diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md
index adf0d63e25..9979cd4da9 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/_index.md
@@ -45,6 +45,6 @@ InSpec to target applications and services running on AWS and Azure.
### Resources
-Chef InSpec has {{% inspec/inspec_count_resources %}} [resources](/inspec/resources/) ready to use--from Apache2 to ZFS pool.
+Chef InSpec nearly 500 [resources](/inspec/resources/) ready use--Apache2 to ZFS pool.
If you need a solution that we haven’t provided, you can write your own [custom
resource](/inspec/dsl_resource/).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md
index 227ec88d61..4fb073c5d1 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md
@@ -11,13 +11,11 @@ gh_repo = "inspec"
weight = 10
+++
-
-
-Use the InSpec Command Line Interface (CLI) to run tests and audits against targets using local, SSH, WinRM, or Docker connections.
+Use the InSpec CLI to run tests and audits against targets using local, SSH, WinRM, or Docker connections.
## archive
-Archive a profile to a tar file (default) or zip file.
+Archive a profile to tar.gz (default) or zip.
### Syntax
@@ -31,95 +29,65 @@ inspec archive PATH
This subcommand has the following additional options:
-
---airgap, --no-airgap- Fallback to using local archives if fetching fails.
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
-
---ignore-errors, --no-ignore-errors- Ignore profile warnings.
-
--o, --output=OUTPUT- Save the archive to a path.
-
---overwrite, --no-overwrite- Overwrite existing archive.
-
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
-
---tar, --no-tar- Generates a tar.gz archive.
-
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
-
---zip, --no-zip- Generates a zip archive.
-
-
-
-## check
-
-Verify the metadata in the `inspec.yml` file, verify that control blocks have the correct fields (title, description, impact), and define that all controls have visible tests and the controls are not using deprecated inspec dsl code
+* ``--airgap``, ``--no-airgap``
+ Fallback to using local archives if fetching fails.
+* ``--check``, ``--no-check``
+ Before running archive, run `inspec check`. Default: do not check.
+* ``--export``, ``--no-check``
+ Include an inspec.json file in the archive, the results of running `inspec export`.
+* ``--ignore-errors``, ``--no-ignore-errors``
+ Ignore profile warnings.
+* ``-o``, ``--output=OUTPUT``
+ Save the archive to a path.
+* ``--overwrite``, ``--no-overwrite``
+ Overwrite existing archive.
+* ``--profiles-path=PROFILES_PATH``
+ Folder which contains referenced profiles.
+* ``--tar``, ``--no-tar``
+ Generates a tar.gz archive.
+* ``--vendor-cache=VENDOR_CACHE``
+ Use the given path for caching dependencies, (default: `~/.inspec/cache`).
+* ``--zip``, ``--no-zip``
+ Generates a zip archive.
+
+## automate
+
+Communicate with Chef Automate.
### Syntax
This subcommand has the following syntax:
```bash
-inspec check PATH
+inspec automate SUBCOMMAND
```
-### Options
-
-This subcommand has the following additional options:
-
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
-
---format=FORMAT- The output format to use. Valid values: `json` and `doc`. Default value: `doc`.
-
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
-
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
-
---with-cookstyle, --no-with-cookstyle- Enable or disable cookstyle checks.
-
-
-
-## clear_cache
+## check
-Clears the inspec cache. useful for debugging.
+Verify the metadata in the inspec.yml file, verify that control blocks have the correct fields (title, description, impact) defined, that all controls have visible tests, and that controls are not using deprecated InSpec DSL code.
### Syntax
This subcommand has the following syntax:
```bash
-inspec clear_cache
+inspec check PATH
```
### Options
This subcommand has the following additional options:
-
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: `~/.inspec/cache`).
-
-
+* ``--format=FORMAT``
+ The output format to use. Valid values: `json` and `doc`. Default value: `doc`.
+* ``--profiles-path=PROFILES_PATH``
+ Folder which contains referenced profiles.
+* ``--vendor-cache=VENDOR_CACHE``
+ Use the given path for caching dependencies, (default: `~/.inspec/cache`).
## detect
-Detects the target os.
+Detect the target OS.
### Syntax
@@ -133,124 +101,72 @@ inspec detect
This subcommand has the following additional options:
-
--b, --backend=BACKEND- Choose a backend: local, ssh, winrm, docker.
-
---bastion-host=BASTION_HOST- Specifies the bastion host if applicable.
-
---bastion-port=BASTION_PORT- Specifies the bastion port if applicable.
-
---bastion-user=BASTION_USER- Specifies the bastion user if applicable.
-
---ca-trust-file=CA_TRUST_FILE- Specify CA certificate required for SSL authentication (WinRM).
-
---client-cert=CLIENT_CERT- Specify client certificate for SSL authentication
-
---client-key=CLIENT_KEY- Specify client key required with client cert for SSL authentication
-
---client-key-pass=CLIENT_KEY_PASS- Specify client cert password, if required for SSL authentication
-
---config=CONFIG- Read configuration from JSON file (`-` reads from stdin).
-
---docker-url=DOCKER_URL- Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
-
---enable-password=ENABLE_PASSWORD- Password for enable mode on Cisco IOS devices.
-
---format=FORMAT--host=HOST- Specify a remote host which is tested.
-
---insecure, --no-insecure- Disable SSL verification on select targets.
-
--i, --key-files=one two three- Login key or certificate file for a remote scan.
-
---password=PASSWORD- Login password for a remote scan, if required.
-
---path=PATH- Login path to use when connecting to the target (WinRM).
-
---podman-url=PODMAN_URL- Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
-
--p, --port=N- Specify the login port for a remote scan.
-
---proxy-command=PROXY_COMMAND- Specifies the command to use to connect to the server.
-
---self-signed, --no-self-signed- Allow remote scans with self-signed certificates (WinRM).
-
---shell, --no-shell- Run scans in a subshell. Only activates on Unix.
-
---shell-command=SHELL_COMMAND- Specify a particular shell to use.
-
---shell-options=SHELL_OPTIONS- Additional shell options.
-
---ssh-config-file=one two three- A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config.
-
---ssl, --no-ssl- Use SSL for transport layer encryption (WinRM).
-
---ssl-peer-fingerprint=SSL_PEER_FINGERPRINT- Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
-
---sudo, --no-sudo- Run scans with sudo. Only activates on Unix and non-root user.
-
---sudo-command=SUDO_COMMAND- Alternate command for sudo.
-
---sudo-options=SUDO_OPTIONS- Additional sudo options for a remote scan.
-
---sudo-password=SUDO_PASSWORD- Specify a sudo password, if it is required.
-
--t, --target=TARGET- Simple targeting option using URIs, e.g. ssh://user:pass@host:port
-
---target-id=TARGET_ID- Provide an ID which will be included on reports - deprecated
-
---user=USER- The login user for a remote scan.
-
---winrm-basic-auth-only, --no-winrm-basic-auth-only- Whether to use basic authentication, defaults to false (WinRM).
-
---winrm-disable-sspi, --no-winrm-disable-sspi- Whether to use disable sspi authentication, defaults to false (WinRM).
-
---winrm-shell-type=WINRM_SHELL_TYPE- Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
-
---winrm-transport=WINRM_TRANSPORT- Specify which transport to use, defaults to negotiate (WinRM).
-
-
+* ``-b``, ``--backend=BACKEND``
+ Choose a backend: local, ssh, winrm, docker.
+* ``--bastion-host=BASTION_HOST``
+ Specifies the bastion host if applicable.
+* ``--bastion-port=BASTION_PORT``
+ Specifies the bastion port if applicable.
+* ``--bastion-user=BASTION_USER``
+ Specifies the bastion user if applicable.
+* ``--config=CONFIG``
+ Read configuration from JSON file (`-` reads from stdin).
+* ``--docker-url``
+ Provides path to Docker API endpoint (Docker).
+* ``--enable-password=ENABLE_PASSWORD``
+ Password for enable mode on Cisco IOS devices.
+* ``--format=FORMAT``
+
+* ``--host=HOST``
+ Specify a remote host which is tested.
+* ``--insecure``, ``--no-insecure``
+ Disable SSL verification on select targets.
+* ``-i``, ``--key-files=one two three``
+ Login key or certificate file for a remote scan.
+* ``--password=PASSWORD``
+ Login password for a remote scan, if required.
+* ``--path=PATH``
+ Login path to use when connecting to the target (WinRM).
+* ``-p``, ``--port=N``
+ Specify the login port for a remote scan.
+* ``--proxy-command=PROXY_COMMAND``
+ Specifies the command to use to connect to the server.
+* ``--self-signed``, ``--no-self-signed``
+ Allow remote scans with self-signed certificates (WinRM).
+* ``--shell``, ``--no-shell``
+ Run scans in a subshell. Only activates on Unix.
+* ``--shell-command=SHELL_COMMAND``
+ Specify a particular shell to use.
+* ``--shell-options=SHELL_OPTIONS``
+ Additional shell options.
+* ``--ssl``, ``--no-ssl``
+ Use SSL for transport layer encryption (WinRM).
+* ``--sudo``, ``--no-sudo``
+ Run scans with sudo. Only activates on Unix and non-root user.
+* ``--sudo-command=SUDO_COMMAND``
+ Alternate command for sudo.
+* ``--sudo-options=SUDO_OPTIONS``
+ Additional sudo options for a remote scan.
+* ``--sudo-password=SUDO_PASSWORD``
+ Specify a sudo password, if it is required.
+* ``-t``, ``--target=TARGET``
+ Simple targeting option using URIs, e.g. ssh://user:pass@host:port.
+* ``--target-id=TARGET_ID``
+ Provide a ID which will be included on reports.
+* ``--user=USER``
+ The login user for a remote scan.
+* ``--winrm-basic-auth-only``, ``--no-winrm-basic-auth-only``
+ Whether to use basic authentication, defaults to false (WinRM).
+* ``--winrm-disable-sspi``, ``--no-winrm-disable-sspi``
+ Whether to use disable sspi authentication, defaults to false (WinRM).
+* ``--winrm-transport=WINRM_TRANSPORT``
+ Specify which transport to use, defaults to negotiate (WinRM).
+* ``--winrm-shell-type=WINRM_SHELL_TYPE``
+ Specify which shell type to use (powershell,elevated or cmd), defaults to powershell (WinRM).
## env
-Outputs shell-appropriate completion configuration.
+Output shell-appropriate completion configuration.
### Syntax
@@ -264,341 +180,243 @@ inspec env
Run all test files at the specified locations.
-The subcommand loads the given profiles, fetches their dependencies if needed, then connects to the target and executes any controls in the profiles.
-One or more reporters are used to generate the output.
-```
-Exit codes:
- 0 Normal exit, all tests passed
- 1 Usage or general error
- 2 Error in plugin system
- 3 Fatal deprecation encountered
- 100 Normal exit, at least one test failed
- 101 Normal exit, at least one test skipped but none failed
- 172 Chef License not accepted
+The subcommand loads the given profiles, fetches their dependencies if needed, then connects to the target and executes any controls contained in the profiles. One or more reporters are used to generate the output.
+
+```ruby
+exit codes:
+ 0 normal exit, all tests passed
+ 1 usage or general error
+ 2 error in plugin system
+ 3 fatal deprecation encountered
+ 100 normal exit, at least one test failed
+ 101 normal exit, at least one test skipped but none failed
+ 172 chef license not accepted
```
-Below are some examples of using `exec` with different test LOCATIONS:
+Below are some examples of using `exec` with different test locations:
Chef Automate:
- ```
- inspec automate login
- inspec exec compliance://username/linux-baseline
- ```
- `inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way:
- ```
- inspec compliance login
- ```
-
-Chef Supermarket:
- ```
- inspec exec supermarket://username/linux-baseline
- ```
-
-Local profile (executes all tests in `controls/`):
- ```
- inspec exec /path/to/profile
- ```
-
-Local single test (doesn't allow inputs or custom resources)
- ```
- inspec exec /path/to/a_test.rb
- ```
-
-Git via SSH
- ```
- inspec exec git@github.com:dev-sec/linux-baseline.git
- ```
-
-Git via HTTPS (.git suffix is required):
- ```
- inspec exec https://github.com/dev-sec/linux-baseline.git
- ```
-Private Git via HTTPS (.git suffix is required):
- ```
- inspec exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
- ```
-
-Private Git via HTTPS and cached credentials (.git suffix is required):
- ```
- git config credential.helper cache
- git ls-remote https://github.com/dev-sec/linux-baseline.git
- inspec exec https://github.com/dev-sec/linux-baseline.git
- ```
-
-Web hosted file (also supports .zip):
- ```
- inspec exec https://webserver/linux-baseline.tar.gz
- ```
-
-Web hosted file with basic authentication (supports .zip):
- ```
- inspec exec https://username:password@webserver/linux-baseline.tar.gz
- ```
-
-
-### Syntax
-
-This subcommand has the following syntax:
-
-```bash
-inspec exec LOCATIONS
+```ruby
+inspec automate login
+inspec exec compliance://username/linux-baseline
```
-### Options
-
-This subcommand has the following additional options:
-
-
---attrs=one two three- Legacy name for --input-file - deprecated.
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
-
--b, --backend=BACKEND- Choose a backend: local, ssh, winrm, docker.
-
---backend-cache, --no-backend-cache- Allow caching for backend command output. (default: true).
-
---bastion-host=BASTION_HOST- Specifies the bastion host if applicable.
-
---bastion-port=BASTION_PORT- Specifies the bastion port if applicable.
-
---bastion-user=BASTION_USER- Specifies the bastion user if applicable.
-
---ca-trust-file=CA_TRUST_FILE- Specify CA certificate required for SSL authentication (WinRM).
-
---client-cert=CLIENT_CERT- Specify client certificate for SSL authentication
-
---client-key=CLIENT_KEY- Specify client key required with client cert for SSL authentication
-
---client-key-pass=CLIENT_KEY_PASS- Specify client cert password, if required for SSL authentication
-
---command-timeout=N- Maximum seconds to allow commands to run during execution.
-
---config=CONFIG- Read configuration from JSON file (`-` reads from stdin).
-
---controls=one two three- A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests.
-
---create-lockfile, --no-create-lockfile- Write out a lockfile based on this execution (unless one already exists)
-
---diff, --no-diff- Use --no-diff to suppress 'diff' output of failed textual test results.
-
---distinct-exit, --no-distinct-exit- Exit with code 101 if any tests fail, and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures.
-
---docker-url=DOCKER_URL- Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
-
---enable-password=ENABLE_PASSWORD- Password for enable mode on Cisco IOS devices.
-
---enhanced-outcomes, --no-enhanced-outcomes- Show enhanced outcomes in output
-
---filter-empty-profiles, --no-filter-empty-profiles- Filter empty profiles (profiles without controls) from the report.
-
---filter-waived-controls, --no-filter-waived-controls- Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores the `run` setting of the waiver file.
-
---host=HOST- Specify a remote host which is tested.
-
---input=name1=value1 name2=value2- Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures.
-
---input-file=one two three- Load one or more input files, a YAML file with values for the profile to use.
-
---insecure, --no-insecure- Disable SSL verification on select targets.
-
--i, --key-files=one two three- Login key or certificate file for a remote scan.
+`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way:
---password=PASSWORD- Login password for a remote scan, if required.
-
---path=PATH- Login path to use when connecting to the target (WinRM).
-
---podman-url=PODMAN_URL- Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
-
--p, --port=N- Specify the login port for a remote scan.
-
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
-
---proxy-command=PROXY_COMMAND- Specifies the command to use to connect to the server.
-
---reporter=one two:/output/file/path- Enable one or more output reporters: cli, documentation, html, progress, progress-bar, json, json-min, json-rspec, junit, yaml
-
---reporter-backtrace-inclusion, --no-reporter-backtrace-inclusion- Include a code backtrace in report data (default: true)
-
---reporter-include-source, --no-reporter-include-source- Include full source code of controls in the CLI report
-
---reporter-message-truncation=REPORTER_MESSAGE_TRUNCATION- Number of characters to truncate failure messages and code_desc in report data to (default: no truncation)
-
---retain-waiver-data, --no-retain-waiver-data- EXPERIMENTAL: Only works in conjunction with --filter-waived-controls, retains waiver data about controls that were skipped
-
---self-signed, --no-self-signed- Allow remote scans with self-signed certificates (WinRM).
-
---shell, --no-shell- Run scans in a subshell. Only activates on Unix.
-
---shell-command=SHELL_COMMAND- Specify a particular shell to use.
-
---shell-options=SHELL_OPTIONS- Additional shell options.
-
---show-progress, --no-show-progress- Show progress while executing tests.
-
---silence-deprecations=all|GROUP GROUP...- Suppress deprecation warnings. See install_dir/etc/deprecations.json for a list of GROUPs or use 'all'.
-
---sort-results-by=--sort-results-by=none|control|file|random- After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode.
-
---ssh-config-file=one two three- A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config.
-
---ssl, --no-ssl- Use SSL for transport layer encryption (WinRM).
-
---ssl-peer-fingerprint=SSL_PEER_FINGERPRINT- Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
+```ruby
+inspec compliance login
+```
---sudo, --no-sudo- Run scans with sudo. Only activates on Unix and non-root user.
+Chef Supermarket:
---sudo-command=SUDO_COMMAND- Alternate command for sudo.
+```ruby
+inspec exec supermarket://username/linux-baseline
+inspec exec supermarket://username/linux-baseline --supermarket_url="https://privatesupermarket.example.com"
+```
---sudo-options=SUDO_OPTIONS- Additional sudo options for a remote scan.
+Local profile (executes all tests in `controls/`):
---sudo-password=SUDO_PASSWORD- Specify a sudo password, if it is required.
+```ruby
+inspec exec /path/to/profile
+```
---supermarket-url=SUPERMARKET_URL- Specify the URL of a private Chef Supermarket.
+Local single test (doesn't allow inputs or custom resources):
---tags=one two three- A list of tags names that are part of controls to filter and run controls, or a list of /regexes/ to match against tags names of controls. Ignore all other tests.
+```ruby
+inspec exec /path/to/a_test.rb
+```
--t, --target=TARGET- Simple targeting option using URIs, e.g. ssh://user:pass@host:port
+Git via SSH:
---target-id=TARGET_ID- Provide an ID which will be included on reports - deprecated
+```ruby
+inspec exec git@github.com:dev-sec/linux-baseline.git
+```
---user=USER- The login user for a remote scan.
+Git via HTTPS (.git suffix is required):
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+```ruby
+inspec exec https://github.com/dev-sec/linux-baseline.git
+```
---waiver-file=one two three- Load one or more waiver files.
+Private Git via HTTPS (.git suffix is required):
---winrm-basic-auth-only, --no-winrm-basic-auth-only- Whether to use basic authentication, defaults to false (WinRM).
+```ruby
+inspec exec https://api_token@github.com/dev-sec/linux-baseline.git
+```
---winrm-disable-sspi, --no-winrm-disable-sspi- Whether to use disable sspi authentication, defaults to false (WinRM).
+Private Git via HTTPS and cached credentials (.git suffix is required):
---winrm-shell-type=WINRM_SHELL_TYPE- Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
+```bash
+git config credential.helper cache
+git ls-remote https://github.com/dev-sec/linux-baseline.git
+inspec exec https://github.com/dev-sec/linux-baseline.git
+```
---winrm-transport=WINRM_TRANSPORT- Specify which transport to use, defaults to negotiate (WinRM).
+Web-hosted file (also supports .zip):
-
+```bash
+inspec exec https://webserver/linux-baseline.tar.gz
+```
-## export
+Web-hosted file with basic authentication (supports .zip):
-Read the profile in path and generate a summary in the given format.
+```bash
+inspec exec https://username:password@webserver/linux-baseline.tar.gz
+```
### Syntax
This subcommand has the following syntax:
```bash
-inspec export PATH
+inspec exec LOCATIONS
```
### Options
This subcommand has the following additional options:
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
+* ``--attrs=one two three``
+ Legacy name for --input-file - deprecated.
+* ``-b``, ``--backend=BACKEND``
+ Choose a backend: local, ssh, winrm, docker.
+* ``--backend-cache``, ``--no-backend-cache``
+ Allow caching for backend command output. (default: true).
+* ``--bastion-host=BASTION_HOST``
+ Specifies the bastion host if applicable.
+* ``--bastion-port=BASTION_PORT``
+ Specifies the bastion port if applicable.
+* ``--bastion-user=BASTION_USER``
+ Specifies the bastion user if applicable.
+* ``--command-timeout=SECONDS``
+ Maximum seconds to allow a command to run.
+* ``--config=CONFIG``
+ Read configuration from JSON file (`-` reads from stdin).
+* ``--controls=one two three``
+ A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests.
+* ``--create-lockfile``, ``--no-create-lockfile``
+ Write out a lockfile based on this execution (unless one already exists).
+* ``--distinct-exit``, ``--no-distinct-exit``
+ Exit with code 101 if any tests fail, and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures.
+* ``--docker-url``
+ Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
+* ``--enable-password=ENABLE_PASSWORD``
+ Password for enable mode on Cisco IOS devices.
+* ``--filter-empty-profiles``, ``--no-filter-empty-profiles``
+ Filter empty profiles (profiles without controls) from the report.
+* ``--filter-waived-controls``
+ Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores `run` setting of waiver file.
+* ``--host=HOST``
+ Specify a remote host which is tested.
+* ``--input=name1=value1 name2=value2``
+ Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures.
+* ``--input-file=one two three``
+ Load one or more input files, a YAML file with values for the profile to use.
+* ``--insecure``, ``--no-insecure``
+ Disable SSL verification on select targets.
+* ``-i``, ``--key-files=one two three``
+ Login key or certificate file for a remote scan.
+* ``--password=PASSWORD``
+ Login password for a remote scan, if required.
+* ``--path=PATH``
+ Login path to use when connecting to the target (WinRM).
+* ``-p``, ``--port=N``
+ Specify the login port for a remote scan.
+* ``--profiles-path=PROFILES_PATH``
+ Folder which contains referenced profiles.
+* ``--proxy-command=PROXY_COMMAND``
+ Specifies the command to use to connect to the server.
+* ``--reporter=one two:/output/file/path``
+ Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml.
+* ``--reporter-backtrace-inclusion``, ``--no-reporter-backtrace-inclusion``
+ Include a code backtrace in report data (default: true).
+* ``--reporter-include-source``
+ Include full source code of controls in the CLI report.
+* ``--reporter-message-truncation=REPORTER_MESSAGE_TRUNCATION``
+ Number of characters to truncate failure messages in report data to (default: no truncation).
+* ``--self-signed``, ``--no-self-signed``
+ Allow remote scans with self-signed certificates (WinRM).
+* ``--shell``, ``--no-shell``
+ Run scans in a subshell. Only activates on Unix.
+* ``--shell-command=SHELL_COMMAND``
+ Specify a particular shell to use.
+* ``--shell-options=SHELL_OPTIONS``
+ Additional shell options.
+* ``--show-progress``, ``--no-show-progress``
+ Show progress while executing tests.
+* ``--silence-deprecations=all|GROUP GROUP...``
+ Suppress deprecation warnings. See install_dir/etc/deprecations.json for list of GROUPs or use 'all'.
+* ``--ssh-config-file=one two three``
+ A list of paths to the SSH configuration file, for example: `~/.ssh/config` or `/etc/ssh/ssh_config`.
+* ``--ssl``, ``--no-ssl``
+ Use SSL for transport layer encryption (WinRM).
+* ``--sudo``, ``--no-sudo``
+ Run scans with sudo. Only activates on Unix and non-root user.
+* ``--sudo-command=SUDO_COMMAND``
+ Alternate command for sudo.
+* ``--sudo-options=SUDO_OPTIONS``
+ Additional sudo options for a remote scan.
+* ``--sudo-password=SUDO_PASSWORD``
+ Specify a sudo password, if it is required.
+* ``-t``, ``--target=TARGET``
+ Simple targeting option using URIs, e.g. ssh://user:pass@host:port.
+* ``--target-id=TARGET_ID``
+ Provide a ID which will be included on reports.
+* ``--tags=one two three``
+ A list of tags or a list of regular expressions that match tags. `exec` will run controls referenced by the listed or matching tags.
+* ``--user=USER``
+ The login user for a remote scan.
+* ``--vendor-cache=VENDOR_CACHE``
+ Use the given path for caching dependencies. (default: `~/.inspec/cache`).
+* ``--waiver-file=one two three``
+ Load one or more waiver files.
+* ``--winrm-basic-auth-only``, ``--no-winrm-basic-auth-only``
+ Whether to use basic authentication, defaults to false (WinRM).
+* ``--winrm-disable-sspi``, ``--no-winrm-disable-sspi``
+ Whether to use disable sspi authentication, defaults to false (WinRM).
+* ``--winrm-transport=WINRM_TRANSPORT``
+ Specify which transport to use, defaults to negotiate (WinRM).
+
+## habitat
+
+Create a Chef Habitat package.
---controls=one two three- For --what=profile, a list of controls to include. Ignore all other tests.
+### Syntax
---format=FORMAT- The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'.
+This subcommand has the following syntax:
--o, --output=OUTPUT- Save the created output to a path.
+```bash
+inspec habitat SUBCOMMAND
+```
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
+## help
---tags=one two three- For --what=profile, a list of tags to filter controls and include only those. Ignore all other tests.
+Describe available commands or one specific command.
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+### Syntax
---what=WHAT- What to export: profile (default), readme, metadata.
+This subcommand has the following syntax:
-
+```bash
+inspec help [COMMAND]
+```
-## help
+## init
-Describe available commands or one specific command
+Scaffold a new project.
### Syntax
This subcommand has the following syntax:
```bash
-inspec help [COMMAND]
+inspec init TEMPLATE
```
## json
-Read all tests in the path and generate a json summary.
