inspec · soumyo13 · Aug 29, 2021
@@ -0,0 +1,84 @@
+---
+title: About the aws_ec2_local_gateway_route Resource
+platform: aws
+---
+
+# aws_ec2_local_gateway_route
+
+Use the `aws_ec2_local_gateway_route` InSpec audit resource to test properties of a single specific AWS EC2 Local Gateway Route.
+
+The AWS::EC2::LocalGatewayRoute resource creates a static route for the specified local gateway route table..
+
+## Syntax
+
+Ensure that Local Gateway Route table id exists.
+
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      it { should exist }
+    end
+
+## Parameters
+
+`local_gateway_route_table_id` _(required)_
+
+| Property | Description |
+| --- | --- | --- |
+| local_gateway_route_table_id | The ID of the local gateway route table. |
+
+For additional information, see the [AWS documentation on AWS EC2 Local Gateway Route](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-localgatewayroute.html).
+
+## Properties
+
+| Property | Description | Field | 
+| --- | --- | --- |
+| destination_cidr_block | The CIDR block used for destination matches.| destination_cidr_block |
+| local_gateway_virtual_interface_group_id | The ID of the virtual interface group. | local_gateway_virtual_interface_group_id |
+| type | The route type. | type |
+| state | The state of the route. | state |
+| local_gateway_route_table_id | The ID of the local gateway route table. | local_gateway_route_table_id |
+| local_gateway_route_table_arn | The Amazon Resource Name (ARN) of the local gateway route table. | local_gateway_route_table_arn |
+| owner_id | The AWS account ID that owns the local gateway route. | owner_id |
+
+## Examples
+
+### Ensure a Local Gateway Route table Id is available.
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      its('local_gateway_route_table_id') { should eq 'LocalGatewayRoutetableId' }
+    end
+
+### Ensure a owner id is available.
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+        its('owner_id') { should eq '1234567890' }
+    end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+The controls will pass if the `search` method returns at least one result.
+
+### exist
+
+Use `should` to test that the entity exists.
+
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      it { should exist }
+    end
+
+Use `should_not` to test the entity does not exist.
+
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'dummy') do
+      it { should_not exist }
+    end
+
+### be_available
+
+Use `should` to check if the entity is available.
+
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      it { should be_available }
+    end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `EC2.Client.SearchLocalGatewayRoutesResult` action with `Effect` set to `Allow`.
@@ -0,0 +1,78 @@
+---
+title: About the aws_ec2_local_gateway_routes Resource
+platform: aws
+---
+
+# aws_ec2_local_gateway_routes
+
+Use the `aws_ec2_local_gateway_route` InSpec audit resource to test properties of a plural resource of AWS EC2 Local Gateway Route.
+
+The AWS::EC2::LocalGatewayRoute resource creates a static route for the specified local gateway route table..
+
+## Syntax
+
+Ensure that Local Gateway Route table id exists.
+
+    describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      it { should exist }
+    end
+
+
+## Parameters
+
+`local_gateway_route_table_id` _(required)_
+
+| Property | Description |
+| --- | --- | --- |
+| local_gateway_route_table_id | The ID of the local gateway route table. |
+
+For additional information, see the [AWS documentation on AWS EC2 Local Gateway Route](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-localgatewayroute.html).
+
+## Properties
+
+| Property | Description | Field | 
+| --- | --- | --- |
+| destination_cidr_blocks | The CIDR block used for destination matches.| destination_cidr_block |
+| local_gateway_virtual_interface_group_ids | The ID of the virtual interface group. | local_gateway_virtual_interface_group_id |
+| types | The route type. | type |
+| states | The state of the route. | state |
+| local_gateway_route_table_ids | The ID of the local gateway route table. | local_gateway_route_table_id |
+| local_gateway_route_table_arns | The Amazon Resource Name (ARN) of the local gateway route table. | local_gateway_route_table_arn |
+| owner_ids | The AWS account ID that owns the local gateway route. | owner_id |
+
+## Examples
+
+### Ensure a Local Gateway Route table Id is available.
+    describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      its('local_gateway_route_table_id') { should include 'LocalGatewayRoutetableId' }
+    end
+
+### Ensure a owner id is available.
