb490eac2..074cab502 100644 --- a/libraries/aws_s3_storage_lenses.rb +++ b/libraries/aws_s3_storage_lenses.rb @@ -32,8 +32,8 @@ def initialize(opts = {}) def fetch_data catch_aws_errors do - @table = @aws.storage_client.list_storage_lens_configurations(@query_params).map do |table| - table.db_proxy_endpoints.map { |table_name| { + @table = @aws.s3control_client.list_storage_lens_configurations(@query_params).map do |table| + table.storage_lens_configuration_list.map { |table_name| { id: table_name.id, storage_lens_arn: table_name.storage_lens_arn, home_region: table_name.home_region, From 94336711a07710c90d8cbb9a2226e8c9096c27ba Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar Date: Thu, 25 Nov 2021 13:44:24 +0530 Subject: [PATCH 05/14] added unit tests Signed-off-by: Soumyodeep Karmakar --- .../resources/aws_s3_storage_lens_test.rb | 14 +++-- .../resources/aws_s3_storage_lenses_test.rb | 54 +++++++++++++++++++ 2 files changed, 64 insertions(+), 4 deletions(-) diff --git a/test/unit/resources/aws_s3_storage_lens_test.rb b/test/unit/resources/aws_s3_storage_lens_test.rb index 8bf827553..0ed1f88df 100644 --- a/test/unit/resources/aws_s3_storage_lens_test.rb +++ b/test/unit/resources/aws_s3_storage_lens_test.rb @@ -1,3 +1,5 @@ +require 'helper' +require 'aws_s3_storage_lens' require 'aws-sdk-core' class AWSS3StorageLensConstructorTest < Minitest::Test @@ -22,10 +24,10 @@ def setup data[:method] = :get_storage_lens_configuration mock_data = {} mock_data[:id] = 'test1' + mock_data[:is_enabled] = true mock_data[:storage_lens_arn] = 'test1' - mock_data[:is_enabled] = 'test1' data[:data] = { storage_lens_configuration: [mock_data] } - data[:client] = Aws::S3Outputs::Client + data[:client] = Aws::S3Control::Client @resp = AWSS3StorageLens.new(config_id: 'test1', account_id: 'test1', client_args: { stub_responses: true }, stub_data: [data]) end @@ -34,10 +36,14 @@ def test_db_proxy_endpoints_exist end def test_id - assert_equal(@resp.account_id, 'test1') + assert_equal(@resp.id, 'test1') + end + + def test_is_enabled + assert_equal(@resp.is_enabled, true) end def test_storage_lens_arn - assert_equal(@resp.is_enabled, 'test1') + assert_equal(@resp.storage_lens_arn, 'test1') end end diff --git a/test/unit/resources/aws_s3_storage_lenses_test.rb b/test/unit/resources/aws_s3_storage_lenses_test.rb index e69de29bb..946ad3790 100644 --- a/test/unit/resources/aws_s3_storage_lenses_test.rb +++ b/test/unit/resources/aws_s3_storage_lenses_test.rb @@ -0,0 +1,54 @@ +require 'helper' +require 'aws_s3_storage_lenses' +require 'aws-sdk-core' + +class AWSS3StorageLensesConstructorTest < Minitest::Test + + def test_empty_params_ok + AWSS3StorageLenses.new(account_id: 'test1', client_args: { stub_responses: true }) + end + + def test_rejects_other_args + assert_raises(ArgumentError) { AWSS3StorageLenses.new('rubbish') } + end + + def test_storage_lens_configuration_list_non_existing_for_empty_response + refute AWSS3StorageLenses.new(account_id: 'test1', client_args: { stub_responses: true }).exist? + end +end + +class AWSS3StorageLensesSuccessPathTest < Minitest::Test + + def setup + data = {} + data[:method] = :list_storage_lens_configurations + mock_data = {} + mock_data[:id] = 'test1' + mock_data[:storage_lens_arn] = 'test1' + mock_data[:home_region] = 'test1' + mock_data[:is_enabled] = true + data[:data] = { storage_lens_configuration_list: [mock_data] } + data[:client] = Aws::S3Control::Client + @resp = AWSS3StorageLenses.new(client_args: { stub_responses: true }, stub_data: [data]) + end + + def test_storage_lens_configuration_list_exists + assert @resp.exists? + end + + def test_ids + assert_equal(@resp.ids, ['test1']) + end + + def test_storage_lens_arns + assert_equal(@resp.storage_lens_arns, ['test1']) + end + + def test_home_regions + assert_equal(@resp.home_regions, ['test1']) + end + + def test_is_enabled + assert_equal(@resp.is_enabled, [true]) + end +end \ No newline at end of file From 3c9115598b81b24fa172c32c9b02c92a229fd440 Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar Date: Thu, 25 Nov 2021 13:53:33 +0530 Subject: [PATCH 06/14] updated unit tests Signed-off-by: Soumyodeep Karmakar --- test/unit/resources/aws_s3_storage_lens_test.rb | 7 +++++-- test/unit/resources/aws_s3_storage_lenses_test.rb | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/test/unit/resources/aws_s3_storage_lens_test.rb b/test/unit/resources/aws_s3_storage_lens_test.rb index 0ed1f88df..cb416fcd0 100644 --- a/test/unit/resources/aws_s3_storage_lens_test.rb +++ b/test/unit/resources/aws_s3_storage_lens_test.rb @@ -24,14 +24,17 @@ def setup data[:method] = :get_storage_lens_configuration mock_data = {} mock_data[:id] = 'test1' + mock_data[:account_level] = { + bucket_level: {} + } mock_data[:is_enabled] = true mock_data[:storage_lens_arn] = 'test1' - data[:data] = { storage_lens_configuration: [mock_data] } + data[:data] = { storage_lens_configuration: mock_data } data[:client] = Aws::S3Control::Client @resp = AWSS3StorageLens.new(config_id: 'test1', account_id: 'test1', client_args: { stub_responses: true }, stub_data: [data]) end - def test_db_proxy_endpoints_exist + def test_storage_lens_configuration_exist assert @resp.exists? end diff --git a/test/unit/resources/aws_s3_storage_lenses_test.rb b/test/unit/resources/aws_s3_storage_lenses_test.rb index 946ad3790..ebbd7630e 100644 --- a/test/unit/resources/aws_s3_storage_lenses_test.rb +++ b/test/unit/resources/aws_s3_storage_lenses_test.rb @@ -29,7 +29,7 @@ def setup mock_data[:is_enabled] = true data[:data] = { storage_lens_configuration_list: [mock_data] } data[:client] = Aws::S3Control::Client - @resp = AWSS3StorageLenses.new(client_args: { stub_responses: true }, stub_data: [data]) + @resp = AWSS3StorageLenses.new(account_id: 'test1', client_args: { stub_responses: true }, stub_data: [data]) end def test_storage_lens_configuration_list_exists From dfbb7b8083bcca38d437fb9cbd22ea29d670e7f2 Mon Sep 17 00:00:00 2001 From: NIRBHAY KUMAR <42607997+Nirbhay1997@users.noreply.github.com> Date: Fri, 26 Nov 2021 10:01:34 +0530 Subject: [PATCH 07/14] Delete aws_s3_storage_lenses.rb --- test/integration/verify/controls/aws_s3_storage_lenses.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test/integration/verify/controls/aws_s3_storage_lenses.rb diff --git a/test/integration/verify/controls/aws_s3_storage_lenses.rb b/test/integration/verify/controls/aws_s3_storage_lenses.rb deleted file mode 100644 index e69de29bb..000000000 From afc51689be34744b7e5ec4397e64460f47f54469 Mon Sep 17 00:00:00 2001 From: NIRBHAY KUMAR <42607997+Nirbhay1997@users.noreply.github.com> Date: Fri, 26 Nov 2021 10:01:42 +0530 Subject: [PATCH 08/14] Delete aws_s3_storage_lens.rb --- test/integration/verify/controls/aws_s3_storage_lens.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test/integration/verify/controls/aws_s3_storage_lens.rb diff --git a/test/integration/verify/controls/aws_s3_storage_lens.rb b/test/integration/verify/controls/aws_s3_storage_lens.rb deleted file mode 100644 index e69de29bb..000000000 From 59eec727b0c24df67313e7be63f1b813df484dc9 Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Sun, 5 Dec 2021 11:17:36 +0530 Subject: [PATCH 09/14] Update docs/resources/aws_s3_storage_lens.md --- docs/resources/aws_s3_storage_lens.