+Read all tests in path and generate a json summary.
### Syntax
@@ -612,42 +430,44 @@ inspec json PATH
This subcommand has the following additional options:
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
+* ``--controls=one two three``
+ A list of controls to include. Ignore all other tests.
+* ``-o``, ``--output=OUTPUT``
+ Save the created profile to a path.
+* ``--profiles-path=PROFILES_PATH``
+ Folder which contains referenced profiles.
+* ``--tags=one two three``
+ A list of tags that reference certain controls. Other controls are ignored.
+* ``--vendor-cache=VENDOR_CACHE``
+ Use the given path for caching dependencies. (default: `~/.inspec/cache`).
---controls=one two three- A list of controls to include. Ignore all other tests.
+## nothing
--o, --output=OUTPUT- Save the created profile to a path.
+Does nothing.
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
-
---tags=one two three- A list of tags to filter controls and include only those. Ignore all other tests.
+### Syntax
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+This subcommand has the following syntax:
-
+```bash
+inspec nothing
+```
-## run_context
+## plugin
-Used to test run-context detection
+Install and manage [Chef InSpec plugins](/inspec/plugins/).
### Syntax
This subcommand has the following syntax:
```bash
-inspec run_context
+inspec plugin SUBCOMMAND
```
## schema
-Print the json schema
+Print the json schema.
### Syntax
@@ -657,16 +477,6 @@ This subcommand has the following syntax:
inspec schema NAME
```
-### Options
-
-This subcommand has the following additional options:
-
-
---enhanced-outcomes, --no-enhanced-outcomes- Show enhanced outcomes output
-
-
-
## shell
Open an interactive debugging shell.
@@ -683,150 +493,82 @@ inspec shell
This subcommand has the following additional options:
-
--b, --backend=BACKEND- Choose a backend: local, ssh, winrm, docker.
-
---bastion-host=BASTION_HOST- Specifies the bastion host if applicable.
-
---bastion-port=BASTION_PORT- Specifies the bastion port if applicable.
-
---bastion-user=BASTION_USER- Specifies the bastion user if applicable.
-
---ca-trust-file=CA_TRUST_FILE- Specify CA certificate required for SSL authentication (WinRM).
-
---client-cert=CLIENT_CERT- Specify client certificate for SSL authentication
-
---client-key=CLIENT_KEY- Specify client key required with client cert for SSL authentication
-
---client-key-pass=CLIENT_KEY_PASS- Specify client cert password, if required for SSL authentication
-
--c, --command=COMMAND- A single command string to run instead of launching the shell
-
---command-timeout=N- Maximum seconds to allow a command to run.
-
---config=CONFIG- Read configuration from JSON file (`-` reads from stdin).
-
---depends=one two three- A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell
-
---distinct-exit, --no-distinct-exit- Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default). If disabled, exit 0 on skips and 1 for failures.
-
---docker-url=DOCKER_URL- Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
-
---enable-password=ENABLE_PASSWORD- Password for enable mode on Cisco IOS devices.
-
---enhanced-outcomes, --no-enhanced-outcomes- Show enhanced outcomes in output
-
---host=HOST- Specify a remote host which is tested.
-
---input=name1=value1 name2=value2- Specify one or more inputs directly on the command line to the shell, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures.
-
---input-file=one two three- Load one or more input files, a YAML file with values for the shell to use
-
---insecure, --no-insecure- Disable SSL verification on select targets.
-
---inspect, --no-inspect- Use verbose/debugging output for resources.
-
--i, --key-files=one two three- Login key or certificate file for a remote scan.
-
---password=PASSWORD- Login password for a remote scan, if required.
-
---path=PATH- Login path to use when connecting to the target (WinRM).
-
---podman-url=PODMAN_URL- Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
-
--p, --port=N- Specify the login port for a remote scan.
-
---proxy-command=PROXY_COMMAND- Specifies the command to use to connect to the server.
-
---reporter=one two:/output/file/path- Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit
-
---self-signed, --no-self-signed- Allow remote scans with self-signed certificates (WinRM).
-
---shell, --no-shell- Run scans in a subshell. Only activates on Unix.
-
---shell-command=SHELL_COMMAND- Specify a particular shell to use.
-
---shell-options=SHELL_OPTIONS- Additional shell options.
-
---ssh-config-file=one two three- A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config.
-
---ssl, --no-ssl- Use SSL for transport layer encryption (WinRM).
-
---ssl-peer-fingerprint=SSL_PEER_FINGERPRINT- Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
-
---sudo, --no-sudo- Run scans with sudo. Only activates on Unix and non-root user.
-
---sudo-command=SUDO_COMMAND- Alternate command for sudo.
-
---sudo-options=SUDO_OPTIONS- Additional sudo options for a remote scan.
-
---sudo-password=SUDO_PASSWORD- Specify a sudo password, if it is required.
-
--t, --target=TARGET- Simple targeting option using URIs, e.g. ssh://user:pass@host:port
-
---target-id=TARGET_ID- Provide an ID which will be included on reports - deprecated
-
---user=USER- The login user for a remote scan.
-
---winrm-basic-auth-only, --no-winrm-basic-auth-only- Whether to use basic authentication, defaults to false (WinRM).
-
---winrm-disable-sspi, --no-winrm-disable-sspi- Whether to use disable sspi authentication, defaults to false (WinRM).
-
---winrm-shell-type=WINRM_SHELL_TYPE- Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
-
---winrm-transport=WINRM_TRANSPORT- Specify which transport to use, defaults to negotiate (WinRM).
-
-
+* ``-b``, ``--backend=BACKEND``
+ Choose a backend: local, ssh, winrm, docker.
+* ``--bastion-host=BASTION_HOST``
+ Specifies the bastion host if applicable.
+* ``--bastion-port=BASTION_PORT``
+ Specifies the bastion port if applicable.
+* ``--bastion-user=BASTION_USER``
+ Specifies the bastion user if applicable.
+* ``-c``, ``--command=COMMAND``
+ A single command string to run instead of launching the shell.
+* ``--command-timeout=SECONDS``
+ Maximum seconds to allow a command to run.
+* ``--config=CONFIG``
+ Read configuration from JSON file (`-` reads from stdin).
+* ``--depends=one two three``
+ A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell.
+* ``--distinct-exit``, ``--no-distinct-exit``
+ Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default). If disabled, exit 0 on skips and 1 for failures.
+* ``--docker-url``
+ Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
+* ``--enable-password=ENABLE_PASSWORD``
+ Password for enable mode on Cisco IOS devices.
+* ``--host=HOST``
+ Specify a remote host which is tested.
+* ``--insecure``, ``--no-insecure``
+ Disable SSL verification on select targets.
+* ``--inspect``, ``--no-inspect``
+ Use verbose/debugging output for resources.
+* ``-i``, ``--key-files=one two three``
+ Login key or certificate file for a remote scan.
+* ``--password=PASSWORD``
+ Login password for a remote scan, if required.
+* ``--path=PATH``
+ Login path to use when connecting to the target (WinRM).
+* ``-p``, ``--port=N``
+ Specify the login port for a remote scan.
+* ``--proxy-command=PROXY_COMMAND``
+ Specifies the command to use to connect to the server.
+* ``--reporter=one two:/output/file/path``
+ Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit.
+* ``--self-signed``, ``--no-self-signed``
+ Allow remote scans with self-signed certificates (WinRM).
+* ``--shell``, ``--no-shell``
+ Run scans in a subshell. Only activates on Unix.
+* ``--shell-command=SHELL_COMMAND``
+ Specify a particular shell to use.
+* ``--shell-options=SHELL_OPTIONS``
+ Additional shell options.
+* ``--ssh-config-file=one two three``
+ A list of paths to the SSH configuration file, for example: `~/.ssh/config` or `/etc/ssh/ssh_config`.
+* ``--ssl``, ``--no-ssl``
+ Use SSL for transport layer encryption (WinRM).
+* ``--sudo``, ``--no-sudo``
+ Run scans with sudo. Only activates on Unix and non-root user.
+* ``--sudo-command=SUDO_COMMAND``
+ Alternate command for sudo.
+* ``--sudo-options=SUDO_OPTIONS``
+ Additional sudo options for a remote scan.
+* ``--sudo-password=SUDO_PASSWORD``
+ Specify a sudo password, if it is required.
+* ``-t``, ``--target=TARGET``
+ Simple targeting option using URIs, e.g. ssh://user:pass@host:port.
+* ``--target-id=TARGET_ID``
+ Provide a ID which will be included on reports.
+* ``--user=USER``
+ The login user for a remote scan.
+* ``--winrm-basic-auth-only``, ``--no-winrm-basic-auth-only``
+ Whether to use basic authentication, defaults to false (WinRM).
+* ``--winrm-disable-sspi``, ``--no-winrm-disable-sspi``
+ Whether to use disable sspi authentication, defaults to false (WinRM).
+* ``--winrm-transport=WINRM_TRANSPORT``
+ Specify which transport to use, defaults to negotiate (WinRM).
## supermarket
-Supermarket commands
+Supermarket commands.
### Syntax
@@ -836,9 +578,17 @@ This subcommand has the following syntax:
inspec supermarket SUBCOMMAND ...
```
+### Options
+
+This subcommand has additional options:
+
+* ``--supermarket_url``
+ Specify the URL of a private Chef Supermarket.
+
+
## vendor
-Download all dependencies and generate a lockfile in a `vendor` directory
+Download all dependencies and generate a lockfile in a `vendor` directory.
### Syntax
@@ -850,13 +600,10 @@ inspec vendor PATH
### Options
-This subcommand has the following additional options:
-
-
---overwrite, --no-overwrite- Overwrite existing vendored dependencies and lockfile.
+This subcommand has additional options:
-
+* ``--overwrite``, ``--no-overwrite``
+ Overwrite existing vendored dependencies and lockfile.
## version
@@ -874,7 +621,4 @@ inspec version
This subcommand has the following additional options:
-
---format=FORMAT
-
+* ``--format=FORMAT``
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md
index 557a63b395..d89804a169 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_inspec.md
@@ -15,7 +15,7 @@ Chef InSpec is a run-time framework and rule language used to specify compliance
security, and policy requirements. It includes a collection of resources that help
you write auditing controls quickly and easily. The syntax used by both open source
and [Chef compliance](/compliance/) auditing is the same. The open source [Chef InSpec resource](/inspec/resources/)
-framework is compatible with [Chef compliance](https://docs.chef.io/chef_compliance_phase/).
+framework is compatible with [Chef compliance](/compliance/).
The Chef InSpec Language is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.
@@ -249,7 +249,6 @@ end
```
This example checks for if certain pip packages are installed, but only if '/root/.aws' exists:
-
```ruby
control 'pip-packages-installed' do
title 'Check if essential pips are installed'
@@ -270,37 +269,14 @@ certain controls, which would 100% fail due to the way servers are prepared, but
you know that the same control suites are reused later in different circumstances
by different teams.
-This example checks whether the Gnome Desktop is installed. If not installed, it resets the impact of the control to the new value which is passed as a hash with the impact key.
-
-Here, it resets it to 0:
-
-```ruby
-control 'gnome-destkop-settings' do
- impact 0.5
- desc 'some good settings'
- desc 'check', 'check the settings file for good things'
- desc 'fix', 'set the good things in the file /etc/gnome/settings'
- tag nist: 'CM-6'
-
- only_if("The Gnome Desktop is not installed, this control is Not Applicable", impact: 0) {
- package('gnome-desktop').installed?
- }
-
- describe gnome_settings do
- it should_be set_well
- end
-end
-```
-
Some notes about `only_if`:
-* `only_if` applies to the entire `control`. If the results of the `only_if`
+- `only_if` applies to the entire `control`. If the results of the `only_if`
block evaluate to false, any Chef InSpec resources mentioned as part of a
`describe` block will not be run. Additionally, the contents of the describe
blocks will not be run. However, bare Ruby expressions and bare Chef InSpec
resources (not assocated with a describe block) preceding the only_if statement
will run
-* `only_if` also accepts hash with impact key to reset the impact value of the control. Control's impact is helpful in determining it is enhanced outcome.
To illustrate:
@@ -325,53 +301,6 @@ end
end
```
-### Use **only_applicable_if** to test controls for applicability
-
-The `only_applicable_if` block allows to test if a control is applicable or not. In this example, the control with `only_applicable_if` block checks the condition and marks the control as not applicable (N/A) if the results of the `only_applicable_if` block evaluates to `false`.
-
-If **gnome-desktop** is not installed, the following control to test gnome settings marks control as **not applicable**.
-
-```ruby
-control 'gnome-destkop-settings' do
- impact 0.5
- desc 'some good settings'
- desc 'check', 'check the settings file for good things'
- desc 'fix', 'set the good things in the file /etc/gnome/settings'
- tag nist: 'CM-6'
-
- only_applicable_if("The Gnome Desktop is not installed, this control is Not Applicable") {
- package('gnome-desktop').installed?
- }
-
- describe gnome_settings do
- it should_be set_well
- end
-end
-```
-
-Run output:
-
-```bash
-inspec exec path/to/audit-gnome-settings-profile --enhanced-outcomes
-
-Profile: InSpec Profile (audit-gnome-settings-profile)
-Version: 0.1.0
-Target: local://
-Target ID: fa3923b9-f806-4cc2-960d-1ddefb4c7654
-
- N/A gnome-destkop-settings: No-op
- × No-op
- N/A control due to only_applicable_if condition: The Gnome Desktop is not installed, this control is Not Applicable
-
-Profile Summary: 0 successful controls, 0 control failure, 0 controls not reviewed, 1 controls not applicable, 0 controls have error
-Test Summary: 0 successful, 1 failures, 0 skipped
-```
-
-Some notes about `only_applicable_if`:
-
-* `only_applicable_if` applies to the entire `control`. If the results of the `only_applicable_if` block evaluates to `false`, any Chef InSpec resources mentioned as part of a `describe` block will not be run. Additionally, the contents of the describe blocks will not be run.
-* If the results of the `only_applicable_if` block evaluates to `false`, it will invoke a failing test which will state the reason for N/A.
-
### Additional metadata for controls
The following example illustrates various ways to add tags and references to `control`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md
index b54eca8d48..f5f9a5cf61 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/dsl_resource.md
@@ -54,17 +54,6 @@ The following methods are available to the resource:
- inspec - Contains a registry of all other resources to interact with the operating system or target in general.
- skip_resource - A resource may call this method to indicate that requirements aren't met. All tests that use this resource will be marked as skipped.
-The additional methods may be defined within the resource:
-
-- resource_id - An instance method. Place logic here to determine the unique identifier for a resource, and set it using the superclass method. Following is an example of its usage in an InSpec test:
-
-```
- # example_config resource can have unique conf file path as an identifier.
- describe example_config do
- its("resource_id") { should eq PATH_OF_CONF_FILE }
- end
-```
-
The following example shows a full resource using attributes and methods
to provide simple access to a configuration file:
@@ -99,11 +88,6 @@ class ExampleConfig < Inspec.resource(1)
@params[name]
end
- def resource_id
- value = example_method_to_determine_resource_id # define logic to determine resource_id value
- super(value)
- end
-
private
def read_content
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md
index 5fd2003dcd..b8709ddc88 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/matchers.md
@@ -11,22 +11,28 @@ gh_repo = "inspec"
weight = 40
+++
-Chef InSpec uses **matchers**, a testing framework based on [RSpec](https://rspec.info/), to help compare resource values to expectations. The following matchers are available:
+Chef InSpec uses matchers to help compare resource values to expectations.
+The following matchers are available:
-- [`be`](#be) - makes numeric comparisons.
-- [`be_in`](#be_in) - looks for the property value in a list.
-- [`cmp`](#cmp) - checks the equality (general-use).
-- [`eq`](#eq) - checks the type-specific equality.
-- [`include`](#include) - looks for an expected value in a list-valued property.
-- [`match`](#match) - looks for patterns in text using regular expressions.
+You may also use any matcher provided by [RSpec::Expectations](https://relishapp.com/rspec/rspec-expectations/docs),
+but those matchers are outside of InSpec's [scope of support](/inspec/inspec_and_friends/#rspec).
-You can use any matcher provided by [RSpec::Expectations](https://relishapp.com/rspec/rspec-expectations/docs); however, these matchers are not [supported by InSpec](/inspec/inspec_and_friends/#rspec).
+The following InSpec-supported universal matchers are available:
-See [Test Expectations with Chef InSpec](https://learn.chef.io/courses/course-v1:chef+Inspec101+Perpetual/about) on Learn Chef to learn more about Chef InSpec's built-in matchers.
+- [`be`](#be) - make numeric comparisons
+- [`be_in`](#be_in) - look for the property value in a list
+- [`cmp`](#cmp) - general-use equality (try this first)
+- [`eq`](#eq) - type-specific equality
+- [`include`](#include) - look for an expected value in a list-valued property
+- [`match`](#match) - look for patterns in text using regular expressions
+
+See [Explore Chef InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/)
+on Learn Chef Rally to learn more about InSpec's built-in matchers.
## be
-Use the `be` matcher with comparison operators, and use numbers and not strings for these comparisons. For example:
+This matcher can be followed by many different comparison operators.
+Always make sure to use numbers, not strings, for these comparisons.
```ruby
describe file('/proc/cpuinfo') do
@@ -35,21 +41,12 @@ describe file('/proc/cpuinfo') do
end
```
-## be_in
-
-`be_in` verifies if an item is included in a list. For example:
-
-```ruby
-describe resource do
- its('item') { should be_in LIST }
-end
-```
-
## cmp
-Unlike [`eq`](#eq), `cmp` makes less restrictive comparisons. It tries to fit the actual value to the type you are comparing. This matcher is meant to relieve the user from having to write type casts and resolutions.
-
-Examples:
+Unlike `eq`, `cmp` is a matcher for less-restrictive comparisons. It will
+try to fit the actual value to the type you are comparing it to. This is
+meant to relieve the user from having to write type-casts and
+resolutions.
```ruby
describe sshd_config do
@@ -61,69 +58,69 @@ describe passwd.uid(0) do
end
```
-The `cmp` matcher compares values in the following ways:
+`cmp` behaves in the following way:
-- `cmp` can compare strings to numbers:
+- Compare strings to numbers
- ```ruby
- describe sshd_config do
- # Only '2' works
- its('Protocol') { should eq '2' }
+```ruby
+describe sshd_config do
+ # Only `'2'` works
+ its('Protocol') { should eq '2' }
- # Both of these work
- its('Protocol') { should cmp '2' }
- its('Protocol') { should cmp 2 }
- end
- ```
+ # Both of these work
+ its('Protocol') { should cmp '2' }
+ its('Protocol') { should cmp 2 }
+end
+```
-- `cmp` comparisons are not case sensitive:
+- String comparisons are not case-sensitive
- ```ruby
- describe auditd_conf do
- its('log_format') { should cmp 'raw' }
- its('log_format') { should cmp 'RAW' }
- end
- ```
+```ruby
+describe auditd_conf do
+ its('log_format') { should cmp 'raw' }
+ its('log_format') { should cmp 'RAW' }
+end
+```
-- `cmp` recognizes versions embedded in strings:
+- Recognize versions embedded in strings
- ```ruby
- describe package('curl') do
- its('version') { should cmp > '7.35.0-1ubuntu2.10' }
- end
- ```
+```ruby
+describe package('curl') do
+ its('version') { should cmp > '7.35.0-1ubuntu2.10' }
+end
+```
-- `cmp` can compare a single-value array with a string to a value:
+- Compare arrays with only one entry to a value
- ```ruby
- describe passwd.uids(0) do
- its('users') { should cmp 'root' }
- its('users') { should cmp ['root'] }
- end
- ```
+```ruby
+describe passwd.uids(0) do
+ its('users') { should cmp 'root' }
+ its('users') { should cmp ['root'] }
+end
+```
-- `cmp` can compare a single-value array with a string to a regular expression:
+- Single-value arrays of strings may also be compared to a regex
- ```ruby
- describe auditd_conf do
- its('log_format') { should cmp /raw/i }
- end
- ```
+```ruby
+describe auditd_conf do
+ its('log_format') { should cmp /raw/i }
+end
+```
-- `cmp` allows octal comparisons:
+- Improved printing of octal comparisons
- ```ruby
- describe file('/proc/cpuinfo') do
- its('mode') { should cmp '0345' }
- end
+```ruby
+describe file('/proc/cpuinfo') do
+ its('mode') { should cmp '0345' }
+end
- expected: 0345
- got: 0444
- ```
+expected: 0345
+got: 0444
+```
## eq
-`eq` tests for exact equality of two values. For example:
+Test for exact equality of two values.
```ruby
describe sshd_config do
@@ -132,21 +129,21 @@ describe sshd_config do
end
```
-`eq` fails if types do not match. When comparing configuration entries that take numerical values, do not use quotes as it becomes a string.
+`eq` fails if types don't match. Please keep this in mind, when comparing
+configuration entries that are numbers:
```ruby
-its('Port') { should eq '22' }
-# passes
+its('Port') { should eq '22' } # ok
its('Port') { should eq 22 }
-# fails: '2' != 2 (string vs integer)
+# fails: '2' != 2 (string vs int)
```
-Use [`cmp`](#cmp) for less restrictive comparisons.
+For less restrictive comparisons, please use `cmp`.
## include
-`include` verifies if a value is included in a list. For example:
+Verifies if a value is included in a list.
```ruby
describe passwd do
@@ -154,9 +151,19 @@ describe passwd do
end
```
+## be_in
+
+Verifies that an item is included in a list.
+
+```ruby
+describe resource do
+ its('item') { should be_in LIST }
+end
+```
+
## match
-`match` checks if a string matches a regular expression. For example:
+Check if a string matches a regular expression.
```ruby
describe sshd_config do
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md
index dc3a1b13ef..cfcc431eff 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/platforms.md
@@ -11,25 +11,34 @@ gh_repo = "inspec"
weight = 30
+++
-As of Chef InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS, Azure, GCP, and AliCloud resources.
+As of Chef InSpec 2.0, we have expanded our platform support beyond individual
+machines and now include support for select AWS and Azure resources.
-Using InSpec, you can use several Chef InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
+Using InSpec, you can use several Chef InSpec resources to audit properties of
+your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
## AWS Platform Support in InSpec
### Setting up AWS credentials for InSpec
-Chef InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
-
-1. Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
-
-1. On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual Chef InSpec resources to identify which permissions are required.
+Chef InSpec uses the standard AWS authentication mechanisms. Typically, you will
+create an IAM user specifically for auditing activities.
+1. Create an IAM user in the AWS console, with your choice of username. Check the
+ box marked "Programmatic Access."
+1. On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM
+ Profile named "ReadOnlyAccess." If you wish to restrict the user further, you
+ may do so; see individual Chef InSpec resources to identify which permissions
+ are required.
1. After generating the key, record the Access Key ID and Secret Key.
#### Using Environment Variables to provide credentials
-You may provide the credentials to Chef InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
+You may provide the credentials to Chef InSpec by setting the following environment
+variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY`. You may
+also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the
+[AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)
+for details.
Once you have your environment variables set, you can verify your credentials by running:
@@ -44,7 +53,9 @@ Release: aws-sdk-v2.10.125
#### Using the Chef InSpec target option to provide credentials on AWS
-Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
+Look for a file in your home directory named `~/.aws/credentials`. If it does not
+exist, create it. Choose a name for your profile; here, we're using the name
+'auditing'. Add your credentials as a new profile, in INI format:
```bash
[auditing]
@@ -52,9 +63,11 @@ aws_access_key_id = AKIA....
aws_secret_access_key = 1234....abcd
```
-You may now run Chef InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
+You may now run Chef InSpec using the `--target` / `-t` option, using the format
+`-t aws://region/profile`. For example, to connect to the Ohio region using a
+profile named 'auditing', use `-t aws://us-east-2/auditing`.
-To verify your credentials, run:
+To verify your credentials, run
```bash
$ inspec detect -t aws://
@@ -65,11 +78,13 @@ Families: cloud, api
Release: aws-sdk-v2.10.125
```
+
## Azure Platform Support in InSpec
### Setting up Azure credentials for InSpec
-To use Chef InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
+To use Chef InSpec Azure resources, you will need to create a Service Principal
+Name (SPN) for auditing an Azure subscription.
This can be done on the command line or from the Azure Portal:
@@ -77,11 +92,13 @@ This can be done on the command line or from the Azure Portal:
- [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
- [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
-The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using Chef InSpec target URIs.
+The information from the SPN can be specified either in the file
+`~/.azure/credentials`, as environment variables, or by using Chef InSpec target URIs.
#### Setting up the Azure Credentials File
-By default, Chef InSpec is configured to look at `~/.azure/credentials`, and it should contain:
+By default, Chef InSpec is configured to look at `~/.azure/credentials`, and it
+should contain:
```powershell
[]
@@ -93,7 +110,6 @@ tenant_id = ""
{{< note >}}
In the Azure web portal, these values are labeled differently:
-
- The client_id is referred to as the 'Application ID'
- The client_secret is referred to as the 'Key (Password Type)'
- The tenant_id is referred to as the 'Directory ID'
@@ -132,31 +148,20 @@ If you have created a `~/.azure/credentials` file as above, you may also use the
inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3
```
-## AliCloud Platform Support in InSpec
-
-You will need to install AliCloud SDK version 0.8.0 and require AliCloud credentials to use the Chef InSpec AliCloud resources.
-
-### Setting up AliCloud credentials for InSpec
-
-You can configure AliCloud credentials in an [.envrc file](https://github.com/inspec/inspec-alicloud#:~:text=shell.%20(See%20example-,.envrc%20file,-)) or export them in your shell.