+    describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+        its('owner_id') { should include '1234567890' }
+    end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+The controls will pass if the `search` method returns at least one result.
+
+### exist
+
+
+Use `should` to test that the entity exists.
+
+    describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      it { should exist }
+    end
+
+Use `should_not` to test the entity does not exist.
+
+    describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'dummy') do
+      it { should_not exist }
+    end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `EC2.Client.SearchLocalGatewayRoutesResult` action with `Effect` set to `Allow`.
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'aws_backend'
+
+class AWSEC2LocalGatewayRoute < AwsResourceBase
+  name 'aws_ec2_local_gateway_route'
+  desc 'Test the singular local gateway route.'
+
+  example "
+    describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'LocalGatewayRoutetableId') do
+      it { should exist }
+    end
+  "
+
+  def initialize(opts = {})
+    opts = { local_gateway_route_table_id: opts } if opts.is_a?(String)
+    super(opts)
+    validate_parameters(required: [:local_gateway_route_table_id])
+    raise ArgumentError, "#{@__resource_name__}: local_gateway_route_table_id must be provided" unless opts[:local_gateway_route_table_id] && !opts[:local_gateway_route_table_id].empty?
+    @display_name = opts[:local_gateway_route_table_id]
+    filter = { name: 'local-gateway-route-table-id', values: [opts[:local_gateway_route_table_id]] }
+    catch_aws_errors do
+      resp = @aws.compute_client.search_local_gateway_routes({ local_gateway_route_table_id: opts[:local_gateway_route_table_id], filters: [filter] })
+      @res = resp.routes[0].to_h
+      create_resource_methods(@res)
+    end
+  end
+
+  def local_gateway_route_table_id
+    return nil unless exists?
+    @res[:local_gateway_route_table_id]
+  end
+
+  def exists?
+    [email protected]? && [email protected]?
+  end
+
+  def to_s
+    "Local Gateway Route Table ID: #{@display_name}"
+  end
+end
@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'aws_backend'
+
+class AWSEC2LocalGatewayRoutes < AwsResourceBase
+  name 'aws_ec2_local_gateway_routes'
+  desc 'List all the local gateway routes.'
+
+  example "
+    describe aws_ec2_local_gateway_route do
+      it { should exist }
+    end
+  "
+
+  attr_reader :table
+
+  FilterTable.create
+             .register_column(:destination_cidr_blocks, field: :destination_cidr_block)
+             .register_column(:local_gateway_virtual_interface_group_ids, field: :local_gateway_virtual_interface_group_id)
+             .register_column(:types, field: :type)
+             .register_column(:states, field: :state)
+             .register_column(:local_gateway_route_table_ids, field: :local_gateway_route_table_id)
+             .register_column(:local_gateway_route_table_arns, field: :local_gateway_route_table_arn)
+             .register_column(:owner_ids, field: :owner_id)
+             .install_filter_methods_on_resource(self, :table)
+
+  def initialize(opts = {})
+    super(opts)
+    validate_parameters(required: %i(local_gateway_route_table_id))
+    raise ArgumentError, "#{@__resource_name__}: local_gateway_route_table_id must be provided" unless opts[:local_gateway_route_table_id] && !opts[:local_gateway_route_table_id].empty?
+    @table = fetch_data
+  end
+
+  def fetch_data
+    pagination_options = {}
+    rows = []
+    pagination_options[:max_results] = 100
+    pagination_options[:local_gateway_route_table_id] = opts[:local_gateway_route_table_id]
+    pagination_options[:filters] = [{ name: 'local-gateway-route-table-id', values: [opts[:local_gateway_route_table_id]] }]
+    loop do
+      catch_aws_errors do
+        @api_response = @aws.compute_client.search_local_gateway_routes(pagination_options)
+      end
+      return rows if !@api_response || @api_response.empty?
+      @api_response.routes.each do |resp|
+        rows += [{ destination_cidr_block: resp.destination_cidr_block,
+                   local_gateway_virtual_interface_group_id: resp.local_gateway_virtual_interface_group_id,
+                   type: resp.type,
+                   state: resp.state,
+                   local_gateway_route_table_id: resp.local_gateway_route_table_id,
+                   local_gateway_route_table_arn: resp.local_gateway_route_table_arn,
+                   owner_id: resp.owner_id }]
+      end
+      break unless @api_response.next_token
+      pagination_options[:next_token] = @api_response.next_token
+    end
+    rows
+  end
+end
@@ -0,0 +1,18 @@
+skip_control 'aws-ec2-local-gateway-route-1.0' do
+  impact 1.0
+  title 'Test a singular resource of the local gateway route.'