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/aws_s3_storage_lens.md b/docs/resources/aws_s3_storage_lens.md index 28594b728..686266fc9 100644 --- a/docs/resources/aws_s3_storage_lens.md +++ b/docs/resources/aws_s3_storage_lens.md @@ -3,7 +3,7 @@ title: About the aws_s3_storage_lens Resource platform: aws --- -# aws_rds_db_cluster_snapshot +# aws_s3_storage_lens Use the `aws_s3_storage_lens` InSpec audit resource to test the properties of the singular resource of AWS S3 StorageLens. From 549d369256b5a62d3b98f7683e7b2ae483fb9d0b Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Sun, 5 Dec 2021 11:17:41 +0530 Subject: [PATCH 10/14] Update docs/resources/aws_s3_storage_lenses.md --- docs/resources/aws_s3_storage_lenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/aws_s3_storage_lenses.md b/docs/resources/aws_s3_storage_lenses.md index 3dbced05e..1cbb92d26 100644 --- a/docs/resources/aws_s3_storage_lenses.md +++ b/docs/resources/aws_s3_storage_lenses.md @@ -76,4 +76,4 @@ Use `should` to check if the entity is available. ## AWS Permissions -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3:Client:GetStorageLensConfigurationResult` action with `Effect` set to `Allow`. +Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3Control:Client:GetStorageLensConfigurationResult` action with `Effect` set to `Allow`. From 39cd33da4b908b802f6b5d85c96863a28a4954ce Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Sun, 5 Dec 2021 11:17:45 +0530 Subject: [PATCH 11/14] Update libraries/aws_s3_storage_lens.rb --- libraries/aws_s3_storage_lens.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/aws_s3_storage_lens.rb b/libraries/aws_s3_storage_lens.rb index c2dd06b6a..6d11c9cf1 100644 --- a/libraries/aws_s3_storage_lens.rb +++ b/libraries/aws_s3_storage_lens.rb @@ -4,7 +4,7 @@ class AWSS3StorageLens < AwsResourceBase name 'aws_s3_storage_lens' - desc 'Retrieves information about a patch baseline.' + desc 'Gets the Amazon S3 Storage Lens configuration.' example " describe aws_s3_storage_lens(config_id: 'CONFIG_ID', account_id: 'ACCOUNT_ID') do From 661a6a2df8b0d3fdccf91b7233f189cdb9a4b1b7 Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Sun, 5 Dec 2021 11:17:50 +0530 Subject: [PATCH 12/14] Update libraries/aws_s3_storage_lenses.rb --- libraries/aws_s3_storage_lenses.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/aws_s3_storage_lenses.rb b/libraries/aws_s3_storage_lenses.rb index 074cab502..a0d826e57 100644 --- a/libraries/aws_s3_storage_lenses.rb +++ b/libraries/aws_s3_storage_lenses.rb @@ -4,7 +4,7 @@ class AWSS3StorageLenses < AwsResourceBase name 'aws_s3_storage_lenses' - desc 'Returns information about S3 Storage lens.' + desc 'Gets a list of Amazon S3 Storage Lens configurations.' example " describe aws_s3_storage_lenses(account_id: 'ACCOUNT_ID') do From 0573bcbb1bff31cf27c560c05c111ed72888dce8 Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Sun, 5 Dec 2021 11:18:01 +0530 Subject: [PATCH 13/14] Update docs/resources/aws_s3_storage_lenses.md --- docs/resources/aws_s3_storage_lenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/aws_s3_storage_lenses.md b/docs/resources/aws_s3_storage_lenses.md index 1cbb92d26..9b9467639 100644 --- a/docs/resources/aws_s3_storage_lenses.md +++ b/docs/resources/aws_s3_storage_lenses.md @@ -3,7 +3,7 @@ title: About the aws_s3_storage_lenses Resource platform: aws --- -# aws_rds_db_cluster_snapshot +# aws_s3_storage_lenses Use the `aws_s3_storage_lenses` InSpec audit resource to test the properties of the plural resource of AWS S3 StorageLens. From 7e70ac556e39a77997c51904a9801723e0335b2c Mon Sep 17 00:00:00 2001 From: Soumyodeep Karmakar <63713087+soumyo13@users.noreply.github.com> Date: Sun, 5 Dec 2021 11:18:07 +0530 Subject: [PATCH 14/14] Update docs/resources/aws_s3_storage_lens.md --- docs/resources/aws_s3_storage_lens.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/aws_s3_storage_lens.md b/docs/resources/aws_s3_storage_lens.md index 686266fc9..7fdc86268 100644 --- a/docs/resources/aws_s3_storage_lens.md +++ b/docs/resources/aws_s3_storage_lens.md @@ -97,4 +97,4 @@ Use `should` to check if the entity is available. ## AWS Permissions -Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3:Client:GetStorageLensConfigurationResult` action with `Effect` set to `Allow`. +Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `S3Control:Client:GetStorageLensConfigurationResult` action with `Effect` set to `Allow`.