-
-```bash
-# Example configuration
-export ALICLOUD_ACCESS_KEY="anaccesskey"
-export ALICLOUD_SECRET_KEY="asecretkey"
-export ALICLOUD_REGION="eu-west-1"
-```
-
## GCP Platform Support in InSpec
### Setting up GCP credentials for InSpec
-To use Chef InSpec GCP resources, you will need to install and configure the Google Cloud SDK. Instructions for this pre-requisite can be found in the
-[Google CLoud SDK documentation](https://cloud.google.com/sdk/docs/). Be sure that your InSpec installation is the latest version. The minimal required InSpec version is 3.0.25.
+To use Chef InSpec GCP resources, you will need to install and configure the Google
+Cloud SDK. Instructions for this pre-requisite can be found in the
+[Google CLoud SDK documentation](https://cloud.google.com/sdk/docs/). Be sure
+that your InSpec installation is the latest version. The minimal required InSpec
+version is 3.0.25.
-### Create an InSpec profile that makes use of `inspec-gcp`
+### Create an InSpec profile that makes use of `inspec-gcp`.
-With a version of InSpec above 4.0.0, it is possible to create a profile with the following command:
+With a version of InSpec above 4.0.0, it is possible to create a profile with the
+following command:
```bash
$ inspec init profile --platform gcp my-profile
@@ -170,7 +175,8 @@ Create new profile at /Users/me/my-profile
* Creating file libraries/.gitkeep
```
-Assuming the `inputs.yml` file contains your GCP project ID, this sample profile can then be executed using the following command:
+Assuming the `inputs.yml` file contains your GCP project ID, this sample
+profile can then be executed using the following command:
```bash
inspec exec my-profile --input-file=my-profile/inputs.yml -t gcp://
@@ -178,15 +184,21 @@ inspec exec my-profile --input-file=my-profile/inputs.yml -t gcp://
#### Setting up the GCP Credentials File
-While InSpec can use user accounts for authentication, [Google Cloud documentation](https://cloud.google.com/docs/authentication/) recommends using service accounts. Following GCP best practices, first create a service account with the scopes appropriate for your needs. See [these instructions](https://cloud.google.com/docs/authentication/getting-started) on creating a service account.
+While InSpec can use user accounts for authentication,
+[Google Cloud documentation](https://cloud.google.com/docs/authentication/)
+recommends using service accounts. Following GCP best practices, first create a
+service account with the scopes appropriate for your needs. See
+[these instructions](https://cloud.google.com/docs/authentication/getting-started)
+on creating a service account.
-Then, download the credential JSON file, e.g. `project-credentials.json`, to your workspace and run the following command to activate your service account:
+Then, download the credential JSON file, e.g. `project-credentials.json`, to your
+workspace and run the following command to activate your service account:
```bash
gcloud auth activate-service-account --key-file project-credentials.json
```
-#### Using Environment variables for providing credentials
+#### Using Environment variables to provide credentials
You may also set the GCP credentials json file via the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles.md
index fbad75d9f9..02f50a20f0 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/profiles.md
@@ -19,7 +19,7 @@ is a standalone structure with its own distribution and execution flow.
A profile should have the following structure:
-```yaml
+```YAML
examples/profile
├── README.md
├── controls
@@ -63,11 +63,10 @@ Each profile must have an `inspec.yml` file that defines the following informati
- Use `supports` to specify a list of supported platform targets.
- Use `depends` to define a list of profiles on which this profile depends.
- Use `inputs` to define a list of inputs you can use in your controls.
-- Use `gem_dependencies` to specify a list of profile gem dependencies that is required to be installed for the profile to function correctly.
`name` is required; all other profile settings are optional. For example:
-```yaml
+```YAML
name: ssh
title: Basic SSH
maintainer: Chef Software, Inc.
@@ -81,15 +80,12 @@ supports:
depends:
- name: profile
path: ../path/to/profile
-gem_dependencies:
- - name: "gem-name"
- version: ">= 2.0.0"
inspec_version: "~> 2.1"
```
The `inspec.yml` also supports embedded ERB in the file. For example:
-```yaml
+```YAML
name: dummy
title: InSpec Profile
maintainer: The Authors
@@ -130,7 +126,7 @@ platforms. The new families can restrict the platform family to `os`, `aws`, `az
For example, to target anything running Debian Linux, use:
-```yaml
+```YAML
name: ssh
supports:
- platform-name: debian
@@ -138,7 +134,7 @@ supports:
To target only Ubuntu version 20.04, use:
-```yaml
+```YAML
name: ssh
supports:
- platform-name: ubuntu
@@ -147,7 +143,7 @@ supports:
To target the entire release of Ubuntu version 20.x, use:
-```yaml
+```YAML
name: ssh
supports:
- platform-name: ubuntu
@@ -156,7 +152,7 @@ supports:
To target the Red Hat and derivative platforms such as CentOS and Oracle Linux, use:
-```yaml
+```YAML
name: ssh
supports:
- platform-family: redhat
@@ -164,7 +160,7 @@ supports:
To target the entire Windows 2019 platform family, including Datacenter and Core Servers, use:
-```yaml
+```YAML
name: ssh
supports:
- platform-name: windows_server_2019*
@@ -172,7 +168,7 @@ supports:
To target anything running on Amazon AWS, use:
-```yaml
+```YAML
name: ssh
supports:
- platform: aws
@@ -180,7 +176,7 @@ supports:
To target all of these examples in a single `inspec.yml` file, use:
-```yaml
+```YAML
name: ssh
supports:
- platform-name: debian
@@ -206,7 +202,7 @@ needs to be specified in the including profile’s `inspec.yml` file in the `dep
section. For each profile to be included, a location for the profile from where
to be fetched and a name for the profile should be included. For example:
-```yaml
+```YAML
depends:
- name: linux-baseline
url: https://github.com/dev-sec/linux-baseline/archive/master.tar.gz
@@ -221,7 +217,7 @@ Chef InSpec supports a number of dependency sources.
The `path` setting defines a profile that is located on disk. This setting is
typically used during development of profiles and when debugging profiles.
-```yaml
+```YAML
depends:
- name: my-profile
path: /absolute/path
@@ -235,17 +231,17 @@ The `url` setting specifies a profile that is located at an HTTP- or HTTPS-based
URL. The profile must be accessible via a HTTP GET operation and must be a valid
profile archive (zip, tar, or tar.gz format).
-```yaml
+```YAML
depends:
- name: my-profile
url: https://my.domain/path/to/profile.tgz
- name: profile-via-git
- url: https://github.com/username/myprofile-repo/archive/master.tar.gz
+ url: https://github.com/myusername/myprofile-repo/archive/master.tar.gz
```
`url` also supports basic authentication.
-```yaml
+```YAML
depends:
- name: my-profile
url: https://my.domain/path/to/profile.tgz
@@ -260,7 +256,7 @@ optional settings for branch, tag, commit, version, and relative_path. The sourc
location is translated into a URL upon resolution. This type of dependency supports
version constraints via semantic versioning as git tags.
-```yaml
+```YAML
depends:
- name: git-profile
git: http://url/to/repo
@@ -278,7 +274,7 @@ on Chef Supermarket. The source location is translated into a URL upon resolutio
For example:
-```yaml
+```YAML
depends:
- name: supermarket-profile
supermarket: supermarket-username/supermarket-profile
@@ -293,22 +289,11 @@ or Chef Compliance server.
For example:
-```yaml
+```YAML
depends:
- name: linux
compliance: base/linux
```
-## Gem Dependencies
-
-Any profile with ruby gem dependencies that need to be installed can be specified using the `gem_dependencies` settings in the `inspec.yml` metadata file.
-
-For example, if you required any ruby library in a custom resource that needs a specific gem to be installed, then you can specify those gems in the metadata file. Chef InSpec will prompt to install the gems to `~/.inspec/gems` when you run your profile the first time. To skip the prompt and automatically install, pass the `--auto-install-gems` option to `inspec exec`.
-
-```yaml
-gem_dependencies:
- - name: "mongo"
- version: ">= 2.3.12"
-```
## Vendoring Dependencies
@@ -404,44 +389,6 @@ As with the prior example, only `baseline-2` and `baseline-4` are executed, but
if `baseline-2` fails, it will report with an impact of `0.5` instead of the
originally-intended `1.0` impact.
-## Including or Selecting controls from a profile with same name and different version.
-
-When an inspec profile has dependency on another profile to it's specific version, then the controls can be included or selected by using profile name with version separated by `-`.
-
-Here, the Profile - A has following dependency:
-
-```yaml
-name: profile-a
-depends:
- - name: ssh
- git: https://github.com/dev-sec/ssh-baseline.git
- tag: 2.6.0
-```
-
-And Profile - B has following dependency:
-
-```yaml
-name: profile-b
-depends:
- - name: ssh
- git: https://github.com/dev-sec/ssh-baseline.git
- tag: 2.7.0
-```
-
-Controls of these profiles can be included or required in a profile in a following manner:
-
-```ruby
-include_controls "ssh-2.6.0"
-include_controls "ssh-2.7.0"
-```
-
-OR
-
-```ruby
-require_controls "ssh-2.6.0"
-require_controls "ssh-2.7.0"
-```
-
## Using Resources from an Included Profile
By default, all of the custom resources from a listed dependency are available
@@ -449,7 +396,7 @@ for use in your profile. If two of your dependencies provide a resource with
the same name, you can use the `require_resource` DSL function to
disambiguate the two:
-```yaml
+```YAML
require_resource(profile: 'my_dep', resource: 'my_res',
as: 'my_res2')
```
@@ -473,7 +420,7 @@ of a profile. They are accessed by their name relative to this folder with
Here is an example for reading and testing a list of ports. The folder structure is:
-```yaml
+```YAML
examples/profile
├── controls
│ ├── example.rb
@@ -484,7 +431,7 @@ examples/profile
With `services.yml` containing:
-```yaml
+```YAML
- service_name: httpd-alpha
port: 80
- service_name: httpd-beta
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md
index fbcd49e970..7bcb563cdc 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/reporters.md
@@ -11,17 +11,17 @@ gh_repo = "inspec"
weight = 50
+++
-A `reporter` is a facility for formatting and delivering the results of a Chef InSpec auditing run. Reporters were introduced in Chef InSpec 1.51.6.
+Introduced in Chef InSpec 1.51.6
-Chef InSpec allows you to output your test results to one or more reporters.
+A `reporter` is a facility for formatting and delivering the results of a Chef InSpec auditing run.
-Configure the reporter(s) using either the `--reporter` option or as part of the general configuration file using the `--config` (or `--json-config`, prior to v3.6) option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen(stdout).
+Chef InSpec allows you to output your test results to one or more reporters. Configure the reporter(s) using either the `--reporter` option or as part of the general config file using the `--config` (or `--json-config`, prior to v3.6) option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen(stdout).
## Syntax
-You can specify one or more reporters using the `--reporter` CLI flag. You can also specify an output by appending a path separated by a colon.
+You can specify one or more reporters using the `--reporter` cli flag. You can also specify a output by appending a path separated by a colon.
-**Output json to screen**
+Output json to screen.
```bash
inspec exec example_profile --reporter json
@@ -29,7 +29,7 @@ inspec exec example_profile --reporter json
inspec exec example_profile --reporter json:-
```
-**Output yaml to screen.**
+Output yaml to screen
```bash
inspec exec example_profile --reporter yaml
@@ -37,33 +37,33 @@ inspec exec example_profile --reporter yaml
inspec exec example_profile --reporter yaml:-
```
-**Output cli to screen and write json to a file.**
+Output cli to screen and write json to a file.
```bash
inspec exec example_profile --reporter cli json:/tmp/output.json
```
-**Output nothing to screen and write junit and html to a file.**
+Output nothing to screen and write junit and html to a file.
```bash
inspec exec example_profile --reporter junit2:/tmp/junit.xml html:www/index.html
```
-**Output json to screen and write to a file. Write junit to a file.**
+Output json to screen and write to a file. Write junit to a file.
```bash
inspec exec example_profile --reporter json junit2:/tmp/junit.xml | tee out.json
```
-If you wish to pass the profiles directly after specifying the reporters, you must use the end of options flag `--`.
+If you wish to pass the profiles directly after specifying the reporters you will need to use the end of options flag `--`.
```bash
inspec exec --reporter json junit2:/tmp/junit.xml -- profile1 profile2
```
-Using the CLI option `--config`, you can also set reporters.
+If you are using the cli option `--config`, you can also set reporters.
-**Output cli to screen.**
+Output cli to screen.
```json
{
@@ -75,7 +75,7 @@ Using the CLI option `--config`, you can also set reporters.
}
```
-**Output cli to screen and write json to a file.**
+Output cli to screen and write json to a file.
```json
{
@@ -90,26 +90,19 @@ Using the CLI option `--config`, you can also set reporters.
}
}
```
-
-**Output real-time progress to screen with a progress bar.**
-
-```bash
-inspec exec example_profile --reporter progress-bar
-```
-
## Reporter Options
-The following are CLI options that are used to modify reporter behavior. Many of these options allow you to limit the report size because some reporters (such as the json-automate reporter) limit on the total size of the report that can be processed.
+The following are CLI options that may be used to modify reporter behavior. Many of these options allow you to limit the size of the report, because some reporters (such as the json-automate reporter) have a limit on the total size of the report that can be processed.
`--diff`, `--no-diff`
-: Include a `diff` comparison of textual differences in the failed test output (default: `true`).
+: Include a `diff` comparison of textual differences in failed test output (default: `true`).
: Use `--no-diff` to limit the size of the report output when tests contain large amounts of text output.
`--filter-empty-profiles`
-: Remove empty profiles (those containing zero controls, such as resource packs) from the reporter's output.
+: Remove empty profiles (those containing zero controls, such as resource packs) from the output of the reporter.
`--reporter-backtrace-inclusion`, `--no-reporter-backtrace-inclusion`
@@ -127,21 +120,13 @@ The following are CLI options that are used to modify reporter behavior. Many of
: This may be used to limit the size of reports when failure messages are exceptionally large.
-`--enhanced-outcomes`
-
-: Includes enhanced outcome of controls in report data.
-
-: The control level status outcomes are `Passed`, `Failed`, `Not Applicable (N/A)`, `Not Reviewed (N/R)`, or `Error (ERR)`.
-
-: Only supported for cli, progress-bar, html2, json, json-automate, automate, and yaml reporters.
-
## Supported Reporters
-The following are the currently supported reporters:
+The following are the current supported reporters:
### cli
-This is the basic text based report. It includes details about tests that passed and failed and an overall summary at the end.
+This is the basic text base report. It includes details about which tests passed and failed and includes an overall summary at the end.
### json
@@ -181,39 +166,25 @@ This reporter outputs the standard JUnit spec in XML format and is recommended f
#### junit
-This legacy reporter outputs nonstandard JUnit XML and is provided only for backward compatibility.
+This legacy reporter outputs nonstandard JUnit XML and is provided only for backwards compatibility.
### progress
-This reporter is very condensed and provides you a `.`(pass), `f`(fail), or `*`(skip) character per test and a small summary at the end.
-
-### progress-bar
-
-This reporter outputs the real-time progress of a running InSpec profile using a progress bar and prints the running control's ID with an indicator of the control's status (`Passed`, `failed`, or `skipped`).
-
-For example:
-
-
-
-And reporter outcome with `--enhanced-outcomes` option:
-
-
+This reporter is very condensed and gives you a `.`(pass), `f`(fail), or `*`(skip) character per test and a small summary at the end.
### json-rspec
-This reporter includes all information from the Rspec runner. Unlike the json reporter, this includes Rspec-specific details.
+This reporter includes all information from the rspec runner. Unlike the json reporter this includes rspec specific details.
### html
-This reporter is the legacy RSpec HTML reporter retained for backward compatibility. The report generated is unaware of profiles or controls and only contains unsorted test information. Most users should migrate to the `html2` reporter for more complete data.
+This reporter is the legacy RSpec HTML reporter, which is retained for backwards compatibility. The report generated is not aware of profiles or controls, and only contains unsorted test information. Most users should migrate to the `html2` reporter for more complete data.
### html2
This reporter is an improved HTML reporter that contains full data about the structure of the profile, controls, and tests. The generated report renders HTML code for viewing your tests in a browser.
-The `html2` reporter requires no configuration to function. However, options `--alternate_css_file` and `--alternate_js_file` are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes.
-
-For details, see [our configuration file documentation](/inspec/config/).
+The `html2` reporter requires no configuration to function. However, two options--`alternate_css_file` and `alternate_js_file`--are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. For details, see [our configuration file documentation](/inspec/config/).
For example:
@@ -231,17 +202,17 @@ For example:
#### alternate_css_file
-Specifies the full path to the location of a CSS file that is read and inlined into the HTML report. The default CSS is not included.
+Specifies the full path to the location of a CSS file that will be read and inlined into the HTML report. The default CSS will not be included.
#### alternate_js_file
-Specifies the full path to the location of a JavaScript file that is read and inlined into the HTML report. The default JavaScript is included. The JavaScript file should implement at least a `pageLoaded()` function, which is called by the `onload` event of the HTML `body` element.
+Specifies the full path to the location of a JavaScript file that will be read and inlined into the HTML report. The default JavaScript will not be included. The JavaScript file should implement at least a `pageLoaded()` function, which will be called by the `onload` event of the HTML `body` element.
## Automate Reporter
-The `automate` reporter type is a special reporter which sends its results over the network to [Chef Automate]({{< relref "/automate/">}}). To use this reporter, you must pass in the correct configuration via a json configuration `--config`.
+The `automate` reporter type is a special reporter which will send its results over the network to [Chef Automate]({{< relref "/automate/">}}). To use this reporter you must pass in the correct configuration via a json config `--config`.
-Example Configuration:
+Example config:
```json
{
@@ -260,34 +231,44 @@ Example Configuration:
### Mandatory fields
-`stdout`
-: Either suppress or shows the automate report in the CLI screen on completion.
+#### stdout
+
+This will either suppress or show the automate report in the CLI screen on completion
-`url`
-: Automate 2 url. Append `data-collector/v0/` at the end.
+#### url
-`token`
-: Automate 2 tokens. You can generate this token by navigating to the **admin** tab of A2 and then clicking **API keys**.
+This is your Automate 2 url. Append `data-collector/v0/` at the end.
+
+#### token
+
+This is your Automate 2 token. You can generate this token by navigating to the admin tab of A2 and then api keys.
### Optional fields
-`insecure`
-: Disables or enables the SSL check when accessing the Automate 2 instance.
+#### insecure
+
+This will disable or enable the ssl check when accessing the Automate 2 instance.
+
+#### node_name
+
+This will be the node name which shows up in Automate.
+
+#### node_uuid
-`node_name`
-: Node name which shows up in Automate.
+This will be the node UUID which shows up in Chef Automate. Use a single static UUID
+per node for all your reports. You must specify a `node_uuid` in the Chef InSpec
+configuration file if running Chef InSpec outside of an audit cookbook or another
+environment where a `chef_guid` or `node_uuid` is already known to Chef InSpec.
-`node_uuid`
-: Node UUID, which shows up in Chef Automate. Use a single static UUID per node for all your reports. You must specify a `node_uuid` in the Chef InSpec configuration file if running Chef InSpec outside of an audit cookbook or another environment where a `chef_guid` or `node_uuid` is already known to Chef InSpec.
+#### environment
-`environment`
-: Sets the environment metadata for Automate.
+This will set the environment metadata for Automate.
-## json-Automate Reporter
+## JSON-Automate Reporter
-The `json-automate` reporter is a special reporter that prepares the data format used by the Automate reporter. `json-automate` does not communicate on the network; instead, it simply produces the JSON report format that Automate would be consuming. Notably, the report is based on the `json` reporter, with the following modifications:
+The `json-automate` reporter is a special reporter that prepares the data format used by the Automate reporter. `json-automate` does not communicate on the network; rather it simply produces the JSON report format that Automate would be consuming. Notably, the report is based on the `json` reporter, with the following modifications:
-- Controls appearing in child profiles are de-duplicated by ID, merging into the parent profile.
-- Child profiles are deleted, flattening the report.
+ * Controls that appear in child profiles are de-duplicated by ID, merging up into the parent profile.
+ * Child profiles are deleted, flattening the report.
-The `json-automate` reporter is primarily used for internal needs, but some users may find it helpful if they want a JSON-based reporter that merges controls.
+The `json-automate` reporter is primarily used for internal needs, but some users may find it useful if they want a JSON based reporter that merges controls.
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md
index 8e4ca031e5..eb83a1f53c 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/_index.md
@@ -13,50 +13,34 @@ gh_repo = "inspec"
The following list of InSpec resources are available.
-{{< inspec/inspec_resources_filter >}}
-
## OS
-{{< inspec/inspec_resources platform="os" >}}
+{{< inspec_resources platform="os" >}}
### Linux
The following resources work on Linux operating systems.
-{{< inspec/inspec_resources platform="linux" >}}
-
-### BSD
-
-The following resources work on BSD operating systems.
-
-{{< inspec/inspec_resources platform="bsd" >}}
+{{< inspec_resources platform="linux" >}}
### Windows
The following resources work on Windows operating systems.
-{{< inspec/inspec_resources platform="windows" >}}
-
-## Alibaba
-
-{{< inspec/inspec_resources platform="alicloud" >}}
+{{< inspec_resources platform="windows" >}}
## AWS
-{{< inspec/inspec_resources platform="aws" >}}
+{{< inspec_resources platform="aws" >}}
## Azure
-{{< inspec/inspec_resources platform="azure" >}}
+{{< inspec_resources platform="azure" >}}
## GCP
-{{< inspec/inspec_resources platform="gcp" >}}
+{{< inspec_resources platform="gcp" >}}
## Habitat
-{{< inspec/inspec_resources platform="habitat" >}}
-
-## Kubernetes
-
-{{< inspec/inspec_resources platform="k8s" >}}
+{{< inspec_resources platform="habitat" >}}
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md
index 3476b94894..05e052bffd 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aide_conf.md
@@ -17,7 +17,7 @@ Use the `aide_conf` Chef InSpec audit resource to test the rules established for
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md
index a785705723..bfae0d2d9e 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apache_conf.md
@@ -17,7 +17,7 @@ Use the `apache_conf` Chef InSpec audit resource to test the configuration setti
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Requirements
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md
index 2f8d5c5129..4123c98951 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/apt.md
@@ -17,7 +17,7 @@ Use the `apt` Chef InSpec audit resource to verify Apt repositories on the Debia
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md
index f5f8a5386f..cc9b9c6bdd 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/audit_policy.md
@@ -17,7 +17,7 @@ Use the `audit_policy` Chef InSpec audit resource to test auditing policies on t
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md
index 6d90aa565b..517ae9724a 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd.md
@@ -11,13 +11,13 @@ platform = "linux"
parent = "inspec/resources/os"
+++
-Use the `auditd` Chef InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the `auditctl -l` command. This resource supports versions of `audit` >= 2.3.
+Use the `auditd` Chef InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditctl -l command. This resource supports versions of `audit` >= 2.3.
## Availability
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md
index 23962072e7..471a06f8df 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/auditd_conf.md
@@ -17,7 +17,7 @@ Use the `auditd_conf` Chef InSpec audit resource to test the configuration setti
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_alb.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_alb.md
new file mode 100644
index 0000000000..938a395a89
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_alb.md
@@ -0,0 +1,90 @@
++++
+title = "aws_alb resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_alb"
+ identifier = "inspec/resources/aws/aws_alb.md aws_alb resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_alb` InSpec audit resource to test properties of a single AWS Application Load Balancer (ALB).
+
+## Syntax
+
+Ensure that an `aws_alb` exists
+
+ describe aws_alb('arn:aws:elasticloadbalancing') do
+ it { should exist }
+ end
+
+ describe aws_alb(load_balancer_arn: 'arn:aws:elasticloadbalancing') do
+ it { should exist }
+ end
+
+## Parameters
+
+### load_balancer_arn _(required)_
+
+This resource accepts a single parameter, the ALB Arn which uniquely identifies the ALB.
+This can be passed either as a string or as a `load_balancer_arn: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference).
+
+## Properties
+
+| Property | Description |
+| ------------------------ | ---------------------------------------------------------------------------------- |
+| load_balancer_name | The name of the load balancer. |
+| load_balancer_addresses | A collection of the load balancer addresses. |
+| canonical_hosted_zone_id | The ID of the Amazon Route 53 hosted zone for the load balancer. |
+| dns_name | The DNS name of the load balancer. |
+| availability_zones | The Availability Zones for the load balancer. |
+| security_groups | The security groups for the load balancer. Valid only for load balancers in a VPC. |
+| scheme | The type of load balancer. Valid only for load balancers in a VPC. |
+| state | The state of the load balancer. |
+| subnets | A collection of the subnet ids. |
+| type | The type of the load balancer. |
+| vpc_id | The ID of the VPC for the load balancer. |
+| zone_names | A collection of the names of the availability zones. |
+| listeners | A collection of the listeners for the load balancer. |
+| ssl_policies | A list of the SSL Policies configured for the listeners of the load balancer. |
+| external_ports | A list of the ports configured for the listeners of the load balancer. |
+| protocols | A list of the protocols configured for the listeners of the load balancer. |
+
+## Examples
+
+### Test that an ALB has its availability zones configured correctly
+
+ describe aws_alb('arn::alb') do
+ its('zone_names.count') { should be > 1 }
+ its('zone_names') { should include 'us-east-2a' }
+ its('zone_names') { should include 'us-east-2b' }
+ end
+
+## Matchers
+
+This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_alb('AnExistingALB') do
+ it { should exist }
+ end
+
+ describe aws_alb('ANonExistentALB') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticloadbalancing:DescribeLoadBalancers` action set to Allow.