+
+  describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'rtb-07ad0ece8b2d6c914') do
+    it { should exist }
+  end
+
+  describe aws_ec2_local_gateway_route(local_gateway_route_table_id: 'rtb-07ad0ece8b2d6c914') do
+    its('destination_cidr_block') { should eq "" }
+    its('local_gateway_virtual_interface_group_id') { should eq "" }
+    its('type') { should eq "" }
+    its('state') { should eq "" }
+    its('local_gateway_route_table_id') { should eq "" }
+    its('local_gateway_route_table_arn') { should eq "" }
+    its('owner_id') { should eq "" }
+  end
+end
@@ -0,0 +1,18 @@
+skip_control 'aws-ec2-local-gateway-routes-1.0' do
+  impact 1.0
+  title 'Test a plural resource of the local gateway routes.'
+
+  describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'rtb-07ad0ece8b2d6c914') do
+    it { should exist }
+  end
+
+  describe aws_ec2_local_gateway_routes(local_gateway_route_table_id: 'rtb-07ad0ece8b2d6c914') do
+    its('destination_cidr_blocks') { should include "" }
+    its('local_gateway_virtual_interface_group_ids') { should include "" }
+    its('types') { should include "" }
+    its('states') { should include "" }
+    its('local_gateway_route_table_ids') { should include "" }
+    its('local_gateway_route_table_arns') { should include "" }
+    its('owner_ids') { should include "" }
+  end
+end
@@ -0,0 +1,64 @@
+require 'helper'
+require 'aws_ec2_local_gateway_route'
+require 'aws-sdk-core'
+
+class AWSEC2LocalGatewayRouteConstructorTest < Minitest::Test
+
+  def test_empty_params_not_ok
+    assert_raises(ArgumentError) { AWSEC2LocalGatewayRoute.new(client_args: { stub_responses: true }) }
+  end
+
+  def test_empty_param_arg_not_ok
+    assert_raises(ArgumentError) { AWSEC2LocalGatewayRoute.new(local_gateway_route_table_id: '', client_args: { stub_responses: true }) }
+  end
+
+  def test_rejects_unrecognized_params
+    assert_raises(ArgumentError) { AWSEC2LocalGatewayRoute.new(unexpected: 9) }
+  end
+end
+
+class AWSEC2LocalGatewayRouteSuccessPathTest < Minitest::Test
+
+  def setup
+    data = {}
+    data[:method] = :search_local_gateway_routes
+    mock_data = {}
+    mock_data[:destination_cidr_block] = 'test1'
+    mock_data[:local_gateway_virtual_interface_group_id] = 'test1'
+    mock_data[:state] = 'test1'
+    mock_data[:local_gateway_route_table_id] = 'test1'
+    mock_data[:local_gateway_route_table_arn] = 'test1'
+    mock_data[:owner_id] = 'test1'
+    data[:data] = { routes: [mock_data] }
+    data[:client] = Aws::EC2::Client
+    @resp = AWSEC2LocalGatewayRoute.new(local_gateway_route_table_id: 'test1', client_args: { stub_responses: true }, stub_data: [data])
+  end
+
+  def test_routes_exists
+    assert @resp.exists?
+  end
+
+  def test_destination_cidr_block
+    assert_equal(@resp.destination_cidr_block, 'test1')
+  end
+
+  def test_local_gateway_virtual_interface_group_id
+    assert_equal(@resp.local_gateway_virtual_interface_group_id, 'test1')
+  end
+
+  def test_state
+    assert_equal(@resp.state, 'test1')
+  end
+
+  def test_local_gateway_route_table_id
+    assert_equal(@resp.local_gateway_route_table_id, 'test1')
+  end
+
+  def test_local_gateway_route_table_arn
+    assert_equal(@resp.local_gateway_route_table_arn, 'test1')
+  end
+
+  def test_owner_id
+    assert_equal(@resp.owner_id, 'test1')
+  end
+end