+
+You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_albs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_albs.md
new file mode 100644
index 0000000000..8deccf58e8
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_albs.md
@@ -0,0 +1,76 @@
++++
+title = "aws_albs resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_albs"
+ identifier = "inspec/resources/aws/aws_albs.md aws_albs resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_albs` InSpec audit resource to test the configuration of a collection of Application Load Balancers.
+
+## Syntax
+
+Ensure that an `aws_albs` exists
+
+ describe aws_albs do
+ its('load_balancer_arns') { should include 'arn:aws:elasticloadbalancing' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference).
+
+## Properties
+
+| Property | Description |
+| ------------------------- | ----------------------------------------------------------------------------------- |
+| load_balancer_names | The names of the load balancers. |
+| load_balancer_addresses | A collection of the load balancers addresses. |
+| canonical_hosted_zone_ids | The IDs of the Amazon Route 53 hosted zone for the load balancers. |
+| dns_names | The DNS names of the load balancers. |
+| availability_zones | The Availability Zones for the load balancers. |
+| security_groups | The security groups for the load balancers. Valid only for load balancers in a VPC. |
+| schemes | The types of load balancers. Valid only for load balancers in a VPC. |
+| states | The states of the load balancers. |
+| subnets | A collection of the subnet ids. |
+| types | The types of the load balancers. |
+| vpc_ids | The IDs of the VPCs for the load balancers. |
+| zone_names | A collection of the names of the availability zones. |
+
+## Examples
+
+### Test that an ALB has its availability zones configured correctly
+
+ describe aws_alb('arn::alb') do
+ its('zone_names.count') { should be > 1 }
+ its('zone_names') { should include 'us-east-2a' }
+ its('zone_names') { should include 'us-east-2b' }
+ end
+
+## Matchers
+
+This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_albs do
+ it { should exist }
+ its('availability_zones') { should_not include 'us-east-1a'}
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticloadbalancing:DescribeLoadBalancers` action set to Allow.
+
+You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_auto_scaling_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_auto_scaling_group.md
new file mode 100644
index 0000000000..473b5d435b
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_auto_scaling_group.md
@@ -0,0 +1,90 @@
++++
+title = "aws_auto_scaling_group resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_auto_scaling_group"
+ identifier = "inspec/resources/aws/aws_auto_scaling_group.md aws_auto_scaling_group resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_auto_scaling_group` InSpec audit resource to test properties of a single AWS Auto Scaling group.
+
+## Syntax
+
+Ensure that an auto scaling group exists and has the correct scale sizes
+
+ describe aws_auto_scaling_group('MyAutoScalingGroup') do
+ it { should exist }
+ its('min_size') { should be 1}
+ its('max_size') { should be 4}
+ end
+
+You may also use hash syntax to pass the auto scaling group name
+
+ describe aws_auto_scaling_group(name: 'MyAutoScalingGroup') do
+ it { should exist }
+ end
+
+## Parameters
+
+### name _(required)_
+
+This resource accepts a single parameter, the Auto Scaling Group Name which uniquely identifies the auto scaling group.
+This can be passed either as a string or as a `name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------- | ------------------------------------------------------------------------------------------ |
+| min_size | An integer indicating the minimum number of instances in the auto scaling group |
+| maximum_size | An integer indicating the maximum number of instances in the auto scaling group |
+| desired_capacity | An integer indicating the desired number of instances in the auto scaling group |
+| launch_configuration_name | The name of the auto scaling launch configuration associated with the auto scaling group |
+| vpc_zone_identifier | An array of strings corresponding to the subnet IDs associated with the auto scaling group |
+| tags | An hash with each key-value pair corresponding to a tag associated with the entity |
+
+## Examples
+
+### Ensure that an auto scaling group has the correct desired capacity
+
+ describe aws_auto_scaling_group('MyAutoScalingGroup') do
+ it { should exist }
+ its('desired_capacity') { should be 2 }
+ end
+
+### Ensure that an auto scaling group has the correct Launch Configuration name and VPC identifier
+
+ describe aws_auto_scaling_group('MyAutoScalingGroup') do
+ it { should exist }
+ its('launch_configuration_name') { should eq 'MyLaunchConfiguration'}
+ its('vpc_zone_identifier') { should include 'subnet-1234'}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_auto_scaling_group('AnExistingASG') do
+ it { should exist }
+ end
+
+ describe aws_auto_scaling_group('ANonExistentASG') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `autoscaling:Describe*` actions with Effect set to Allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_auto_scaling_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_auto_scaling_groups.md
new file mode 100644
index 0000000000..a76fa51734
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_auto_scaling_groups.md
@@ -0,0 +1,73 @@
++++
+title = "aws_auto_scaling_groups resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_auto_scaling_groups"
+ identifier = "inspec/resources/aws/aws_auto_scaling_groups.md aws_auto_scaling_groups resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_auto_scaling_groups` InSpec audit resource to test the properties of a collection of AWS Auto Scaling Groups.
+
+## Syntax
+
+An `aws_auto_scaling_groups` resource block returns all Auto Scaling Groups and allows the testing of those ASGs.
+
+ describe aws_auto_scaling_groups do
+ its('names') { should include 'group-name' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html).
+
+## Properties
+
+| Property | Description |
+| -------------------------- | -------------------------------------------------------------------------------------------- |
+| min_sizes | An integer indicating the minimum number of instances in the auto scaling group |
+| max_sizes | An integer indicating the maximum number of instances in the auto scaling group |
+| desired_capacities | An integer indicating the desired number of instances in the auto scaling group |
+| launch_configuration_names | The name of the auto scaling launch configuration associated with the auto scaling group |
+| vpc_zone_identifiers | An array of strings corresponding to the subnet IDs associated with the auto scaling group |
+| health_check_types | The service to use for the health checks. The valid values are EC2 and ELB. |
+| tags | A hash of key-value pairs corresponding to the tags associated with the entity. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure there are no groups with incorrect vpc_zone_identifiers.
+
+ describe aws_auto_scaling_groups do
+ it { should exist }
+ its('vpc_zone_identifiers') { should_not include 'UNDESIRED-ZONE'}
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_auto_scaling_groups.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_auto_scaling_groups.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `autoscaling:Describe*` actions with Effect set to Allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudformation_stack.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudformation_stack.md
new file mode 100644
index 0000000000..d61d5efef0
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudformation_stack.md
@@ -0,0 +1,95 @@
++++
+title = "aws_cloudformation_stack resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_cloudformation_stack"
+ identifier = "inspec/resources/aws/aws_cloudformation_stack.md aws_cloudformation_stack resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_cloudformation_stack` InSpec audit resource to test properties of a single AWS Cloud Formation Stack.
+
+## Syntax
+
+Ensure that an `aws_cloudformation_stack` exists
+
+ describe aws_cloudformation_stack('stack-name') do
+ it { should exist }
+ end
+
+ describe aws_cloudformation_stack(stack_name: 'stack-name') do
+ it { should exist }
+ end
+
+## Parameters
+
+### stack_name _(required)_
+
+This resource accepts a single parameter, the CloudFormation Stack name which uniquely identifies the stack.
+This can be passed either as a string or as a `stack_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Cloud Formation](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/Welcome.html).
+
+## Properties
+
+|Property | Description|
+| --- | --- |
+|stack_id | Unique identifier of the stack. |
+|stack_name | The name associated with the stack. |
+|change_set_id | The unique ID of the change set. |
+|description | A user-defined description associated with the stack. |
+|parameters | A list of Parameter structures. |
+|creation_time | The time at which the stack was created. |
+|deletion_time | The time the stack was deleted. |
+|last_updated_time | The time the stack was last updated. |
+|rollback_configuration | The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards. |
+|stack_status | Current status of the stack. |
+|stack_status_reason | Success/failure message associated with the stack status. |
+|drift_information | Information on whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters. |
+|disable_rollback | Boolean to enable or disable rollback on stack creation failures: |
+|notification_arns | SNS topic ARNs to which stack related events are published. |
+|timeout_in_minutes | The amount of time within which stack creation should complete. |
+|capabilities | The capabilities allowed in the stack. |
+|outputs | A list of output structures. |
+|role_arn | The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack. |
+|tags | A list of Tags that specify information about the stack. |
+|enable_termination_protection | Whether termination protection is enabled for the stack. |
+|parent_id | For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. |
+|root_id | For nested stacks--stacks created as resources for another stack--the stack ID of the the top-level stack to which the nested stack ultimately belongs. |
+
+
+## Examples
+
+### Test that a CloudFormation Stack has its stack_status configured correctly
+
+ describe aws_cloudformation_stack('stack_name') do
+ its ('stack_status') { should eq 'CREATE_COMPLETE' }
+ end
+
+## Matchers
+
+This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_cloudformation_stack('AnExistingStack') do
+ it { should exist }
+ end
+
+ describe aws_cloudformation_stack('ANonExistentStack') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudformation:DescribeStacks` action set to Allow.
+
+You can find detailed documentation at [Authentication and Access Control for CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudtrail_trail.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudtrail_trail.md
new file mode 100644
index 0000000000..140eda3e8c
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudtrail_trail.md
@@ -0,0 +1,124 @@
++++
+title = "aws_cloudtrail_trail resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_cloudtrail_trail"
+ identifier = "inspec/resources/aws/aws_cloudtrail_trail.md aws_cloudtrail_trail resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_cloudtrail_trail` InSpec audit resource to test properties of a single AWS CloudTrail.
+
+## Syntax
+
+An `aws_cloudtrail_trail` resource block identifies a trail by `trail_name`.
+
+ # Find a trail by name
+ describe aws_cloudtrail_trail('trail-name') do
+ it { should exist }
+ end
+
+ # Hash syntax for trail name
+ describe aws_cloudtrail_trail(trail_name: 'trail-name') do
+ it { should exist }
+ end
+
+## Parameters
+
+### trail_name _(required)_
+
+This resource expects a single parameter, the CloudTrail Name which uniquely identifies it.
+This can be passed either as a string or as a `trail_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on CloudTrail](https://docs.aws.amazon.com/cloudtrail/index.html#lang/en_us).
+
+## Properties
+
+|Property | Description|
+| --- | --- |
+|trail_arn | Specifies the ARN of the trail. |
+|trail_name | Name of the trail. |
+|home_region | The region in which the trail was created. |
+|s3_bucket_name | Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. |
+|cloud_watch_logs_role_arn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. |
+|cloud_watch_logs_log_group_arn | Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. |
+|kms_key_id | Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. |
+
+## Examples
+
+### Test that the specified trail does exist
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ it { should exist }
+ end
+
+ describe aws_cloudtrail_trail(trail_name: 'my-cloudtrail') do
+ it { should exist }
+ end
+
+### Check the KMS key used to encrypt
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ its('kms_key_id') { should eq "my-kms-key" }
+ end
+
+### Check the Home Region is correct
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ its('home_region') { should eq 'us-east-1' }
+ end
+
+### Test that the specified trail is a multi-region trail
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ it { should be_multi_region_trail }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ # Verify that at least one CloudTrail Trail exists.
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ it { should exist }
+ end
+
+### be_multi_region_trail
+
+The test will pass if the identified trail is a multi-region trail.
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ it { should be_multi_region_trail }
+ end
+
+### be_encrypted
+
+The test will pass if the logs delivered by the identified trail are encrypted.
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ it { should be_encrypted }
+ end
+
+### be_log_file_validation_enabled
+
+The test will pass if the identified trail has log file integrity validation is enabled.
+
+ describe aws_cloudtrail_trail('my-cloudtrail') do
+ it { should be_log_file_validation_enabled }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudtrail:DescribeTrails` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudtrail_trails.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudtrail_trails.md
new file mode 100644
index 0000000000..ba7ff4f09d
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudtrail_trails.md
@@ -0,0 +1,74 @@
++++
+title = "aws_cloudtrail_trails resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_cloudtrail_trails"
+ identifier = "inspec/resources/aws/aws_cloudtrail_trails.md aws_cloudtrail_trails resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_cloudtrail_trails` InSpec audit resource to test properties of a collection of AWS CloudTrail Trails.
+
+## Syntax
+
+An `aws_cloudtrail_trails` resource block returns all CloudTrail Trails and allows the testing of those trails.
+
+ describe aws_cloudtrail_trails do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html).
+
+## Properties
+
+| Property | Description |
+| ---------- | -------------------------------------------------------------------------------------------- |
+| trail_arns | Specifies the ARNs of the trails. |
+| names | The names of the trails. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure a CloudTrail with a specific name exists
+
+ describe aws_cloudtrail_trails do
+ its('names') { should include('trail-1') }
+ end
+
+### Ensure a CloudTrail with a specific arn exists
+
+ describe aws_cloudtrail_trails do
+ its('trail_arns') { should include('arn:aws:cloudtrail:us-east-1::trail/trail-1') }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_cloudtrail_trails do
+ it { should exist }
+ end
+
+ describe aws_cloudtrail_trails do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudtrail:DescribeTrails` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_alarm.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_alarm.md
new file mode 100644
index 0000000000..967523f2ef
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_alarm.md
@@ -0,0 +1,85 @@
++++
+title = "aws_cloudwatch_alarm resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_cloudwatch_alarm"
+ identifier = "inspec/resources/aws/aws_cloudwatch_alarm.md aws_cloudwatch_alarm resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_cloudwatch_alarm` InSpec audit resource to test properties of a single CloudWatch Alarm.
+
+**If more than one Alarm matches, an error will be raised.**
+
+## Syntax
+
+### Ensure an Alarm exists.
+
+ aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
+ it { should exist }
+ end
+
+## Parameters
+
+### metric_name _(required)_
+
+The metric name used by this alarm. This must be passed as a `metric_name: 'value'` key-value entry in a hash.
+
+### metric_namespace _(required)_
+
+The metric namespace used by this alarm. This must be passed as a `metric_namespace: 'value'` key-value entry in a hash.
+
+### dimensions _(optional)_
+
+The dimensions associated with this alarm. This must be passed as an array of hashes `dimensions: [{key:'value'}]` .
+
+## Properties
+
+| Property | Description |
+| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| alarm_actions | The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). |
+| alarm_name | The name of the alarm. |
+| metric_name | The name of the metric. |
+| metric_namespace | The namespace of the metric. |
+
+## Examples
+
+### Ensure an Alarm has at least one alarm action
+
+ describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
+ its('alarm_actions') { should_not be_empty }
+ end
+
+### Ensure an Alarm with Dimensions exists
+
+ describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace', dimensions: [{key: 'value'}]) do
+ it { should exist }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_cloudwatch_alarm(metric_name: 'good-metric', metric_namespace: 'my-metric-namespace') do
+ it { should exist }
+ end
+
+ describe aws_cloudwatch_alarm(metric_name: 'bed-metric', metric_namespace: 'my-metric-namespace') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudwatch:DescribeAlarmsForMetric` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_group.md
new file mode 100644
index 0000000000..4b1d74dcd3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_group.md
@@ -0,0 +1,56 @@
++++
+title = "aws_cloudwatch_log_group resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_cloudwatch_log_group"
+ identifier = "inspec/resources/aws/aws_cloudwatch_log_group.md aws_cloudwatch_log_group resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_cloudwatch_log_group` InSpec audit resource to test properties of a single AWS CloudWatch Log Group.
+
+## Syntax
+
+Ensure that an `aws_cloudwatch_log_group` exists
+
+ describe aws_cloudwatch_log_group('my_log_group') do
+ it { should exist }
+ end
+
+ describe aws_cloudwatch_log_group(log_group_name: 'my_log_group') do
+ it { should exist }
+ end
+
+## Parameters
+
+### log_group_name _(required)_
+
+This resource accepts a single parameter, the log group name which uniquely identifies the CloudWatch Log Group.
+This can be passed either as a string or as a `log_group_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html).
+
+## Properties
+
+| Property | Description |
+| ----------------- | ------------------------------------------------------------------------- |
+| retention_in_days | The number of days to retain the log events in the specified log group |
+| kms_key_id | The Amazon Resource Name (ARN) of the CMK to use when encrypting log data |
+| tags | The tags for the log group. |
+
+### Test tags on the CloudWatch Log Group
+
+ describe aws_cloudwatch_log_group('my_log_group') do
+ its('tags') { should include(:Environment => 'env-name',
+ :Name => 'my_log_group')}
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `logs:DescribeLogGroups` and `logs:ListTagsLogGroup` actions with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch Logs](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatchlogs.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_metric_filter.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_metric_filter.md
new file mode 100644
index 0000000000..127174ed96
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_cloudwatch_log_metric_filter.md
@@ -0,0 +1,108 @@
++++
+title = "aws_cloudwatch_log_metric_filter resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_cloudwatch_log_metric_filter"
+ identifier = "inspec/resources/aws/aws_cloudwatch_log_metric_filter.md aws_cloudwatch_log_metric_filter resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_cloudwatch_log_metric_filter` InSpec audit resource to search for and test properties of individual AWS Cloudwatch Log Metric Filters.
+
+## Syntax
+
+ describe aws_cloudwatch_log_metric_filter(filter_name: 'my-filter', log_group_name: 'my-log-group') do
+ it { should exist }
+ end
+
+ describe aws_cloudwatch_log_metric_filter(log_group_name: 'my-log-group', pattern: 'my-filter') do
+ it { should exist }
+ end
+
+## Parameters
+
+**Note**: _While all parameters are optional, at least one must be provided. In practice, the more parameters you provide the narrower a result you will return._
+
+### filter_name _(optional)_
+
+The name of the Log Metric Filter. Expected in a hash as `filter_name: 'value'`.
+
+### log_group_name _(optional)_
+
+The log group of the filter. Expected in a hash as `log_group_name: 'value'`.
+
+### pattern _(optional)_
+
+A pattern by which to narrow down the result-set, if you expect multiple results. Expected in a hash as `pattern: 'value'`.
+
+See also the [AWS documentation on CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html).
+
+## Properties
+
+| Property | Description |
+| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| filter_name | The name of the metric filter. |
+| log_group_name | The name of the log group. |
+| metric_name | The name of the metric. |
+| metric_namespace | The namespace of the metric. |
+| pattern | A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event may contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message. |
+
+## Examples
+
+### Ensure a Filter exists
+
+ describe aws_cloudwatch_log_metric_filter(filter_name: 'my-filter', log_group_name: 'my-log-group') do
+ it { should exist }
+ end
+
+### Ensure a Filter exists for a specific pattern
+
+ describe aws_cloudwatch_log_metric_filter(pattern: '"ERROR" - "Exiting"') do
+ it { should exist }
+ end
+
+### Check the name of a Filter
+
+ describe aws_cloudwatch_log_metric_filter(log_group_name: 'app-log-group', pattern: 'KERBLEWIE') do
+ its('filter_name') { should eq 'kaboom_lmf' }
+ end
+
+### Check the Log Group name of a Filter
+
+ describe aws_cloudwatch_log_metric_filter(filter_name: 'error-watcher') do
+ its('log_group_name') { should eq 'app-log-group' }
+ end
+
+### Check a filter has the correct pattern
+
+ describe aws_cloudwatch_log_metric_filter(filter_name: 'error-watcher', log_group_name: 'app-log-group') do
+ its('pattern') { should cmp 'ERROR' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_cloudwatch_log_metric_filter(log_group_name: 'my-log-group') do
+ it { should exist }
+ end
+
+ describe aws_cloudwatch_log_metric_filter(log_group_name: 'i-dont-exist') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudwatch:DescribeAlarmsForMetric` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_config_delivery_channel.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_config_delivery_channel.md
new file mode 100644
index 0000000000..edfeffb45d
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_config_delivery_channel.md
@@ -0,0 +1,91 @@
++++
+title = "aws_config_delivery_channel resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_config_delivery_channel"
+ identifier = "inspec/resources/aws/aws_config_delivery_channel.md aws_config_delivery_channel resource"
+ parent = "inspec/resources/aws"
++++
+
+The AWS Config service can monitor and record changes to your AWS resource configurations. A Delivery Channel can record the changes
+to an S3 Bucket, an SNS or both.
+
+Use the `aws_config_delivery_channel` InSpec audit resource to examine how the AWS Config service delivers those change notifications.
+
+One delivery channel is allowed per region per AWS account, and the delivery channel is required to use AWS Config.
+
+## Syntax
+
+ describe aws_config_delivery_channel('my_channel') do
+ it { should exist }
+ end
+
+ describe aws_config_delivery_channel(channel_name: 'my-channel') do
+ it { should exist }
+ end
+
+Since you may only have one Delivery Channel per region, and InSpec connections are per-region, you may also omit the `channel_name` to obtain the one Delivery Channel (if any) that exists:
+
+ describe aws_config_delivery_channel do
+ it { should exist }
+ end
+
+## Parameters
+
+### channel_name _(optional)_
+
+This resource can be passed a single parameter, the Channel Name.
+This can be passed either as a string or as a `channel_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Delivery Channels](https://docs.aws.amazon.com/config/latest/developerguide/manage-delivery-channel.html).
+
+## Properties
+
+| Property | Description |
+| --------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
+| channel_name | The name of the delivery channel. By default, AWS Config assigns the name "default" when creating the delivery channel. |
+| s3_bucket_name | The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files. |
+| s3_key_prefix | The prefix for the specified Amazon S3 bucket. |
+| sns_topic_arn | The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes. |
+| delivery_frequency_in_hours | Specifies how often the AWS Config sends configuration changes to the s3 bucket in the delivery channel. |
+
+## Examples
+
+### Test how frequently the channel writes configuration changes to the s3 bucket
+
+ describe aws_config_delivery_channel(channel_name: 'my-recorder') do
+ its('delivery_frequency_in_hours') { should be > 3 }
+ end
+
+### Ensure configuration change notifications are being delivered to the correct bucket and key
+
+ describe aws_config_delivery_channel(channel_name: 'my_channel')
+ its('s3_bucket_name') { should eq 'my_bucket' }
+ its('s3_key_prefix') { should eq 'logs/' }
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_config_delivery_channel('my_channel') do
+ it { should exist }
+ end
+
+ describe aws_config_delivery_channel('my-nonexistent-channel') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `config:DescribeDeliveryChannels` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Config](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsconfig.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_config_recorder.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_config_recorder.md
new file mode 100644
index 0000000000..6c513f9fe2
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_config_recorder.md
@@ -0,0 +1,106 @@
++++
+title = "aws_config_recorder resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_config_recorder"
+ identifier = "inspec/resources/aws/aws_config_recorder.md aws_config_recorder resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_config_recorder` InSpec audit resource to test properties of your AWS Config Service.
+
+The AWS Config service can monitor and record changes to your AWS resource configurations. The Aws Config Recorder is used to detect changes in resource configurations and capture these changes as configuration items.
+
+As of April 2018, you are only permitted one configuration recorder per region.
+
+## Syntax
+
+Ensure that an auto scaling group exists and has the correct scale sizes
+
+ describe aws_config_recorder('my-recorder') do
+ it { should exist }
+ end
+
+You may also use hash syntax to pass the recorder name
+
+ describe aws_config_recorder(recorder_name: 'my-recorder') do
+ it { should exist }
+ end
+
+Since you may only have one recorder per region, and InSpec connections are per-region, you may also omit the recorder name to obtain the one recorder (if any) that exists:
+
+ describe aws_config_recorder do
+ it { should exist }
+ end
+
+## Parameters
+
+### recorder_name _(optional)_
+
+This resource accepts a single parameter, the Configuration Recorder Name.
+This can be passed either as a string or as a `recorder_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Configuration](https://docs.aws.amazon.com/config/latest/developerguide/aws-config-landing-page.html).
+
+## Properties
+
+| Property | Description |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| recorder_name | The name of the recorder. By default, AWS Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name. |
+| role_arn | Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account. |
+| resource_types | A comma-separated list that specifies the types of AWS resources for which AWS Config records configuration changes (i.e. AWS::EC2::Instance) |
+
+## Examples
+
+### Test if the recorder is active and recording
+
+ describe aws_config_recorder do
+ it { should be_recording }
+ end
+
+### Ensure the role_arn is correct for the recorder
+
+The role is used to grant permissions to S3 Buckets, SNS topics and to get configuration details for supported AWS resources.
+
+```ruby
+describe aws_config_recorder do
+ its('role_arn') { should eq 'arn:aws:iam::721741954427:role/My_Recorder' }
+end
+```
+
+### Test the recorder is monitoring changes to the correct resources.
+
+ describe aws_config_recorder do
+ its('resource_types') { should include 'AWS::EC2::CustomerGateway' }
+ its('resource_types') { should include 'AWS::EC2::EIP' }
+ end
+
+## Matchers
+
+### be_recording
+
+Ensure the recorder is active
+
+ it { should be_recording }
+
+### be_recording_all_resource_types
+
+Indicates if the ConfigurationRecorder will record changes for all resources, regardless of type. If this is true, resource_types is ignored.
+
+ it { should be_recording_all_resource_types }
+
+### be_recording_all_global_types
+
+Indicates whether the ConfigurationRecorder will record changes for global resource types (such as [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)s).
+
+ it { should be_recording_all_global_types }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `config:DescribeConfigurationRecorders` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Config](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsconfig.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_db_subnet_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_db_subnet_group.md
new file mode 100644
index 0000000000..7c2648abd0
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_db_subnet_group.md
@@ -0,0 +1,78 @@
++++
+title = "aws_db_subnet_group resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_db_subnet_group"
+ identifier = "inspec/resources/aws/aws_db_subnet_group.md aws_db_subnet_group resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_db_subnet_group` InSpec audit resource to test properties of a db subnet group.
+
+## Syntax
+
+An `aws_db_subnet_group` resource block uses the parameter to select a subnet group.
+
+ describe aws_db_subnet_group(db_subnet_group_name: 'subnet-group-name-12345') do
+ it { should exist }
+ end
+
+## Parameters
+
+### db_subnet_group_name _(required)_
+
+This resource accepts a single parameter, the DB Subnet Group Name.
+This can be passed either as a string or as a `aws_db_subnet_group: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on DB Subnet Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets).
+
+## Properties
+
+| Property | Description |
+| --------------------------- | ------------------------------------------------- |
+| db_subnet_group_name | The name of the DB subnet group. |
+| db_subnet_group_description | Provides the description of the DB subnet group. |
+| vpc_id | Provides the VPC ID of the DB subnet group. |
+| subnet_group_status | Provides the status of the DB subnet group. |
+| subnets | Contains a list of Subnet elements. |
+| db_subnet_group_arn | The Amazon Resource Name for the DB subnet group. |
+
+For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBSubnetGroup.html)
+
+## Examples
+
+### Check DB Subnet Group Name of a subnet group
+
+ describe aws_db_subnet_group(db_subnet_group_name: 'subnet-group-name-12345') do
+ its('db_subnet_group_name') { should eq 'subnet-group-name-12345' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_db_subnet_group(db_subnet_group_name: 'subnet-group-name-12345') do
+ it { should exist }
+ end
+
+ describe aws_rds_cluster(db_cluster_identifier: 'subnet-group-name-6789') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `rds:DescribeDBSubnetGroup` action with Effect set to Allow.
+
+You can find detailed documentation at
+[Actions, Resources, and Condition Keysfor Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_db_subnet_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_db_subnet_groups.md
new file mode 100644
index 0000000000..444319c14a
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_db_subnet_groups.md
@@ -0,0 +1,77 @@
++++
+title = "aws_db_subnet_groups resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_db_subnet_groups"
+ identifier = "inspec/resources/aws/aws_db_subnet_groups.md aws_db_subnet_groups resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_db_subnet_groups` InSpec audit resource to test properties of a collection of AWS RDS subnet groups.
+
+RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.
+
+## Syntax
+
+Ensure you have exactly 3 subnet groups
+
+ describe aws_db_subnet_groups do
+ its('db_subnet_group_names.count') { should cmp 3 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on RDS](https://docs.aws.amazon.com/rds/?id=docs_gateway).
+
+## Properties
+
+| Property | Description |
+| ---------------------------- | ------------------------------------------------- |
+| db_subnet_group_names | The name of the DB subnet group. |
+| db_subnet_group_descriptions | Provides the description of the DB subnet group. |
+| vpc_ids | Provides the VPC ID of the DB subnet group. |
+| subnet_group_status | Provides the status of the DB subnet group. |
+| subnets | Contains a list of Subnet elements. |
+| db_subnet_group_arns | The Amazon Resource Name for the DB subnet group. |
+
+For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBSubnetGroup.html)
+
+## Examples
+
+### Ensure DB Subnet Group Name of a subnet group exists
+
+ describe aws_db_subnet_groups do
+ its('db_subnet_group_names') { should include 'subnet-group-name' }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_db_subnet_groups.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_db_subnet_groups.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `rds:DescribeDBSubnetGroups` action with Effect set to Allow.
+
+You can find detailed documentation at
+[Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_dhcp_options.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_dhcp_options.md
new file mode 100644
index 0000000000..50a7578c34
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_dhcp_options.md
@@ -0,0 +1,57 @@
++++
+title = "aws_dhcp_options resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_dhcp_options"
+ identifier = "inspec/resources/aws/aws_dhcp_options.md aws_dhcp_options resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_dhcp_options` InSpec audit resource to test properties of a single AWS DHCP Options.
+
+## Syntax
+
+Ensure that an `aws_dhcp_options` exists
+
+ describe aws_dhcp_options('dopt-0123456789abcdefg') do
+ it { should exist }
+ end
+
+ describe aws_dhcp_options(dhcp_options_id: 'dopt-0123456789abcdefg') do
+ it { should exist }
+ end
+
+## Parameters
+
+### dhcp_options_id _(required)_
+
+This resource accepts a single parameter, the DHCP Options ID which uniquely identifies the DHCP Options.
+This can be passed either as a string or as a `dhcp_options_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on EC2](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html).
+
+## Properties
+
+| Property | Description |
+| ------------------- | --------------------------------------------------------- |
+| dhcp_configurations | The list of dhcp configurations |
+| domain_name_servers | The list of domain name servers in the dhcp configuration |
+| ntp_servers | The list of ntp servers in the dhcp configuration |
+| tags | The tags of the DHCP Options. |
+
+### Test tags on the DHCP Options
+
+ describe aws_dhcp_options('dopt-0123456789abcdefg') do
+ its('tags') { should include(:Environment => 'env-name',
+ :Name => 'dhcp-options-name')}
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeDhcpOptions` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_dynamodb_table.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_dynamodb_table.md
new file mode 100644
index 0000000000..e908de25a3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_dynamodb_table.md
@@ -0,0 +1,105 @@
++++
+title = "aws_dynamodb_table resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_dynamodb_table"
+ identifier = "inspec/resources/aws/aws_dynamodb_table.md aws_dynamodb_table resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_dynamodb_table` InSpec audit resource to test properties of a single DynamoDb Table.
+
+## Syntax
+
+### Ensure an DynamoDb Table exists.
+
+ describe aws_dynamodb_table(table_name: 'table-name') do
+ it { should exist }
+ end
+
+## Parameters
+
+### table_name _(required)_
+
+The table name used by this DynamoDb Table. This must be passed as a `table_name: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| table_name | The name of the DynamoDb Table. |
+| table_status | The status of the DynamoDb Table. |
+| table_arn | The Amazon Resource Names of the DynamoDb Table. |
+| creation_date | The date the DynamoDb Table was created. eg. `01/01/2019` |
+| number_of_decreases_today | The number of provisioned throughput decreases for this table during this UTC calendar day. |
+| write_capacity_units | The maximum number of writes consumed per second before DynamoDb returns a ThrottlingException. |
+| read_capacity_units | The maximum number of strongly consistent reads consumed per second before DynamoDb returns a ThrottlingException. |
+| item_count | The number of entries in the DynamoDb Table. |
+| attributes | An array of attributes that describe the key schema for the table and indexes. This is returned as a hash. Each entry is composed of: `attribute_name` - The name of this key attribute. `attribute_type` - The datatype of the attribute : `B` - Boolean, `N` - Number, `S` - string |
+| key_schema | Specifies the attributes that make up the primary key for a table or an index. This is returned as a hash. The attributes in KeySchema must also be defined in the Attributes array. Each element in the KeySchemaElement array is composed of: `attribute_name` - The name of this key attribute. `key_type` - The role that the key attribute will assume: `HASH` - partition key, `RANGE` - sort key |
+| global_secondary_indexes | A list of global secondary indexes if there is any referenced on the selected table. |
+
+## Examples
+
+### Ensure DynamoDb Table status is active
+
+ describe aws_dynamodb_table(table_name: 'table-name') do
+ its('table_status') { should eq 'ACTIVE' }
+ end
+
+### Ensure DynamoDb Table has an attribute
+
+ describe aws_dynamodb_table(table_name: 'table-name') do
+ its('attributes') { should_not be_empty }
+ its('attributes') { should include({:attribute_name =>'table_field', :attribute_type =>'N'}) }
+ end
+
+### Ensure DynamoDb Table has a key_schema
+
+ describe aws_dynamodb_table(table_name: 'table-name') do
+ its('key_schema') { should_not be_empty }
+ its('key_schema') { should include({:attribute_name =>'table_field', :key_type =>'HASH'}) }
+ end
+
+### Ensure DynamoDb Table has the correct global secondary indexes set
+
+ aws_dynamodb_table(table_name: 'table-name').global_secondary_indexes.each do |global_sec_idx|
+ describe global_sec_idx do
+ its('index_name') { should eq 'TitleIndex' }
+ its('index_status') { should eq 'ACTIVE' }
+ its('key_schema') { should include({:attribute_name =>'Title', :key_type =>'HASH'}) }
+ its('provisioned_throughput.write_capacity_units') { should cmp 10 }
+ its('provisioned_throughput.read_capacity_units') { should cmp 10 }
+ its('projection.projection_type') { should eq 'INCLUDE' }
+ end
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_dynamodb_table(table_name: 'table-name') do
+ it { should exist }
+ end
+
+ describe aws_dynamodb_table(table_name: 'table-name') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `DynamoDB::DescribeTable` action with Effect set to Allow.
+
+You can find detailed documentation at
+[Actions, Resources, and Condition Keys for Amazon Dynamodb](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazondynamodb.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ebs_volume.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ebs_volume.md
new file mode 100644
index 0000000000..f4a6c2c5a5
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ebs_volume.md
@@ -0,0 +1,107 @@
++++
+title = "aws_ebs_volume resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ebs_volume"
+ identifier = "inspec/resources/aws/aws_ebs_volume.md aws_ebs_volume resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ebs_volume` InSpec audit resource to test properties of a single AWS EBS volume.
+
+## Syntax
+
+Ensure an EBS exists
+
+ describe aws_ebs_volume('vol-01a2349e94458a507') do
+ it { should exist }
+ end
+
+You may also use hash syntax to pass the EBS volume name
+
+ describe aws_ebs_volume(name: 'data-vol') do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource accepts a single parameter, either the EBS Volume name or id. At least one must be provided.
+
+### volume_id _(required if `name` not provided)_
+
+The EBS Volume ID which uniquely identifies the volume.
+This can be passed as either a string or an `volume_id: 'value'` key-value entry in a hash.
+
+### name _(required if `volume_id` not provided)_
+
+The EBS Volume Name which uniquely identifies the volume.
+This must be passed as a `name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html).
+
+## Properties
+
+| Property | Description |
+| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
+| availability_zone | The Availability Zone for the volume. |
+| encrypted | Indicates whether the volume will be encrypted. |
+| iops | The number of I/O operations per second (IOPS) that the volume supports. |
+| kms_key_id | The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the volume. |
+| size | The size of the volume, in GiBs. |
+| snapshot_id | The snapshot from which the volume was created, if applicable. |
+| status | The volume state. |
+| volume_type | The volume type. |
+
+## Examples
+
+### Test that an EBS Volume does not exist
+
+ describe aws_ebs_volume(name: 'data_vol') do
+ it { should_not exist }
+ end
+
+### Test that an EBS Volume is encrypted
+
+ describe aws_ebs_volume(name: 'secure_data_vol') do
+ it { should be_encrypted }
+ end
+
+### Test that an EBS Volume the correct size
+
+ describe aws_ebs_volume(name: 'data_vol') do
+ its('size') { should cmp 32 }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ebs_volume(name: 'data_vol') do
+ it { should exist }
+ end
+
+ describe aws_ebs_volume(name: 'data_vol') do
+ it { should_not exist }
+ end
+
+### be_encrypted
+
+The `be_encrypted` matcher tests if the described EBS Volume is encrypted.
+
+ it { should be_encrypted }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVolumes`, and `iam:GetInstanceProfile` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ebs_volumes.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ebs_volumes.md
new file mode 100644
index 0000000000..4ba8279e1e
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ebs_volumes.md
@@ -0,0 +1,78 @@
++++
+title = "aws_ebs_volumes resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ebs_volumes"
+ identifier = "inspec/resources/aws/aws_ebs_volumes.md aws_ebs_volumes resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ebs_volumes` InSpec audit resource to test properties of a collection of AWS EBS volumes.
+
+EBS volumes are persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.
+
+## Syntax
+
+Ensure you have exactly 3 volumes
+
+ describe aws_ebs_volumes do
+ its('volume_ids.count') { should cmp 3 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html).
+
+## Properties
+
+| Property | Description |
+| ---------- | -------------------------------------------------------------------------------------------- |
+| volume_ids | The unique IDs of the EBS Volumes returned. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure a specific volume exists
+
+```ruby
+describe aws_ebs_volumes do
+ its('volume_ids') { should include 'vol-12345678' }
+end
+```
+
+### Use the InSpec resource to request the IDs of all EBS volumes, then test in-depth using `aws_ebs_volume` to ensure all volumes are encrypted and have a sensible size.
+
+ aws_ebs_volumes.volume_ids.each do |volume_id|
+ describe aws_ebs_volume(volume_id) do
+ it { should be_encrypted }
+ its('size') { should be > 10 }
+ its('iops') { should cmp 100 }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ebs_volumes do
+ it { should exist }
+ end
+
+ describe aws_ebs_volumes do
+ it { should_not exist }
+ end
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVolumes`, and `iam:GetInstanceProfile` actions set to allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ec2_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ec2_instance.md
new file mode 100644
index 0000000000..309be1f6e3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ec2_instance.md
@@ -0,0 +1,163 @@
++++
+title = "aws_ec2_instance resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ec2_instance"
+ identifier = "inspec/resources/aws/aws_ec2_instance.md aws_ec2_instance resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ec2_instance` InSpec audit resource to test properties of a single AWS EC2 instance.
+
+## Syntax
+
+An `aws_ec2_instance` resource block declares the tests for a single AWS EC2 instance by either name or instance id.
+
+ describe aws_ec2_instance('i-01a2349e94458a507') do
+ it { should exist }
+ end
+
+ describe aws_ec2_instance(name: 'my-instance') do
+ it { should exist }
+ end
+
+## Parameters
+
+One of either the EC2 instance's ID or name must be be provided.
+
+### instance_id _(required if `name` not provided)_
+
+The ID of the EC2 instance. This is in the format of `i-` followed by 8 or 17 hexadecimal characters.
+This can be passed either as a string or as an `instance_id: 'value'` key-value entry in a hash.
+
+### name _(required if `instance_id` not provided)_
+
+If you have a `Name` tag applied to the EC2 instance, this can be used to lookup the instance.
+This must be passed as a `name: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| state | The current state of the EC2 Instance, for example 'running'. |
+| image_id | The id of the AMI used to launch the instance. |
+| role | The IAM role attached to the instance. |
+| launch_time | The time the instance was launched. |
+| availability_zone | The availability zone of the instance. |
+| security_groups | A hash containing the security group ids and names associated with the instance. |
+| security_group_ids | The security group ids associated with the instance. |
+| ebs_volumes | A hash containing the names and ids of any EBS volumes associated with the instance. |
+| tags | A list of hashes with each key-value pair corresponding to an EC2 instance tag, e.g, `[{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}]` |
+| tags_hash | A hash, with each key-value pair corresponding to an EC2 instance tag, e.g, `{"Name"=>"Testing Box", "Environment"=>"Dev"}`. This property is available in InSpec AWS resource pack version **[1.12.0](https://github.com/inspec/inspec-aws/releases/tag/v1.12.0)** onwards. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Instance.html)
+
+## Examples
+
+### Test that an EC2 instance is running
+
+ describe aws_ec2_instance(name: 'prod-database') do
+ it { should be_running }
+ end
+
+### Test that an EC2 instance is using the correct AMI
+
+ describe aws_ec2_instance(name: 'my-instance') do
+ its('image_id') { should eq 'ami-27a58d5c' }
+ end
+
+### Test that an EC2 instance has the correct tag
+
+ describe aws_ec2_instance('i-090c29e4f4c165b74') do
+ its('tags') { should include(key: 'Contact', value: 'Gilfoyle') }
+ end
+
+### Test that an EC2 instance has the correct tag (using the `tags_hash` property)
+
+ describe aws_ec2_instance('i-090c29e4f4c165b74') do
+ its('tags_hash') { should include('Contact' => 'Gilfoyle') }
+ its('tags_hash') { should include('Contact') } # Regardless of the value
+ end
+
+### Test that an EC2 instance has no roles
+
+ describe aws_ec2_instance('i-090c29e4f4c165b74') do
+ it { should_not have_roles }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+### has_roles
+
+Test if the EC2 instance has any roles associated with it.
+
+Use `should_not` to test the entity does not have roles.
+
+ it { should have_roles }
+
+ it { should_not have_roles }
+
+### be_pending
+
+The `be_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
+
+ it { should be_pending }
+
+### be_running
+
+The `be_running` matcher tests if the described EC2 instance state is `running`. This indicates the instance is fully operational from AWS's perspective.
+
+ it { should be_running }
+
+### be_shutting_down
+
+The `be_shutting_down` matcher tests if the described EC2 instance state is `shutting-down`. This indicates the instance has received a termination command and is in the process of being permanently halted and de-provisioned. This state should be temporary.
+
+ it { should be_shutting_down }
+
+### be_stopped
+
+The `be_stopped` matcher tests if the described EC2 instance state is `stopped`. This indicates that the instance is suspended and may be started again.
+
+ it { should be_stopped }
+
+### be_stopping
+
+The `be_stopping` matcher tests if the described EC2 instance state is `stopping`. This indicates that an AWS stop command has been issued, which will suspend the instance in an OS-unaware manner. This state should be temporary.
+
+ it { should be_stopping }
+
+### be_terminated
+
+The `be_terminated` matcher tests if the described EC2 instance state is `terminated`. This indicates the instance is permanently halted and will be removed from the instance listing in a short period. This state should be temporary.
+
+ it { should be_terminated }
+
+### be_unknown
+
+The `be_unknown` matcher tests if the described EC2 instance state is `unknown`. This indicates an error condition in the AWS management system. This state should be temporary.
+
+ it { should be_unknown }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInstances`, and `iam:GetInstanceProfile` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ec2_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ec2_instances.md
new file mode 100644
index 0000000000..7e50cf001d
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ec2_instances.md
@@ -0,0 +1,111 @@
++++
+title = "aws_ec2_instances resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ec2_instances"
+ identifier = "inspec/resources/aws/aws_ec2_instances.md aws_ec2_instances resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ec2_instances` InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular).
+
+## Syntax
+
+An `aws_ec2_instances` resource block collects a group of EC2 Instances and then tests that group.
+
+ describe aws_ec2_instances
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| instance_ids | The ID of the EC2 instance. The field name is `instance_id`. |
+| names | The value of the `Name` tag if applied to the instance. The filed name is `name`. |
+| vpc_ids | The VPC with which the EC2 instance is associated. The field name is `vpc_id`. |
+| subnet_ids | The subnet with which the EC2 instance is associated. The field name is `subnet_id`. |
+| instance_types | The type of instance, for example m5.large. The field name is `instance_type`. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+| tags | A hash, with each key-value pair corresponding to an EC2 instance tag, e.g, `{"Name"=>"Testing Box", "Environment"=>"Dev"}`. This property is available in InSpec AWS resource pack version **[1.12.0](https://github.com/inspec/inspec-aws/releases/tag/v1.12.0)** onwards. The field name is `tags`. |
+| iam_profiles | The IAM instance profile associated with the instance. The `role` property of the `aws_ec2_instance` singular resource can be used to check the attached IAM role on the profile. The field name is `iam_profile`. |
+
+## Examples
+
+### Ensure you have exactly 3 instances
+
+ describe aws_ec2_instances do
+ its('instance_ids.count') { should cmp 3 }
+ end
+
+### Use this InSpec resource to request the IDs of all EC2 instances, then test in-depth using `aws_ec2_instance`.
+
+ aws_ec2_instances.instance_ids.each do |instance_id|
+ describe aws_ec2_instance(instance_id) do
+ it { should_not have_roles }
+ its('key_name') { should cmp 'admin-ssh-key' }
+ its('image_id') { should eq 'ami-27a58d5c' }
+ end
+ end
+
+### Filter EC2 instances with their `Environment` tags\* equal to `Dev`, then test in-depth using `aws_ec2_instance`.
+
+ aws_ec2_instances.where(tags: {"Environment" => "Dev"}).instance_ids.each do |id|
+ describe aws_ec2_instance(id) do
+ it { should be_stopped }
+ end
+ end
+
+\*Note that the filter won't return the EC2 instances with multiple tags. In this case use regex: `/{"Environment"=>"Dev"}/`
+
+### Filter EC2 instances with a `stop-at-10-pm` tag regardless of its value, then test in-depth using `aws_ec2_instance`.
+
+ aws_ec2_instances.where(tags: /"stop-at-10-pm"=>/).instance_ids.each do |id|
+ describe aws_ec2_instance(id) do
+ it { should be_stopped }
+ end
+ end
+
+### Filter EC2 instances with their `name` equal to `Test Box`, then check their role using `aws_ec2_instance`.
+
+ aws_ec2_instances.where(name: "Test Box").instance_ids.each do |id|
+ describe aws_ec2_instance(id) do
+ its('role) { should eq "test-role" }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+The field names described in the [properties table](#properties) should be used for the `` in the `where` clause.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ec2_instances.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_ec2_instances.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `ec2:DescribeInstances`, and `iam:GetInstanceProfile` actions set to allow.
+
+You can find detailed documentation at
+[Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html),
+and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr.md
new file mode 100644
index 0000000000..07ebe96273
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr.md
@@ -0,0 +1,90 @@
++++
+title = "aws_ecr resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecr"
+ identifier = "inspec/resources/aws/aws_ecr.md aws_ecr resource"
+ parent = "inspec/resources/aws"
++++
+
+{{< warning >}}
+
+This resource is deprecated. Please use one of the following resources instead.
+
+- `aws_ecr_image`
+- `aws_ecr_images`
+- `aws_ecr_repository`
+- `aws_ecr_repositories`
+
+{{< /warning >}}
+
+Use the `aws_ecr` InSpec audit resource to test properties of a single AWS Elastic Container Registry.
+
+## Syntax
+
+An `aws_ecr` resource block declares the tests for a single AWS ECR by repository name.
+
+ describe aws_ecr(repository_name: aws_ecr_name) do
+ it { should exist }
+ its ('repository_name') { should eq aws_ecr_name }
+ end
+
+## Parameters
+
+The ECR repository_name must be provided.
+
+### repository_name _(required)_
+
+The name of the repository
+This can be passed either as a string or as an `repository_name: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ------------------- | ------------------------------------------------------------------------------ |
+| registry_id | The AWS account ID associated with the registry |
+| repository_arn | The Amazon Resource Name of the repository |
+| repository_name | The name of the repository |
+| repository_uri | The uri of the repository |
+| image_tags | The tags associated with the image |
+| image_digest | A sha256 hash of the image |
+| image_size_in_bytes | The size of the image in bytes. |
+| image_pushed_at | The datetime as a string when the image was uploaded. 'yyyy-mm-dd hh:mm:ss tz' |
+| image_uploaded_date | The date as a string when the image was uploaded. 'yyyy-mm-dd' |
+
+## Examples
+
+### Test that an ECR has the correct image properties
+
+ describe aws_ecr(repository_name: aws_ecr_name).images do
+ its ('image_tags') { should include 'latest'}
+ its ('image_digest') { should eq 'sha256:6dce4a9c1635c4c9b6a2b645e6613fa0238182fe13929808ee2258370d0f3497'}
+ its ('image_size_in_bytes') { should eq 764234}
+ its ('image_uploaded_date') { should eq '2019-06-11'}
+ its ('image_pushed_at') { should eq '2019-06-11 15:08:29 +0100'}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+ it { should_not exist }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ecr:DescribeRepositories` and `ecr:DescribeImages` actions set to allow.
+
+You can find detailed documentation at
+[Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticcontainerregistry.html),
+and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_image.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_image.md
new file mode 100644
index 0000000000..56b473c85c
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_image.md
@@ -0,0 +1,105 @@
++++
+title = "aws_ecr_image resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecr_image"
+ identifier = "inspec/resources/aws/aws_ecr_image"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ecr_image` InSpec audit resource to test the properties of a single image in an AWS Elastic Container Registry (ECR) repository.
+This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards.
+
+## Syntax
+
+An `aws_ecr_image` resource block declares the tests for a single image in an AWS ECR repository by repository name and image identifier.
+
+ describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do
+ it { should exist }
+ end
+
+## Parameters
+
+The repository name and the image identifier (either `image_tag` or `image_digest`) must be provided. The ID of the registry is optional.
+
+### repository_name _(required)_
+
+The name of the ECR repository must satisfy the following constraints:
+
+- Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`.
+- Minimum 2 and maximum of 256 characters long.
+
+### image_tag _(required if `image_digest` not provided)_
+
+The tag used for the image. It can not be longer than 300 characters.
+
+### image_digest _(required if `image_tag` not provided)_
+
+The `sha256` digest of the image manifest. It must satisfy this regex pattern: `[a-zA-Z0-9-_+.]+:[a-fA-F0-9]+`.
+
+### registry_id _(optional)_
+
+The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed.
+
+## Properties
+
+| Property | Description |
+| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| repository_name | The name of the repository. |
+| registry_id | The AWS account ID associated with the registry that contains the repository. |
+| tags | The list of tags associated with this image. |
+| vulnerability_severity_counts | The image vulnerability counts, sorted by severity, e.g. `{:high=>1}`. |
+| vulnerabilities | A list of hashes with each key-value pair corresponding to an image [scan findings](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ImageScanFinding.html). E.g. `{:name=>"CVE-2019-14697", :uri=>"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697", :severity=>"HIGH", :package_version=>"1.1.18-r3", :package_name=>"musl", :CVSS2_VECTOR=>"AV:N/AC:L/Au:N/C:P/I:P/A:P", :CVSS2_SCORE=>"7.5"}` |
+| cve_ids | The list of [CVE IDs](https://cve.mitre.org/cve/identifiers/) of the vulnerabilities in the image. |
+| highest_vulnerability_severity | The [CVSS v2](https://www.first.org/cvss/v2/guide) score of the most severe vulnerability in the image. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ImageDetail.html)
+
+## Examples
+
+### Test the scan status of an image
+
+ describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do
+ its('image_scan_status.status') { should eq 'COMPLETE' }
+ end
+
+### Test that an image has a certain tag
+
+ describe aws_ecr_image(repository_name: 'my-repo', image_digest: 'sha256:687fba9b76554c8dea4c40fed4144011f29b8e1d5db5f2fc976c64ed31894967') do
+ its('tags') { should include('latest') }
+ end
+
+### Test that an image does not contain the [Heartbleed](https://heartbleed.com/) vulnerability
+
+ describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do
+ its('cve_ids') { should_not include('CVE-2014-0160') }
+ end
+
+### Test that an image does not contain a vulnerability more severe than CVSS v2 score 8
+
+ describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do
+ its('highest_vulnerability_severity') { should be <= 8 }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_ecr_image(repository_name: 'my-repo', image_tag: 'latest') do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `ecr:DescribeImages` and `ecr:DescribeImageScanFindings` actions set to allow.
+
+You can find detailed documentation at
+[Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html),
+and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_images.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_images.md
new file mode 100644
index 0000000000..32acd962ea
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_images.md
@@ -0,0 +1,89 @@
++++
+title = "aws_ecr_images resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecr_images"
+ identifier = "inspec/resources/aws/aws_ecr_images.md aws_ecr_images"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ecr_images` InSpec audit resource to test the properties of all images in an AWS Elastic Container Registry (ECR) repository.
+This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards.
+
+## Syntax
+
+An `aws_ecr_images` resource block declares the tests for all images in an AWS ECR repository by the repository name.
+
+ describe aws_ecr_images(repository_name: 'my-repo') do
+ it { should exist }
+ end
+
+## Parameters
+
+The repository name must be provided. The ID of the registry is optional.
+
+### repository_name _(required)_
+
+The name of the ECR repository must satisfy the following constraints:
+
+- Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`.
+- Minimum 2 and maximum of 256 characters long.
+
+### registry_id _(optional)_
+
+The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed.
+
+## Properties
+
+| Property | Description |
+| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| digests | The sha256 digest of the image manifest. The field name is `digest`. |
+| size_in_bytes | The size, in bytes, of the image in the repository. |
+| tags | The list of tags associated with an image. The field name is `tags`. |
+| vulnerability_severity_counts | The image vulnerability counts, sorted by severity. |
+| vulnerability_scan_status | The current state of the scan. It returns an [image scan status object](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ImageScanStatus.html). |
+| pushed_at_dates | The date and time at which an image was pushed to the repository. The field name is `pushed_at_date`. |
+
+## Examples
+
+### Ensure that there are exactly 3 images
+
+ describe aws_ecr_images(repository_name: 'my-repo') do
+ its('count') { should cmp 3 }
+ end
+
+### Use this InSpec resource to request the digests of all images, then test in-depth using `aws_ecr_image`.
+
+ aws_ecr_images(repository_name: 'my-repo').digests.each do |image_digest|
+ describe aws_ecr_image(repository_name: 'my-repo', image_digest: image_digest) do
+ its('tags') { should include('latest') }
+ end
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ecr_images(repository_name: 'my-repo').where( : ) do
+ it { should exist }
+ end
+
+ describe aws_ecr_images(repository_name: 'my-repo').where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ecr:DescribeImages` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_repositories.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_repositories.md
new file mode 100644
index 0000000000..11aa512356
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_repositories.md
@@ -0,0 +1,88 @@
++++
+title = "aws_ecr_repositories resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecr_repositories"
+ identifier = "inspec/resources/aws/aws_ecr_repositories.md aws_ecr_repositories"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ecr_repositories` InSpec audit resource to test the properties of all repositories in an AWS Elastic Container Registry (ECR).
+This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards.
+
+## Syntax
+
+An `aws_ecr_repositories` resource block declares the tests for all AWS ECR repositories in the default registry unless the registry ID is provided.
+
+ describe aws_ecr_repositories do
+ it { should exist }
+ end
+
+Repositories in a non-default registry can be tested by supplying the registry ID if the AWS user has necessary permissions on it.
+
+ describe aws_ecr_repositories(registry_id: '123456789012') do
+ it { should exist }
+ end
+
+## Parameters
+
+The registry id is optional.
+
+### registry_id _(optional)_
+
+The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed.
+
+## Properties
+
+| Property | Description |
+| ----------------------------- | ------------------------------------------------------------------------------------------ |
+| arns | The Amazon Resource Name (ARN) that identifies the repository. |
+| names | The name of the repository. |
+| uris | The URI for the repository. |
+| created_at_dates | The date and time, in JavaScript date format, when the repository was created. |
+| image_tag_mutability_status | The tag mutability setting for the repository. |
+| image_scanning_on_push_status | The setting that determines whether images are scanned after being pushed to a repository. |
+
+## Examples
+
+### Ensure that there are exactly 3 repositories in the default registry
+
+ describe aws_ecr_repositories do
+ its("count") { should cmp 3 }
+ end
+
+### Use this InSpec resource to request the names of all repositories, then test in-depth using `aws_ecr_repository`.
+
+ aws_ecr_repositories.names.each do |repository_name|
+ describe aws_ecr_repository(repository_name) do
+ its('image_tag_mutability') { should eq 'MUTABLE' }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ecr_repositories.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_ecr_repositories.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ecr:DescribeRepositories` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_repository.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_repository.md
new file mode 100644
index 0000000000..8168b83f84
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecr_repository.md
@@ -0,0 +1,94 @@
++++
+title = "aws_ecr_repository resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecr_repository"
+ identifier = "inspec/resources/aws/aws_ecr_repository.md aws_ecr_repository"
+ parent = "inspec/resources/aws"
++++
+
+
+Use the `aws_ecr_repository` InSpec audit resource to test the properties of a single AWS Elastic Container Registry (ECR) repository.
+This resource is available in InSpec AWS resource pack version **[1.11.0](https://github.com/inspec/inspec-aws/releases/tag/v1.11.0)** onwards.
+
+## Syntax
+
+An `aws_ecr_repository` resource block declares the tests for a single AWS ECR repository by repository name.
+
+ describe aws_ecr_repository(repository_name: 'my-repo') do
+ it { should exist }
+ end
+
+The value of the `repository_name` can be provided as a string.
+
+ describe aws_ecr_repository('my-repo') do
+ it { should exist }
+ end
+
+## Parameters
+
+The repository name must be provided. The registry id is optional.
+
+### repository_name _(required)_
+
+The name of the ECR repository must satisfy the following constraints:
+
+- Regex pattern `(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*`.
+- Minimum 2 and maximum of 256 characters long.
+
+This can be passed either as a string or as a `repository_name: 'value'` key-value entry in a hash.
+
+### registry_id _(optional)_
+
+The 12-digit ID of the AWS Elastic Container Registry. If not provided, the [default](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html) registry is assumed.
+
+## Properties
+
+| Property | Description |
+| -------------------- | ------------------------------------------------------------------------------------------ |
+| repository_name | The name of the repository. |
+| image_tag_mutability | The tag mutability settings for the repository. Valid values are `MUTABLE` or `IMMUTABLE`. |
+| registry_id | The AWS account ID associated with the registry that contains the repository. |
+| tags | An hash with each key-value pair corresponding to a tag associated with the entity. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html)
+
+## Examples
+
+### Test that image tags are `IMMUTABLE` in an ECR repository
+
+ describe aws_ecr_repository('my-repo') do
+ its('image_tag_mutability') { should eq 'IMMUTABLE' }
+ end
+
+### Test that images are scanned for vulnerabilities at a push to repository
+
+ describe aws_ecr_repository(repository_name: 'my-repo') do
+ its('image_scanning_configuration.scan_on_push') { should eq true}
+ end
+
+### Test that an ECR repository has a certain tag
+
+ describe aws_ecr_repository('my-repo') do
+ its('tags') { should include('environment' => 'dev') }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_ecr_repository(repository_name: 'my-repo') do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ecr:DescribeRepositories` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Operations.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecs_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecs_cluster.md
new file mode 100644
index 0000000000..8734af2d16
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecs_cluster.md
@@ -0,0 +1,83 @@
++++
+title = "aws_ecs_cluster resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecs_cluster"
+ identifier = "inspec/resources/aws/aws_ecs_cluster.md aws_ecs_cluster resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ecs_cluster` InSpec audit resource to test properties of a single AWS ECS Cluster.
+
+## Syntax
+
+An `aws_ecs_cluster` resource block declares the tests for a single AWS ECS Cluster by cluster name.
+
+ describe aws_ecs_cluser(cluster_name: 'cluster-8') do
+ it { should exist }
+ end
+
+## Parameters
+
+If no parameters are passed, the resource will attempt to retrieve the `default` ECS Cluster.
+
+### cluster_name _(optional)_
+
+This resource accepts a single parameter, the Cluster Name.
+This can be passed either as a string or as a `cluster_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on ECS Clusters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_clusters.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
+| cluster_arn | The Amazon Resource Name (ARN) that identifies the cluster. |
+| cluster_name | A user-generated string that you use to identify your cluster. |
+| status | The status of the cluster. |
+| running_tasks_count | The number of tasks in the cluster that are in the RUNNING state. |
+| pending_tasks_count | The number of tasks in the cluster that are in the PENDING state. |
+| active_services_count | The number of services that are running on the cluster in an ACTIVE state. |
+| registered_container_instances_count | The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status. |
+| statistics | Additional information about your clusters that are separated by launch type. |
+
+## Examples
+
+### Test that an ECS Cluster does not exist
+
+ describe aws_ecs_cluster(cluster_name: 'invalid-cluster') do
+ it { should_not exist }
+ end
+
+### Test that an ECS Cluster is active
+
+ describe aws_ecs_cluster('cluster-8') do
+ its ('status') { should eq 'ACTIVE' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ecs_cluster('cluster-8') do
+ it { should exist }
+ end
+
+ describe aws_ecs_cluster('cluster-9') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `ec2:DescribeClusters` action set to allow.
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecs_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecs_clusters.md
new file mode 100644
index 0000000000..860e5df86f
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ecs_clusters.md
@@ -0,0 +1,74 @@
++++
+title = "aws_ecs_clusters resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ecs_clusters"
+ identifier = "inspec/resources/aws/aws_ecs_clusters.md aws_ecs_clusters resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ecs_clusters` InSpec audit resource to test properties of some or all AWS ECS Clusters.
+
+## Syntax
+
+An `aws_ecs_clusters` resource block returns all ECS Clusters and allows the testing of that group of Clusters.
+
+ describe aws_ecs_clusters do
+ its('cluster_names') { should include 'cluster-root' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on ECS Clusters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_clusters.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
+| cluster_arn | The Amazon Resource Name (ARN) that identifies the cluster. |
+| cluster_name | A user-generated string that you use to identify your cluster. |
+| status | The status of the cluster. |
+| running_tasks_count | The number of tasks in the cluster that are in the RUNNING state. |
+| pending_tasks_count | The number of tasks in the cluster that are in the PENDING state. |
+| active_services_count | The number of services that are running on the cluster in an ACTIVE state. |
+| registered_container_instances_count | The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status. |
+| statistics | Additional information about your clusters that are separated by launch type. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure there are no Clusters in an undesired state.
+
+ describe aws_ecs_clusters do
+ it { should exist }
+ its('statuses') { should_not include 'UNDESIRED-STATUS'}
+ its('cluster_names') { should include 'SQL-cluster' }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ecs_clusters.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_ecs_clusters.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ecs:ListClusters` & `ecs:DescribeClusters` action set to allow.
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_efs_file_system.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_efs_file_system.md
new file mode 100644
index 0000000000..bd0030454f
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_efs_file_system.md
@@ -0,0 +1,109 @@
++++
+title = "aws_efs_file_system resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_efs_file_system"
+ identifier = "inspec/resources/aws/aws_efs_file_system.md aws_efs_file_system"
+ parent = "inspec/resources/aws"
++++
+
+
+Use the `aws_efs_file_system` InSpec audit resource to test the properties of a single AWS EFS file system.
+This resource is added to InSpec AWS resource pack in version **[1.10.0](https://github.com/inspec/inspec-aws/releases/tag/v1.10.0)** and it is available with InSpec **[4.18.108](https://github.com/inspec/inspec/releases/tag/v4.18.108)** and later versions.
+
+## Syntax
+
+An `aws_efs_file_system` resource block declares the tests for a single AWS EFS file system by either file system id or creation token.
+
+ describe aws_efs_file_system(file_system_id: 'fs-12345678') do
+ it { should be_encrypted }
+ its('size_in_bytes.value') { should cmp 6144 }
+ end
+
+ describe aws_efs_file_system(creation_token: 'my-token') do
+ its('encrypted') { should cmp true }
+ its('throughput_mode') { should eq 'bursting' }
+ end
+
+The value of the `file_system_id` can be provided as a string.
+
+ describe aws_efs_file_system('fs-12345678') do
+ it { should exist }
+ end
+
+## Parameters
+
+Either the EFS file system id or creation token must be provided.
+
+### file_system_id _(required if `creation_token` not provided)_
+
+The ID of the EFS file system. This is in the format of `fs-` followed by 8 or 17 hexadecimal characters.
+This can be passed either as a string or as a `file_system_id: 'value'` key-value entry in a hash.
+
+### creation_token _(required if `file_system_id` not provided)_
+
+The creation token is automatically assigned by AWS if not provided by the user at creation.
+This is a string with minimum 1 and maximum 64-character long.
+This must be passed as a `creation_token: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ---------------- | ----------------------------------------------------------------------------------- |
+| creation_token | The value of the creation token. |
+| file_system_id | The id of the file system which is auto-assigned by the AWS. |
+| encrypted | Indicates whether the file system is encrypted or not. |
+| life_cycle_state | The lifecycle phase of the file system, e.g. 'creating'. |
+| owner_id | The AWS account that created the file system. |
+| performance_mode | The performance mode of the file system, e.g. 'maxIO'. |
+| throughput_mode | The throughput mode for a file system, e.g. 'bursting'. |
+| tags | An hash with each key-value pair corresponding to a tag associated with the entity. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/efs/latest/ug/API_FileSystemDescription.html)
+
+## Examples
+
+### Test that an EFS file system is available
+
+ describe aws_efs_file_system("fs-12345678") do
+ its("life_cycle_state") { should eq 'available' }
+ end
+
+### Test that an EFS file system is in 'maxIO' performance mode
+
+ describe aws_efs_file_system(creation_token: "My Token") do
+ its("performance_mode") { should eq "maxIO" }
+ end
+
+### Test that an EFS file system has a certain tag
+
+ describe aws_efs_file_system(creation_token: "My Token") do
+ its("tags") { should include("companyName" => "My Company") }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list
+of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_efs_file_system(file_system_id: "fs-12345678") do
+ it { should exist }
+ end
+
+### be_encrypted
+
+ describe aws_efs_file_system(creation_token: "My Token") do
+ it { should be_encrypted }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticfilesystem:DescribeFileSystems` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EFS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticfilesystem.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_efs_file_systems.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_efs_file_systems.md
new file mode 100644
index 0000000000..04178d0ab3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_efs_file_systems.md
@@ -0,0 +1,91 @@
++++
+title = "aws_efs_file_systems resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_efs_file_systems"
+ identifier = "inspec/resources/aws/aws_efs_file_systems.md aws_efs_file_systems"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_efs_file_systems` InSpec audit resource to test the properties of
+some or all AWS EFS file systems. To audit a single EFS file system, use
+`aws_efs_file_ststem` (singular).
+
+This resource is added to InSpec AWS resource pack in version **[1.10.0](https://github.com/inspec/inspec-aws/releases/tag/v1.10.0)** and it is available with InSpec **[4.18.108](https://github.com/inspec/inspec/releases/tag/v4.18.108)** and later versions.
+
+## Syntax
+
+An `aws_efs_file_systems` resource block collects a group of EFS file system descriptions and then tests that group.
+
+ describe aws_efs_file_systems
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| tags | The list of tags that the EFS file system has. |
+| names | The value of the `Name` (case sensitive) tag if it is defined. |
+| file_system_ids | The ID of the EFS file system. |
+| creation_tokens | The creation token that the EFS file system is associated. |
+| owner_ids | The owner id of the EFS file system. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+| creation_times | The creation time of the EFS file system |
+| performance_modes | The performance mode of the EFS file system, e.g. 'maxIO'. |
+| encryption_status | This indicates whether the EFS file system is encrypted or not. |
+| throughput_modes | The throughput mode of the EFS file system. |
+| kms_key_ids | The ID of an AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the encrypted EFS file system. |
+| size_in_bytes | The latest known metered size (in bytes) of data stored in the file system, in its `value` field. |
+| life_cycle_states | The life cycle phase of the EFS file system, e.g. 'deleting'. |
+
+## Examples
+
+### Ensure you have exactly 3 file systems
+
+ describe aws_efs_file_systems do
+ its("entries.count") { should cmp 3 }
+ end
+
+### Use this InSpec resource to request the IDs of all EFS file systems, then test in-depth using `aws_efs_file_system`.
+
+ aws_efs_file_systems.file_system_ids.each do |file_system_id|
+ describe aws_efs_file_system(file_system_id) do
+ its("tags") { should include("companyName" => "My Company Name") }
+ it { should be_encrypted }
+ its("throughput_mode") { should eq "bursting" }
+ its("performance_mode") { should eq "generalPurpose" }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_efs_file_systems.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_efs_file_systems.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticfilesystem:DescribeFileSystems` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EFS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticfilesystem.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_eks_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_eks_cluster.md
new file mode 100644
index 0000000000..2a93eccf6e
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_eks_cluster.md
@@ -0,0 +1,122 @@
++++
+title = "aws_eks_cluster resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_eks_cluster"
+ identifier = "inspec/resources/aws/aws_eks_cluster.md aws_eks_cluster resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_eks_cluster` InSpec audit resource to test properties of a single AWS Elastic Container Service for Kubernetes.
+
+## Syntax
+
+An `aws_eks_cluster` resource block declares the tests for a single EKS Cluster by Cluster name.
+
+ describe aws_eks_cluster('my-eks') do
+ it { should exist }
+ end
+
+ describe aws_eks_cluster(cluster_name: 'my-eks') do
+ it { should exist }
+ end
+
+## Parameters
+
+### cluster_name _(required)_
+
+This resource requires a single parameter, the EKS Cluster Name.
+This can be passed either as a string or as a `cluster_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on EKS Clusters](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html).
+
+## Properties
+
+| Property | Description |
+| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| arn | The Amazon Resource Name (ARN) of the cluster. |
+| name | The name of the cluster. |
+| endpoint | The endpoint for your Kubernetes API server. |
+| status | The current status of the cluster. |
+| version | The Kubernetes server version for the cluster. |
+| certificate_authority | The certificate-authority-data for your cluster. |
+| subnets_count | The number of subnets associated with your cluster. |
+| subnet_ids | The subnets associated with your cluster. |
+| security_groups_count | The count of security groups associated with your cluster. |
+| security_group_ids | The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane. |
+| role_arn | The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
+| vpc_id | The VPC associated with your cluster. |
+| created_at | The Unix epoch timestamp in seconds for when the cluster was created. |
+| creating | Boolean indicating whether or not the state of the cluster is CREATING. |
+| active | Boolean indicating whether or not the state of the cluster is ACTIVE. |
+| failed | Boolean indicating whether or not the state of the cluster is FAILED. |
+| deleting | Boolean indicating whether or not the state of the cluster is DELETING. |
+| tags | Cluster tags |
+
+## Examples
+
+### Test that an EKS Cluster has at least 2 subnets
+
+ describe aws_eks_cluster('my-cluster') do
+ its('subnets_count') { should be > 1 }
+ end
+
+### Ensure a Cluster has the correct status.
+
+ describe aws_eks_cluster(cluster_name: 'my-eks') do
+ its('status') { should eq 'ACTIVE' }
+ end
+
+### Ensure that the EKS Cluster is on the correct VPC
+
+ describe aws_eks_cluster('my-cluster') do
+ its('vpc_id') { should eq 'vpc-12345678' }
+ end
+
+### Ensure the EKS Cluster is using the correct IAM Role.
+
+ describe aws_eks_cluster('my-cluster') do
+ its('role_arn') { should cmp 'rn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI' }
+ end
+
+### Integrate with other resources
+
+Use a combination of InSpec AWS resources to ensure your EKS Cluster does not use the Default VPC.
+
+ # Find the default Security Group for our VPC
+ cluster_vpc = aws_eks_cluster(cluster_name: 'my-cluster').vpc_id
+ default_sg = aws_security_group(group_name: 'default', vpc_id: cluster_vpc)
+
+ # Ensure we are not using the default Security Group
+ describe aws_eks_cluster(cluster_name: 'my-cluster') do
+ its('security_group_ids') { should_not include default_security_group.group_id }
+ end
+
+## Matchers
+
+This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_eks_cluster('AnExistingCluster') do
+ it { should exist }
+ end
+
+ describe aws_eks_cluster('ANonExistentCluster') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `eks:DescribeCluster` action set to Allow.
+
+You can find detailed documentation at [Amazon EKS IAM Policies, Roles, and Permissions](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html)
+The documentation for EKS actions is at [Policy Structure](https://docs.aws.amazon.com/eks/latest/userguide/iam-policy-structure.html#UsingWithEKS_Actions)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_eks_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_eks_clusters.md
new file mode 100644
index 0000000000..1de61a6bcf
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_eks_clusters.md
@@ -0,0 +1,95 @@
++++
+title = "aws_eks_clusters resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_eks_clusters"
+ identifier = "inspec/resources/aws/aws_eks_clusters.md aws_eks_clusters resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_eks_clusters` resource to test the configuration of a collection of AWS Elastic Container Service for Kubernetes.
+
+## Syntax
+
+ describe aws_eks_clusters do
+ its('names.count') { should cmp 10 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on EKS Clusters](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html).
+
+## Properties
+
+| Property | Description |
+| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| arn | The Amazon Resource Name (ARN) of the cluster. |
+| name | The name of the cluster. |
+| endpoint | The endpoint for your Kubernetes API server. |
+| status | The current status of the cluster. |
+| version | The Kubernetes server version for the cluster. |
+| certificate_authority | The certificate-authority-data for your cluster. |
+| subnets_count | The number of subnets associated with your cluster. |
+| subnet_ids | The subnets associated with your cluster. |
+| security_groups_count | The count of security groups associated with your cluster. |
+| security_group_ids | The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane. |
+| role_arn | The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
+| vpc_id | The VPC associated with your cluster. |
+| created_at | The Unix epoch timestamp in seconds for when the cluster was created. |
+| creating | Boolean indicating whether or not the state of the cluster is CREATING. |
+| active | Boolean indicating whether or not the state of the cluster is ACTIVE. |
+| failed | Boolean indicating whether or not the state of the cluster is FAILED. |
+| deleting | Boolean indicating whether or not the state of the cluster is DELETING. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Allow at most 100 EKS Clusters on the account
+
+ describe aws_eks_clusters do
+ its('entries.count') { should be <= 100}
+ end
+
+### Ensure a specific Cluster exists, by name
+
+ describe aws_eks_clusters do
+ its('names') { should include('cluster-1') }
+ end
+
+### Ensure no Clusters are in a failed state
+
+ describe aws_eks_clusters.where( failed: true ) do
+ it { should_not exist )
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list
+of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_eks_clusters.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_eks_clusters.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `eks:DescribeCluster` action with Effect set to Allow.
+
+You can find detailed documentation at [Amazon EKS IAM Policies, Roles, and Permissions](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html)
+The documentation for EKS actions is at [Policy Structure](https://docs.aws.amazon.com/eks/latest/userguide/iam-policy-structure.html#UsingWithEKS_Actions)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_cluster.md
new file mode 100644
index 0000000000..fc25f2b1b7
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_cluster.md
@@ -0,0 +1,101 @@
++++
+title = "aws_elasticache_cluster resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_elasticache_cluster"
+ identifier = "inspec/resources/aws/aws_elasticache_cluster.md aws_elasticache_cluster"
+ parent = "inspec/resources/aws"
++++
+
+
+Use the `aws_elasticache_cluster` InSpec audit resource to test the properties of a single AWS ElastiCache cluster.
+
+## Syntax
+
+An `aws_elasticache_cluster` resource block declares the tests for a single AWS ElastiCache cluster by `cache_cluster_id`.
+
+ describe aws_elasticache_cluster(cache_cluster_id: 'my-cluster-123') do
+ it { should exist }
+ end
+
+The value of the `cache_cluster_id` can be provided as a string.
+
+ describe aws_elasticache_cluster('my-cluster-123') do
+ its('engine') { should cmp 'redis' }
+ end
+
+## Parameters
+
+The ElastiCache cluster ID must be provided.
+
+### cache_cluster_id _(required)_
+
+The ID of the ElastiCache cluster:
+
+- contains between 1 and 50 alphanumeric characters or hyphens,
+- should start with a letter,
+- cannot end with a hyphen or contain two consecutive hyphens.
+
+It can be passed either as a string or as a `cache_cluster_id: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| -------------------- | ------------------------------------------------------------------------------------------------------- |
+| cache_cluster_id | The user-supplied identifier of the cluster. This identifier is a unique key that identifies a cluster. |
+| engine | The name of the cache engine, e.g. `redis`. |
+| node_ids | The id list of all cluster nodes. |
+| ports | A hash of the node ID and port number pairs. |
+| status | The current state of the cluster, e.g. `creating`, `available`. |
+| encrypted_at_rest | Indicates whether the content is encrypted at rest or not. |
+| encrypted_at_transit | Indicates whether the content is encrypted at transit or not. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CacheCluster.html).
+
+## Examples
+
+### Test that an ElastiCache cluster is available
+
+ describe aws_elasticache_cluster("my-cluster-123") do
+ its("status") { should eq 'available' }
+ end
+
+### Test that an Elasticache cluster engine is listening on port `11211`
+
+ describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
+ its("port") { should cmp 11211 }
+ end
+
+### Test that an Elasticache cluster's engine version is `1.5.16`
+
+ describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
+ its("engine_version") { should cmp 1.5.16 }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
+ it { should exist }
+ end
+
+### be_encrypted_at_rest
+
+ describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
+ it { should be_encrypted_at_rest }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `elasticache:DescribeCacheClusters` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html),
+and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_cluster_node.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_cluster_node.md
new file mode 100644
index 0000000000..2d265cade8
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_cluster_node.md
@@ -0,0 +1,89 @@
++++
+title = "aws_elasticache_cluster_node resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_elasticache_cluster_node"
+ identifier = "inspec/resources/aws/aws_elasticache_cluster_node.md aws_elasticache_cluster_node"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_elasticache_cluster_node` InSpec audit resource to test the properties of a single AWS ElastiCache cluster node.
+
+## Syntax
+
+An `aws_elasticache_cluster_node` resource block declares the tests for a single AWS ElastiCache cluster node by `cache_cluster_id` and `node_id`.
+
+ describe aws_elasticache_cluster_node(cache_cluster_id: 'my-cluster-123', node_id: '0001') do
+ it { should exist }
+ end
+
+## Parameters
+
+The ElastiCache cluster ID and node ID must be provided.
+
+### cache_cluster_id _(required)_
+
+The ID of the ElastiCache cluster:
+
+- contains between 1 and 50 alphanumeric characters or hyphens,
+- should start with a letter,
+- cannot end with a hyphen or contain two consecutive hyphens.
+
+It can be passed either as a string or as a `cache_cluster_id: 'value'` key-value entry in a hash.
+
+### node_id _(required)_
+
+The ID of the node must be a string containing 4 digits. It can be passed as a `node_id: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ----------- | ---------------------------------------------------------------------------------------------------------------------- |
+| id | The cache node identifier, e.g. `0001`. |
+| port | The port number that the cache engine is listening on. |
+| address | The DNS hostname of the cache node. |
+| status | The current state of the cache node. One of the following values: `available`, `creating`, `rebooting`, or `deleting`. |
+| create_time | The date and time when the cache node was created. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CacheNode.html).
+
+## Examples
+
+### Test that an ElastiCache cluster node is available
+
+ describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do
+ its("status") { should eq 'available' }
+ end
+
+### Test that an Elasticache cluster engine is listening on port `11211`
+
+ describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do
+ its("port") { should cmp 11211 }
+ end
+
+### Test that an Elasticache cluster node's customer availability zone is `us-east-2b`
+
+ describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do
+ its("customer_availability_zone") { should cmp "us-east-2b" }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_elasticache_cluster_node(cache_cluster_id: "my-cluster-123", node_id: "0001") do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticache:DescribeCacheClusters` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html),
+and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_clusters.md
new file mode 100644
index 0000000000..fc28d679c2
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elasticache_clusters.md
@@ -0,0 +1,83 @@
++++
+title = "aws_elasticache_clusters resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_elasticache_clusters"
+ identifier = "inspec/resources/aws/aws_elasticache_clusters.md aws_elasticache_clusters"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_elasticache_clusters` InSpec audit resource to test the properties
+of all AWS ElastiCache clusters. To audit a single ElastiCache cluster, use `aws_elasticache_cluster` (singular).
+
+## Syntax
+
+An `aws_elasticache_clusters` resource block collects a group of ElastiCache cluster descriptions and then tests that group.
+
+ describe aws_elasticache_clusters
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| ids | The user-supplied identifier of the cluster. This identifier is a unique key that identifies a cluster. |
+| node_types | The name of the compute and memory capacity node type for the cluster, e.g. `cache.m5.large`. |
+| engines | The name of the cache engine, e.g. `redis`. |
+| status | The current state of the cluster, e.g. `creating`, `available`. |
+| zones | The name of the availability zone in which the cluster is located or "Multiple" if the cache nodes are located in different availability zones. |
+| subnet_group_names | The name of the cache subnet group. |
+| encrypted_at_rest | Indicates whether the content is encrypted at rest or not. |
+| encrypted_at_transit | Indicates whether the content is encrypted at transit or not. |
+
+## Examples
+
+### Ensure that exactly 3 ElastiCache clusters exist
+
+ describe aws_elasticache_clusters do
+ its("entries.count") { should cmp 3 }
+ end
+
+### Use this InSpec resource to request the IDs of all ElastiCache clusters, then test in-depth using `aws_elasticache_cluster` and `aws_elasticache_cluster_node`.
+
+ aws_elasticache_clusters.ids.each do |id|
+ aws_elasticache_cluster(id).node_ids.each do |node_id|
+ describe aws_elasticache_cluster_node(cache_cluster_id: id, node_id: node_id) do
+ it { should exist }
+ end
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_elasticache_clusters.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_elasticache_clusters.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticache:DescribeCacheClusters` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon ElastiCache](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonelasticache.html),
+and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elb.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elb.md
new file mode 100644
index 0000000000..d37ea00a24
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elb.md
@@ -0,0 +1,114 @@
++++
+title = "aws_elb resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_elb"
+ identifier = "inspec/resources/aws/aws_elb.md aws_elb resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_elb` InSpec audit resource to test properties of a single AWS Elastic Load Balancer (ELB).
+
+## Syntax
+
+An `aws_elb` resource block declares the tests for a single AWS ELB by ELB name. AWS ELB Names are unique per region.
+
+ describe aws_elb('my-elb') do
+ it { should exist }
+ end
+
+ describe aws_elb(load_balancer_name: 'my-elb') do
+ it { should exist }
+ end
+
+## Parameters
+
+### load_balancer_name _(required)_
+
+This resource accepts a single parameter, the ELB Name which uniquely identifies the ELB.
+This can be passed either as a string or as a `load_balancer_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference).
+
+## Properties
+
+| Property | Description |
+| ------------------ | ------------------------------------------------------------------------------------------------------- |
+| load_balancer_name | The name of the load balancer. |
+| dns_name | The DNS name of the load balancer. |
+| availability_zones | The Availability Zones for the load balancer. |
+| instance_ids | An array containing all instance ids associated with the ELB. |
+| external_ports | An array of the external ports exposed on the ELB. |
+| internal_ports | An array of the internal ports exposed on the ELB. |
+| security_group_ids | The security groups for the load balancer. Valid only for load balancers in a VPC. |
+| vpc_id | The ID of the VPC for the load balancer. |
+| subnet_ids | The IDs of the subnets for the load balancer. |
+| listeners | A collection of the listeners for the load balancer. |
+| ssl_policies | A collection of the SSL Policies configured in-use for the load balancer (and their policy attributes). |
+| protocols | A list of the protocols configured for the listeners of the load balancer. |
+
+## Examples
+
+### Test that an ELB has its availability zones configured correctly
+
+ describe aws_elb('prod_web_app_elb') do
+ its('availability_zones.count') { should be > 1 }
+ its('availability_zones') { should include 'us-east-2a' }
+ its('availability_zones') { should include 'us-east-2b' }
+ end
+
+### Ensure an ELB has the correct number of EC2 Instances associated with it
+
+ describe aws_elb('prod_web_app_elb') do
+ its('instance_ids.count') { should cmp 3 }
+ end
+
+### Ensure the correct DNS is set
+
+ describe aws_elb('prod_web_app_elb') do
+ its('dns_name') { should cmp 'your-fqdn.com' }
+ end
+
+### Ensure we only expose port 80, both to the public and internal
+
+ describe aws_elb('prod_web_app_elb') do
+ its('external_ports.count') { should cmp 1 }
+ its('external_ports') { should include 80 }
+ its('internal_ports.count') { should cmp 1 }
+ its('internal_ports') { should include 80 }
+ end
+
+### Ensure the correct EC2 Instances are associated
+
+ describe aws_elb('prod_web_app_elb') do
+ its('instance_ids') { should include 'i-12345678' }
+ end
+
+## Matchers
+
+This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_elb('AnExistingELB') do
+ it { should exist }
+ end
+
+ describe aws_elb('ANonExistentELB') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `elasticloadbalancing:DescribeLoadBalancers` action set to Allow.
+
+You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elbs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elbs.md
new file mode 100644
index 0000000000..738ac71bb4
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_elbs.md
@@ -0,0 +1,85 @@
++++
+title = "aws_elbs resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_elbs"
+ identifier = "inspec/resources/aws/aws_elbs.md aws_elbs resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_elbs` InSpec audit resource to test the configuration of a collection
+of AWS Elastic Load Balancers.
+
+## Syntax
+
+ describe aws_elbs do
+ its('load_balancer_names') { should include 'elb-name' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference).
+
+## Properties
+
+| Property | Description |
+| ------------------- | ---------------------------------------------------------------------------------- |
+| load_balancer_names | The name of the load balancer. |
+| dns_names | The DNS name of the load balancer. |
+| availability_zones | The Availability Zones for the load balancer. |
+| instance_ids | An array containing all instance ids associated with the ELB. |
+| external_ports | An array of the external ports exposed on the ELB. |
+| internal_ports | An array of the internal ports exposed on the ELB. |
+| security_group_ids | The security groups for the load balancer. Valid only for load balancers in a VPC. |
+| vpc_ids | The ID of the VPC for the load balancer. |
+| subnet_id s | The IDs of the subnets for the load balancer. |
+
+## Examples
+
+### Ensure there are no Load Balancers with an undesired zone.
+
+ describe aws_elbs do
+ it { should exist }
+ its('availability_zones') { should_not include 'us-east-1a'}
+ end
+
+### Ensure all ELBs expose only port 80
+
+ aws_elbs.each do |elb|
+ describe elb do
+ its('external_ports.count') { should cmp 1 }
+ its('external_ports') { should include 80 }
+ its('internal_ports.count') { should cmp 1 }
+ its('internal_ports') { should include 80 }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_elbs.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_elbs.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticloadbalancing:DescribeLoadBalancers` action set to Allow.
+
+You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_flow_log.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_flow_log.md
new file mode 100644
index 0000000000..e5101bc44b
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_flow_log.md
@@ -0,0 +1,122 @@
++++
+title = "aws_flow_log resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_flow_log"
+ identifier = "inspec/resources/aws/aws_flow_log.md aws_flow_log resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_flow_log` InSpec audit resource to test properties of a single Flow Log.
+
+## Syntax
+
+ describe aws_flow_log(flow_log_id: 'fl-9c718cf5') do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource requires at least one of the following parameters to be provided: `flow_log_id`, `subnet_id`, `vpc_id`.
+
+### flow_log_id _(required if no other parameters provided)_
+
+The Flow Log ID which uniquely identifies the Flow Log.
+This can be passed either as a string or as a `flow_log_id: 'value'` key-value entry in a hash.
+
+### subnet_id _(required if no other parameters provided)_
+
+The subnet associated with the Flow Log, if applicable.
+This must be passed as a `subnet_id: 'value'` key-value entry in a hash.
+
+### vpc_id _(required if no other parameters provided)_
+
+The VPC associated with the Flow Log, if applicable.
+This must be passed as a `vpc_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Flow Logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html).
+
+## Properties
+
+| Property | Description |
+| -------------- | ------------------------------------------------------------------------- |
+| flow_log_id | The ID of the Flow Log. |
+| log_group_name | The name of the associated log group. |
+| resource_id | The ID of the assosiated resource, e.g. VPC, Subnet or Network Interface. |
+
+## Examples
+
+### Search for a flow log by the associated subnet id
+
+ describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do
+ it { should exist }
+ end
+
+### Search for a flow log by the associated VPC id
+
+ describe aws_flow_log(vpc_id: 'vpc-96cabaef') do
+ it { should exist }
+ end
+
+### Ensure the correct Flow Log is associated with a Subnet
+
+ describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do
+ its('flow_log_id') { should cmp 'fl-9c718cf5' }
+ end
+
+### Ensure the Flow Log is associated with the correct resource type
+
+ describe aws_flow_log('fl-9c718cf5') do
+ its('resource_type') { should cmp 'subnet' }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_flow_log('AnExistingFlowLog') do
+ it { should exist }
+ end
+
+ describe aws_flow_log('ANonExistentFlowLog') do
+ it { should_not exist }
+ end
+
+### be_attached_to_eni
+
+Indicates that the Flow Log is attached to a ENI resource.
+
+ describe aws_flow_log('fl-9c718cf5') do
+ it { should be_attached_to_eni }
+ end
+
+### be_attached_to_subnet
+
+Indicates that the Flow Log is attached to a subnet resource.
+
+ describe aws_flow_log('fl-9c718cf5') do
+ it { should be_attached_to_subnet }
+ end
+
+### be_attached_to_vpc
+
+Indicates that the Flow Log is attached to a vpc resource.
+
+ describe aws_flow_log('fl-9c718cf5') do
+ it { should be_attached_to_vpc }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `ec2:DescribeFlowLogs` actions with Effect set to Allow.
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_hosted_zone.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_hosted_zone.md
new file mode 100644
index 0000000000..d307b620d8
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_hosted_zone.md
@@ -0,0 +1,99 @@
++++
+title = "aws_hosted_zone resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_hosted_zone"
+ identifier = "inspec/resources/aws/aws_hosted_zone.md aws_hosted_zone resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_hosted_zone` resource to test a specific hosted zone configuration.
+
+## Syntax
+
+```ruby
+describe aws_hosted_zone('zone-name') do
+ it { should exist }
+ its ('name_servers.count') { should eq 4 }
+ its ('private_zone') { should be false }
+ its ('record_names') { should include 'sid-james.carry-on.films.com' }
+end
+```
+
+## Parameters
+
+This resource takes one parameter, the name of the hosted zone to validate.
+
+## Properties
+
+| Property | Description |
+| ------------ | ------------------------------------------------------------------------------------------------ |
+| name | The name of the hosted zone. |
+| id | It's id. |
+| name_servers | List of the associated name servers |
+| private_zone | If the hosted zone if private or public |
+| record_count | Number of associated records |
+| records | The associated records, flattens the list, so each rule will have multiple records for each type |
+
+## Examples
+
+### Ensure a specific hosted zone exists
+
+```ruby
+describe aws_hosted_zone('zone-name') do
+ it { should exist }
+end
+```
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list
+of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe passes all tests.
+
+Use `exist` to validate the hosted zone exists
+
+```ruby
+describe aws_hosted_zone('zone-name') do
+ it { should exist }
+end
+```
+
+Use `should_not` to test the entity should not exist.
+
+```ruby
+describe aws_hosted_zone('zone-name') do
+ it { should_not exist }
+end
+```
+
+### should
+
+The control will pass if the describe passes all tests.
+
+Use `should` to validate the hosted zone if public or private, the number of name
+servers is correct or that a specific record exists e.g.
+
+```ruby
+describe aws_hosted_zone('zone-name') do
+ it { should exist }
+ its ('name_servers.count') { should eq 4 }
+ its ('private_zone') { should be false }
+ its ('record_names') { should include 'sid-james.carry-on.films.com' }
+end
+```
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)
+will need the `route53:ListHostedZones` action with Effect set to Allow.
+
+You can find detailed documentation at
+[Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_hosted_zones.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_hosted_zones.md
new file mode 100644
index 0000000000..51a587ba13
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_hosted_zones.md
@@ -0,0 +1,66 @@
++++
+title = "aws_hosted_zones resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_hosted_zones"
+ identifier = "inspec/resources/aws/aws_hosted_zones.md aws_hosted_zones resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_hosted_zones` resource to test the hosted zones configuration.
+
+## Syntax
+
+```ruby
+describe aws_hosted_zones do
+ its('names') { should include ("carry-on.films.com") }
+end
+```
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| -------- | ---------------------------- |
+| name | The name of the hosted zone. |
+| id | It's id. |
+
+## Examples
+
+### Ensure a specific hosted zone exists
+
+```ruby
+describe aws_hosted_zones do
+ its('names') { should include ("carry-on.films.com") }
+end
+```
+
+## Matchers
+
+This InSpec audit resource uses the following special matcher. For a full list
+of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### should
+
+The control will pass if the describe passes all tests.
+
+Use `should` to validate if a specific hosted zone exists
+
+```ruby
+describe aws_hosted_zones do
+ its('names') { should include ("carry-on.films.com") }
+end
+```
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `route53:ListHostedZones` action with Effect set to Allow.
+
+You can find detailed documentation at [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_access_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_access_key.md
new file mode 100644
index 0000000000..137e15330a
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_access_key.md
@@ -0,0 +1,90 @@
++++
+title = "aws_iam_access_key resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_access_key"
+ identifier = "inspec/resources/aws/aws_iam_access_key.md aws_iam_access_key resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_access_key` InSpec audit resource to test properties of a single AWS IAM Access Key.
+
+## Syntax
+
+An `aws_iam_access_key` resource allows the testing of a single AWS IAM Access Key.
+
+ describe aws_iam_access_key(access_key_id: 'AKIA1111111111111111') do
+ it { should exist }
+ end
+
+## Parameters
+
+This resources requires either an `access_key_id` or the IAM `username` associated with the Access Key.
+
+### access_key_id _(required if `username` not provided.)_
+
+The Access Key ID which uniquely identifies the Key. Begins with the characters "AKIA".
+This can be passed either as a string or as a `access_key_id: 'value'` key-value entry in a hash.
+
+### username _(required if `access_key_id` not provided.)_
+
+The IAM Username which is associated with the Access Key.
+This can be passed either as a string or as a `username: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on IAM Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).
+
+## Properties
+
+| Property | Description |
+| ------------- | --------------------------------------------------------- |
+| access_key_id | The ID of the Access Key. |
+| username | The IAM Username which is associated with the Access Key. |
+| status | The status of the Access Key, e.g. "Active". |
+| create_date | The creation date of the Access Key. |
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that an IAM Access Key has been used in the last 90 days
+
+ describe aws_iam_access_key(access_key_id: 'AKIA1111111111111111') do
+ it { should exist }
+ its('last_used_date') { should be > Time.now - 90 * 86400 }
+ end
+
+### Test that an IAM Access Key for a specific user exists
+
+ describe aws_iam_access_key(username: 'psmith', id: 'AKIA1111111111111111') do
+ it { should exist }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+### active
+
+The `active` matcher tests if the described IAM Access Key has a status of Active.
+
+ it { should be_active }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow:
+`iam:ListAccessKeys`
+`iam:GetAccessKeyLastUsed`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_access_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_access_keys.md
new file mode 100644
index 0000000000..06bc1ff9af
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_access_keys.md
@@ -0,0 +1,91 @@
++++
+title = "aws_iam_access_keys resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_access_keys"
+ identifier = "inspec/resources/aws/aws_iam_access_keys.md aws_iam_access_keys resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all AWS IAM Access Keys.
+
+## Syntax
+
+An `aws_iam_access_keys` resource block returns all IAM Access Keys and allows the testing of that group of Access Keys.
+
+ describe aws_iam_access_keys do
+ it { should exist }
+ its('access_key_ids') { should include 'AKIA1111111111111111' }
+ end
+
+## Parameters
+
+This resources accepts a single optional parameter, a Username for which to retrieve all Access Keys.
+If not provided, all Access Keys for all Users will be retrieved.
+
+### username _(optional)_
+
+The IAM Username for which to retrieve the Access Keys.
+This can be passed either as a string or as a `username: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on IAM Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).
+
+## Properties
+
+| Property | Description |
+| ------------------- | -------------------------------------------------------------------------------------------- |
+| access_key_id | The ID of the Access Key. |
+| username | The IAM Username which is associated with the Access Key. |
+| active | Indicates if the status of the Key is Active. |
+| inactive | Indicates if the status of the Key is Inactive. |
+| ever_used | Indicates if the Key has ever been used. |
+| never_used | Indicates if the Key has never been used. |
+| create_date | The creation date of the Access Key. |
+| created_days_ago | How many days ago the Access Key was created. |
+| created_hours_ago | How many hours ago the Access Key was created. |
+| created_with_user | Boolean indicating if the Access Key was created with a User. |
+| last_used_date | The date the Access Key was last used. |
+| last_used_hours_ago | How many hours ago the Key was last used. |
+| last_used_days_ago | How many days ago the Key was last used. |
+| user_created_date | The date on which the associated User was created. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Test all Active keys
+
+ describe aws_iam_access_keys.where(active: true) do
+ its('access_key_ids') { should include 'AKIA1111111111111111' }
+ end
+
+### Ensure a User has no Access Keys
+
+ describe aws_iam_access_keys.where(username: 'untrusted-account') do
+ it { should_not exist }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow:
+`iam:GetUser`
+`iam:GetAccessKeyLastUsed`
+`iam:ListUsers`
+`iam:ListAccessKeys`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_account_alias.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_account_alias.md
new file mode 100644
index 0000000000..66532dc65f
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_account_alias.md
@@ -0,0 +1,65 @@
++++
+title = "aws_iam_account_alias resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_account_alias"
+ identifier = "inspec/resources/aws/aws_iam_account_alias.md aws_iam_account_alias resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_account_alias` InSpec audit resource to test properties of the AWS IAM account alias.
+
+## Syntax
+
+An `aws_iam_account_alias` resource block may be used to perform tests on details of the AWS account alias.
+
+ describe aws_iam_account_alias do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Account Aliases](https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html).
+
+## Properties
+
+| Property | Description |
+| -------- | ------------------------------------------- |
+| alias | String containing the Alias of the account. |
+
+## Examples
+
+### Check that the account alias has not be set
+
+ describe aws_iam_account_alias do
+ it { should_not exist }
+ end
+
+### Test if the account alias starts with expected prefix
+
+ describe aws_iam_account_alias do
+ it { should exist }
+ its('alias') { should match /^chef-/ }
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_iam_account_alias do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListAccountAliases` action with Effect set to Allow.
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_group.md
new file mode 100644
index 0000000000..66310cfdee
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_group.md
@@ -0,0 +1,75 @@
++++
+title = "aws_iam_group resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_group"
+ identifier = "inspec/resources/aws/aws_iam_group.md aws_iam_group resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
+
+## Syntax
+
+An `aws_iam_group` resource block identifies a group by group name.
+
+ describe aws_iam_group('mygroup') do
+ it { should exist }
+ end
+
+ # Hash syntax for group name
+ describe aws_iam_group(group_name: 'mygroup') do
+ it { should exist }
+ end
+
+## Parameters
+
+### group_name _(required)_
+
+This resource accepts a single parameter, the Group Name which uniquely identifies the IAM Group.
+This can be passed either as a string or as a `group_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on IAM Groups](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html).
+
+## Properties
+
+| Property | Description |
+| ---------- | ----------------------------------------- |
+| group_name | The group name. |
+| group_id | The group ID. |
+| arn | The Amazon Resource Name of the group. |
+| users | Array of users associated with the group. |
+
+## Examples
+
+### Ensure group contains a certain user
+
+ describe aws_iam_group('admin-group') do
+ its('users') { should include 'deployment-service-account')}
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_iam_group('AnExistingGroup') do
+ it { should exist }
+ end
+
+ describe aws_iam_group('ANonExistentGroup') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetGroup` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_groups.md
new file mode 100644
index 0000000000..9fa7ddc292
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_groups.md
@@ -0,0 +1,68 @@
++++
+title = "aws_iam_groups resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_groups"
+ identifier = "inspec/resources/aws/aws_iam_groups.md aws_iam_groups resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_groups` InSpec audit resource to test properties of a collection of IAM groups.
+
+## Syntax
+
+An `aws_iam_groups` resource block identifies a group by group name.
+
+ describe aws_iam_groups('mygroup') do
+ it { should exist }
+ end
+
+ # Hash syntax for group name
+ describe aws_iam_groups(group_name: 'mygroup') do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on IAM Groups](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html).
+
+## Properties
+
+| Property | Description |
+| ----------- | -------------------------------------------------------------------------------------------- |
+| group_names | The group name. |
+| group_ids | The group ID. |
+| arns | The Amazon Resource Name of the group. |
+| users | Array of users associated with the group. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure group contains a certain user
+
+ describe aws_iam_groups do
+ it { should exist }
+ its('group_names') { should include 'prod-access-group' }
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if a group with the given group name exists.
+
+ describe aws_iam_groups do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListGroup` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_inline_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_inline_policy.md
new file mode 100644
index 0000000000..3baa1b4a26
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_inline_policy.md
@@ -0,0 +1,164 @@
++++
+title = "aws_iam_inline_policy resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_inline_policy"
+ identifier = "inspec/resources/aws/aws_iam_inline_policy.md aws_iam_inline_policy resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_inline_policy` InSpec audit resource to test properties of a single inline AWS IAM Policy embedded with IAM User, IAM Group or IAM Role. For managed policies, use the `aws_iam_policy` resource.
+
+## Syntax
+
+An `aws_iam_inline_policy` resource block identifies an inline policy by policy name and user/group/role by name
+
+ # Find an inline policy by name and role name
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ it { should exist }
+ end
+
+ # Find an inline policy by name and group name
+ describe aws_iam_inline_policy(group_name: 'group-x', policy_name: 'policy-1') do
+ it { should exist }
+ end
+
+ # Find an inline policy by name and user name
+ describe aws_iam_inline_policy(user_name: 'user-a', policy_name: 'policy-1') do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource requires `policy_name` and one of the `role_name`, `group_name` or `user_name` to be provided.
+
+See AWS Documentation on inline policies for more details
+
+- [get-role-policy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-role-policy.html)
+- [get-group-policy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-group-policy.html)
+- [get-user-policy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-user-policy.html)
+
+## Properties
+
+| Property | Description |
+| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| policy | Returns the default version of the policy document after decoding as a Ruby hash. This hash contains the policy statements and is useful for performing checks that cannot be expressed using higher-level matchers like `have_statement`. |
+| statement_count | Returns the number of statements present in the `policy`. |
+
+## Examples
+
+### Test that a policy does exist
+
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ it { should exist }
+ end
+
+### Examine the policy statements
+
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ # Verify that there is at least one statement allowing access to S3
+ it { should have_statement(Action: 's3:PutObject', Effect: 'allow') }
+
+ # have_statement does not expand wildcards. If you want to verify
+ # they are absent, an explicit check is required.
+ it { should_not have_statement(Action: 's3:*') }
+
+ # You can also check NotAction
+ it { should_not have_statement(NotAction: 'iam:*') }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+### have_statement
+
+Examines the list of statements contained in the policy and passes if at least
+one of the statements matches. This matcher does _not_ interpret the policy in a
+request authorization context, as AWS does when a request processed. Rather,
+`have_statement` examines the literal contents of the IAM policy, and reports on
+what is present (or absent, when used with `should_not`).
+
+`have_statement` accepts the following criteria to search for matching statements.
+If any statement matches all the criteria, the test is successful. All criteria
+may be used as Titlecase (as in the AWS examples) or lowercase, string or symbol.
+
+- `Action` - Expresses the requested operation. Acceptable literal values are any AWS operation name, including the '\*' wildcard character. `Action` may also use a list of AWS operation names.
+- `Effect` - Expresses if the operation is permitted. Acceptable values are 'Deny' and 'Allow'.
+- `Sid` - A user-provided string identifier for the statement.
+- `Resource` - Expresses the operation's target. Acceptable values are ARNs, including the '\*' wildcard. `Resource` may also use a list of ARN values.
+
+Please note the following about the behavior of `have_statement`:
+
+- `Action`, `Sid`, and `Resource` allow using a regular expression as the search critera instead of a string literal.
+- it does not support wildcard expansion; to check for a wildcard value, check for it explicitly. For example, if the policy includes a statement with `"Action": "s3:*"` and the test checks for `Action: "s3:PutObject"`, the test _will not match_. You must write an additional test checking for the wildcard case.
+- it supports searching list values. For example, if a statement contains a list of 3 resources, and a `have_statement` test specifes _one_ of those resources, it will match.
+- `Action` and `Resource` allow using a list of string literals or regular expressions in a test, in which case _all_ must match on the _same_ statement for the test to match. Order is ignored.
+- it does not support the `[Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)` or `Conditional` key, or any of `NotAction`, `Not[Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)`, or `NotResource`.
+
+Examples:
+
+ # Verify there is no full-admin statement
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')}
+ end
+
+ # Symbols and lowercase also allowed as criteria
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ # All 4 the same
+ it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')}
+ it { should_not have_statement('effect' => 'Allow', 'resource' => '*', 'action' => '*')}
+ it { should_not have_statement(Effect: 'Allow', Resource: '*', Action: '*')}
+ it { should_not have_statement(effect: 'Allow', resource: '*', action: '*')}
+ end
+
+ # Verify bob is allowed to manage things on S3 buckets that start with bobs-stuff
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ it { should have_statement(Effect: 'Allow',
+ # Using the AWS wildcard - this must match exactly
+ Resource: 'arn:aws:s3:::bobs-stuff*',
+ # Specify a list of actions - all must match, no others, order isn't important
+ Action: ['s3:PutObject', 's3:GetObject', 's3:DeleteObject'])}
+
+ # Bob would make new buckets constantly if we let him.
+ it { should_not have_statement(Effect: 'Allow', Action: 's3:CreateBucket')}
+ it { should_not have_statement(Effect: 'Allow', Action: 's3:*')}
+ it { should_not have_statement(Effect: 'Allow', Action: '*')}
+
+ # An alternative to checking for wildcards is to specify the
+ # statements you expect, then restrict statement count
+ its('statement_count') { should cmp 1 }
+ end
+
+ # Use regular expressions to examine the policy
+ describe aws_iam_inline_policy(role_name: 'role-x', policy_name: 'policy-1') do
+ # Check to see if anything mentions RDS at all.
+ # This catches `rds:CreateDBinstance` and `rds:*`, but would not catch '*'.
+ it { should_not have_statement(Action: /^rds:.+$/)}
+
+ # This policy should refer to both sally and kim's s3 buckets.
+ # This will only match if there is a statement that refers to both resources.
+ it { should have_statement(Resource: [/arn:aws:s3.+:sally/, /arn:aws:s3.+:kim/]) }
+ # The following also matches on a statement mentioning only one of them
+ it { should have_statement(Resource: /arn:aws:s3.+:(sally|kim)/) }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetUserPolicy`, `iam:GetRolePolicy`, and `iam:GetGroupPolicy` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_password_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_password_policy.md
new file mode 100644
index 0000000000..9d227225e3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_password_policy.md
@@ -0,0 +1,95 @@
++++
+title = "aws_iam_password_policy resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_password_policy"
+ identifier = "inspec/resources/aws/aws_iam_password_policy.md aws_iam_password_policy resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_password_policy` InSpec audit resource to test properties of an AWS IAM Password Policy.
+
+## Syntax
+
+An `aws_iam_password_policy` resource block declares the tests for an AWS IAM Password Policy.
+
+ describe aws_iam_password_policy do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------------- | -------------------------------------------------------------------------- |
+| minimum_password_length | The minimum character count of the password policy. |
+| max_password_age_in_days | Integer representing in days how long a password may last before expiring. |
+| number_of_passwords_to_remember | Number of previous passwords to remember. |
+
+## Examples
+
+### Test that a Password Policy meets your company's requirements.
+
+ describe aws_iam_password_policy do
+ it { should require_uppercase_characters }
+ it { should require_lowercase_characters }
+ it { should require_numbers }
+ its('minimum_password_length') { should be > 8 }
+ end
+
+### Test that users can change their own passwords
+
+ describe aws_iam_password_policy do
+ it { should allow_users_to_change_password }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ it { should exist }
+
+### prevent_password_reuse
+
+ it { should prevent_password_reuse }
+
+### expire_passwords
+
+ it { should expire_passwords }
+
+### require_numbers
+
+ it { should require_numbers }
+
+### require_symbols
+
+ it { should require_symbols }
+
+### require_lowercase_characters
+
+ it { should require_lowercase_characters }
+
+### require_uppercase_characters
+
+ it { should require_uppercase_characters}
+
+### allow_users_to_change_passwords
+
+ it { should allow_users_to_change_password }
+
+All matchers can use the inverse `should_not` predicate.
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow: `iam:GetAccountPasswordPolicy`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_policies.md
new file mode 100644
index 0000000000..c34d46b9d3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_policies.md
@@ -0,0 +1,88 @@
++++
+title = "aws_iam_policies resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_policies"
+ identifier = "inspec/resources/aws/aws_iam_policies.md aws_iam_policies resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_policies` InSpec audit resource to test properties of a collection of AWS IAM Policies.
+
+## Syntax
+
+`aws_iam_policies` Resource returns a collection of IAM Policies and allows testing of that collection.
+
+ describe aws_iam_policies do
+ its('policy_names') { should include('test-policy-1') }
+ end
+
+## Parameters
+
+### only_attached _(optional)_
+
+This resource allows filtering by only_attached.
+When `OnlyAttached` is `true`, the returned list contains only the policies that are attached to an IAM user, group, or role. When `OnlyAttached` is `false`, or when the parameter is not included, all policies are returned.
+
+### scope _(optional)_
+
+This resource allows filtering by scope.
+To list only AWS managed policies, set `Scope` to `AWS`. To list only the customer managed policies in your AWS account, set `Scope` to `Local`. If scope is not supplied `ALL` policies are returned.
+
+See also the [AWS documentation on IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html).
+
+## Properties
+
+| Property | Description |
+| ------------------- | -------------------------------------------------------------------------------------------- |
+| arns | The ARN identifier of the specified policy. |
+| policy_ids | The policy ids. |
+| policy_names | The policy names. |
+| attachment_counts | The count of attached entities for each policy. |
+| attached_groups | The list of group names of the groups attached to each policy. |
+| attached_roles | The list of role names of the roles attached to each policy. |
+| attached_users | The list of usernames of the users attached to each policy. |
+| default_version_ids | The 'default_version_id' value of each policy. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure a policy exists
+
+ describe aws_iam_policies do
+ its('policy_names') { should include('test-policy-1') }
+ end
+
+### Allow at most 100 IAM Policies on the account
+
+ describe aws_iam_policies do
+ its('entries.count') { should be <= 100}
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_iam_policies.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_iam_policies.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListPolicies` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_policy.md
new file mode 100644
index 0000000000..82b42188ec
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_policy.md
@@ -0,0 +1,203 @@
++++
+title = "aws_iam_policy resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_policy"
+ identifier = "inspec/resources/aws/aws_iam_policy.md aws_iam_policy resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_policy` InSpec audit resource to test properties of a single managed AWS IAM Policy.
+
+## Syntax
+
+An `aws_iam_policy` resource block identifies a policy by policy name or arn
+
+ # Find a policy by name
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should exist }
+ end
+
+ # Hash syntax for policy name
+ describe aws_iam_policy(policy_name: 'AWSSupportAccess') do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource requires either the `policy_name` or the `policy_arn` to be provided.
+
+### policy_name _(required if `policy_arn` not provided)_
+
+The Policy Name which uniquely identifies the Policy.
+This must be passed as a `policy_name: 'value'` key-value entry in a hash.
+
+### policy_arn _(required if `policy_name` not provided)_
+
+The Policy ARN which uniquely identifies the Policy.
+This must be passed as a `policy_arn: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html).
+
+## Properties
+
+| Property | Description |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| arn | The ARN identifier of the specified policy. |
+| attachment_count | The count of attached entities for the specified policy. |
+| attached_groups | The list of group names of the groups attached to the policy. |
+| attached_roles | The list of role names of the roles attached to the policy. |
+| attached_users | The list of usernames of the users attached to the policy. |
+| default_version_id | The 'default_version_id' value of the specified policy. |
+| policy | Returns the default version of the policy document after decoding as a Ruby hash. This hash contains the policy statements and is useful for performing checks that cannot be expressed using higher-level matchers like `have_statement`. |
+| statement_count | Returns the number of statements present in the `policy`. |
+
+## Examples
+
+### Test that a policy does exist
+
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should exist }
+ end
+
+### Test that a policy is attached to at least one entity
+
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should be_attached }
+ end
+
+### Examine the policy statements
+
+ describe aws_iam_policy('my-policy') do
+ # Verify that there is at least one statement allowing access to S3
+ it { should have_statement(Action: 's3:PutObject', Effect: 'allow') }
+
+ # have_statement does not expand wildcards. If you want to verify
+ # they are absent, an explicit check is required.
+ it { should_not have_statement(Action: 's3:*') }
+
+ # You can also check NotAction
+ it { should_not have_statement(NotAction: 'iam:*') }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+### be_attached
+
+The test will pass if the identified policy is attached to at least one IAM user, group, or role.
+
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should be_attached }
+ end
+
+### be_attached_to_group(GROUPNAME)
+
+The test will pass if the identified policy attached the specified group.
+
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should be_attached_to_group(GROUPNAME) }
+ end
+
+### be_attached_to_user(USERNAME)
+
+The test will pass if the identified policy attached the specified user.
+
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should be_attached_to_user(USERNAME) }
+ end
+
+### be_attached_to_role(ROLENAME)
+
+The test will pass if the identified policy attached the specified role.
+
+ describe aws_iam_policy('AWSSupportAccess') do
+ it { should be_attached_to_role(ROLENAME) }
+ end
+
+### have_statement
+
+Examines the list of statements contained in the policy and passes if at least one of the statements matches. This matcher does _not_ interpret the policy in a request authorization context, as AWS does when a request processed. Rather, `have_statement` examines the literal contents of the IAM policy, and reports on what is present (or absent, when used with `should_not`).
+
+`have_statement` accepts the following criteria to search for matching statements. If any statement matches all the criteria, the test is successful. All criteria may be used as Titlecase (as in the AWS examples) or lowercase, string or symbol.
+
+- `Action` - Expresses the requested operation. Acceptable literal values are any AWS operation name, including the '\*' wildcard character. `Action` may also use a list of AWS operation names.
+- `Effect` - Expresses if the operation is permitted. Acceptable values are 'Deny' and 'Allow'.
+- `Sid` - A user-provided string identifier for the statement.
+- `Resource` - Expresses the operation's target. Acceptable values are ARNs, including the '\*' wildcard. `Resource` may also use a list of ARN values.
+
+Please note the following about the behavior of `have_statement`:
+
+- `Action`, `Sid`, and `Resource` allow using a regular expression as the search critera instead of a string literal.
+- It does not support wildcard expansion; to check for a wildcard value, check for it explicitly. For example, if the policy includes a statement with `"Action": "s3:*"` and the test checks for `Action: "s3:PutObject"`, the test _will not match_. You must write an additional test checking for the wildcard case.
+- It supports searching list values. For example, if a statement contains a list of 3 resources, and a `have_statement` test specifes _one_ of those resources, it will match.
+- `Action` and `Resource` allow using a list of string literals or regular expressions in a test, in which case _all_ must match on the _same_ statement for the test to match. Order is ignored.
+- It does not support the [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html), [NotPrincipal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html) or [Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).
+
+Examples:
+
+ # Verify there is no full-admin statement
+ describe aws_iam_policy('kryptonite') do
+ it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')}
+ end
+
+ # Symbols and lowercase also allowed as criteria
+ describe aws_iam_policy('kryptonite') do
+ # All 4 the same
+ it { should_not have_statement('Effect' => 'Allow', 'Resource' => '*', 'Action' => '*')}
+ it { should_not have_statement('effect' => 'Allow', 'resource' => '*', 'action' => '*')}
+ it { should_not have_statement(Effect: 'Allow', Resource: '*', Action: '*')}
+ it { should_not have_statement(effect: 'Allow', resource: '*', action: '*')}
+ end
+
+ # Verify bob is allowed to manage things on S3 buckets that start with bobs-stuff
+ describe aws_iam_policy('bob-is-a-packrat') do
+ it { should have_statement(Effect: 'Allow',
+ # Using the AWS wildcard - this must match exactly
+ Resource: 'arn:aws:s3:::bobs-stuff*',
+ # Specify a list of actions - all must match, no others, order isn't important
+ Action: ['s3:PutObject', 's3:GetObject', 's3:DeleteObject'])}
+
+ # Bob would make new buckets constantly if we let him.
+ it { should_not have_statement(Effect: 'Allow', Action: 's3:CreateBucket')}
+ it { should_not have_statement(Effect: 'Allow', Action: 's3:*')}
+ it { should_not have_statement(Effect: 'Allow', Action: '*')}
+
+ # An alternative to checking for wildcards is to specify the
+ # statements you expect, then restrict statement count
+ its('statement_count') { should cmp 1 }
+ end
+
+ # Use regular expressions to examine the policy
+ describe aws_iam_policy('regex-demo') do
+ # Check to see if anything mentions RDS at all.
+ # This catches `rds:CreateDBinstance` and `rds:*`, but would not catch '*'.
+ it { should_not have_statement(Action: /^rds:.+$/)}
+
+ # This policy should refer to both sally and kim's s3 buckets.
+ # This will only match if there is a statement that refers to both resources.
+ it { should have_statement(Resource: [/arn:aws:s3.+:sally/, /arn:aws:s3.+:kim/]) }
+ # The following also matches on a statement mentioning only one of them
+ it { should have_statement(Resource: /arn:aws:s3.+:(sally|kim)/) }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetPolicy`, `iam:ListPolicy`, and `iam:ListEntitiesForPolicy` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_role.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_role.md
new file mode 100644
index 0000000000..83754156e2
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_role.md
@@ -0,0 +1,81 @@
++++
+title = "aws_iam_role resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_role"
+ identifier = "inspec/resources/aws/aws_iam_role.md aws_iam_role resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_role` InSpec audit resource to test properties of an AWS IAM Role.
+
+## Syntax
+
+An `aws_iam_role` resource block declares the tests for a single AWS IAM Role by Role Name.
+
+ describe aws_iam_role(role_name: 'my-role') do
+ it { should exist }
+ end
+
+## Parameters
+
+### role_name _(required)_
+
+This resource accepts a single parameter, the Role Name which uniquely identifies the Role.
+This can be passed either as a string or as a `role_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
+
+## Properties
+
+| Property | Description |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| path | The path to the role. |
+| role_name | The name of the role. |
+| role_id | The id of the role. |
+| arn | The Amazon Resource Name (ARN) specifying the role. |
+| create_date | The date and time, in ISO 8601 date-time format , when the role was created. |
+| assume_role_policy_document | The policy that grants an entity permission to assume the role. |
+| description | The description of the role. |
+| max_session_duration | The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. |
+| permissions_boundary_type | The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy . |
+| permissions_boundary_arn | The ARN of the policy used to set the permissions boundary for the user or role. |
+| inline_policies | A list of inline policy names associated with the described role. |
+| attached_policies_name | A list of attached policy names associated with the described role. |
+| attached_policies_arn | A list of attached policy ARNs associated with the described role. |
+
+## Examples
+
+### Test that an IAM Role exists
+
+ describe aws_iam_role(role_name: aws_iam_role_name) do
+ it { should exist }
+ its('role_name') { should eq aws_iam_role_name }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_iam_role('AnExistingRole') do
+ it { should exist }
+ end
+
+ describe aws_iam_role('ANonExistentRole') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow:
+`iam:GetRole`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_roles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_roles.md
new file mode 100644
index 0000000000..470a8c60cd
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_roles.md
@@ -0,0 +1,77 @@
++++
+title = "aws_iam_roles resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_roles"
+ identifier = "inspec/resources/aws/aws_iam_roles.md aws_iam_roles resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_roles` InSpec audit resource to test properties of a collection of AWS IAM Roles.
+
+## Syntax
+
+An `aws_iam_roles` resource block returns all IAM Roles and allows the testing of that group of Roles.
+
+ describe aws_iam_roles do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
+
+## Properties
+
+| Property | Description |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| paths | The path to the role. |
+| role_names | The name of the role. |
+| role_ids | The id of the role. |
+| arns | The Amazon Resource Name (ARN) specifying the role. |
+| create_date | The date and time, in ISO 8601 date-time format , when the role was created. |
+| assume_role_policy_document | The policy that grants an entity permission to assume the role. |
+| description | The description of the role. |
+| max_session_duration | The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. |
+| permissions_boundary_type | The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy . |
+| permissions_boundary_arn | The ARN of the policy used to set the permissions boundary for the user or role. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure the Role 'RDS-RW' exists.
+
+ describe aws_iam_roles do
+ its('role_names') { should include 'RDS-RW' }
+ end
+
+### Ensure no Roles have `max_session_duration` greater or equal to 2hrs.
+
+ describe aws_iam_roles.where{ max_session_duration >= (60*120) } do
+ it { should_not exist }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The `exists` matcher tests if the filtered IAM User(s) exists.
+
+ describe aws_iam_roles.where( : ) do
+ it { should exist }
+ end
+
+You may also use `it { should_not exist }`.
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow:
+`iam:ListRoles`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_root_user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_root_user.md
new file mode 100644
index 0000000000..6b3675d3a7
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_root_user.md
@@ -0,0 +1,91 @@
++++
+title = "aws_iam_root_user resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_root_user"
+ identifier = "inspec/resources/aws/aws_iam_root_user.md aws_iam_root_user resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_root_user` InSpec audit resource to test properties of an AWS IAM Root User.
+
+## Syntax
+
+An `aws_iam_root_user` resource block declares the tests for a single AWS IAM Root User by user name.
+
+ describe aws_iam_root_user do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Root Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html).
+
+## Properties
+
+| Property | Description |
+| --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| summary_account | A hash containing a summary of the Root User's account. Properties within this hash can be accessed and tested against. Please see the [API Documentation](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html) for details on the available properties. |
+| virtual_devices | A list of the virtual MFA devices in the AWS account. |
+
+## Examples
+
+### Test that an IAM Root User has MFA enabled
+
+ describe aws_iam_root_user do
+ it { should have_mfa_enabled }
+ end
+
+### Test that an IAM Root User does not have an access key
+
+ describe aws_iam_root_user do
+ it { should_not have_access_key }
+ end
+
+### Test the IAM Root User has virtual MFA enabled
+
+ describe aws_iam_root_user do
+ it { should have_virtual_mfa_enabled }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_iam_root_user do
+ it { should exist }
+ end
+
+### have_mfa_enabled
+
+ it { should have_mfa_enabled }
+
+### have_virtual_mfa_enabled
+
+ it { should have_virtual_mfa_enabled }
+
+### have_access_key
+
+ it { should have_access_key }
+
+### have_hardware_mfa_enabled
+
+ it { should have_hardware_mfa_enabled }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow:
+`iam:GetAccountSummary`
+`iam:ListVirtualMFADevices`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_saml_provider.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_saml_provider.md
new file mode 100644
index 0000000000..92b2171e77
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_saml_provider.md
@@ -0,0 +1,68 @@
++++
+title = "aws_iam_saml_provider resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_saml_provider"
+ identifier = "inspec/resources/aws/aws_iam_saml_provider.md aws_iam_saml_provider resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_saml_provider` InSpec audit resource to test properties of an AWS IAM SAML Provider.
+
+## Syntax
+
+An `aws_iam_saml_provider` resource block declares the tests for a single AWS IAM SAML Provider by Provider ARN.
+
+ describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do
+ it { should exist }
+ end
+
+## Parameters
+
+### saml_provider_arn _(required)_
+
+This resource accepts a single parameter, the ARN of the SAML Provider.
+This can be passed either as a string or as a `saml_provider_arn: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ---------------------- | ---------------------------------------------------------------------------- |
+| provider | The provider. |
+| arn | The arn of the provider. |
+| saml_metadata_document | Metadata document associated with the saml provider. |
+| valid_until | The expiration date and time for the SAML provider. |
+| create_date | The date and time, in ISO 8601 date-time format , when the role was created. |
+
+## Examples
+
+#### Ensure we have at least one provider currently valid
+
+ describe aws_iam_saml_provider("arn:aws:iam::123456789012:saml-provider/FANCY") do
+ it { should exist }
+ its("arn") { should match("arn:aws:iam::.*:saml-provider\/FANCY") }
+ its("valid_until") { should be > Time.now + 90 * 86400 }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exists
+
+The `exists` matcher tests if the filtered IAM SAML Provider(s) exists.
+
+ describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do
+ it { should exist }
+ end
+
+You may also use `it { should_not exist }`.
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow:
+`iam:GetSamlProvider`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_saml_providers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_saml_providers.md
new file mode 100644
index 0000000000..77499634c3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_saml_providers.md
@@ -0,0 +1,83 @@
++++
+title = "aws_iam_saml_providers resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_saml_providers"
+ identifier = "inspec/resources/aws/aws_iam_saml_providers.md aws_iam_saml_providers resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_saml_providers` InSpec audit resource to test properties of some or all AWS IAM SAML Providers.
+
+## Syntax
+
+An `aws_iam_saml_providers` resource block returns all IAM SAML Providers and allows the testing of that group of Providers.
+
+ describe aws_iam_saml_providers do
+ it { should exist }
+ end
+
+## Parameters
+
+### saml_provider_arn _(required)_
+
+This resource accepts a single parameter, the ARN of the SAML Provider.
+This can be passed either as a string or as a `saml_provider_arn: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ------------- | -------------------------------------------------------------------------------------------- |
+| provider_arns | The ARNs of the returned providers. |
+| valid_untils | The expiration date and time for the SAML provider. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure we have at least one provider currently valid
+
+ describe.one do
+ aws_iam_saml_providers.provider_arns.each do |provider_arn|
+ describe aws_iam_saml_provider(provider_arn) do
+ it { should exist }
+ its('arn') { should match("arn:aws:iam::.*:saml-provider\/FANCY") }
+ its('valid_until') { should be > Time.now + 90 * 86400 }
+ end
+ end
+ end
+
+### Ensure we have one and only one SAML provider
+
+ describe aws_iam_saml_providers do
+ its('entries.count') { should cmp 1 }
+ end
+
+### Ensure we have at least one provider that matches
+
+ describe aws_iam_saml_providers.where{ arn =~ /arn:aws:iam::.*:saml-provider\/FANCY/ } do
+ it { should exist }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exists
+
+The `exists` matcher tests if the filtered IAM SAML Provider(s) exists.
+
+ describe aws_iam_saml_providers.where( : ) do
+ it { should exist }
+ end
+
+You may also use `it { should_not exist }`.
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow:
+`iam:ListSamlProviders`
+`iam:GetSamlProvider`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_user.md
new file mode 100644
index 0000000000..e874988d50
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_user.md
@@ -0,0 +1,105 @@
++++
+title = "aws_iam_user resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_user"
+ identifier = "inspec/resources/aws/aws_iam_user.md aws_iam_user resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_user` InSpec audit resource to test properties of a single AWS IAM User.
+
+## Syntax
+
+An `aws_iam_user` resource block declares the tests for a single AWS IAM User by user name.
+
+ describe aws_iam_user(user_name: 'psmith') do
+ it { should exist }
+ end
+
+## Parameters
+
+### user_name _(required)_
+
+This resource accepts a single parameter, the User's username which uniquely identifies the User.
+This can be passed either as a string or as a `user_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html).
+
+## Properties
+
+| Property | Description |
+| --------------------- | ------------------------------------------------------------------------- |
+| username | The user's username. |
+| user_id | The user's ID. |
+| user_arn | The Amazon Resource Name of the user. |
+| access_keys | An array of hashes each containing metadata about the user's Access Keys. |
+| inline_policy_names | The names of policies directly attached to the user. |
+| attached_policy_names | The name of standalone IAM policies which are attached to the user. |
+| attached_policy_arns | The arns of the standalone IAM policies which are attached to the user. |
+
+- has_mfa_enabled
+- has_console_password
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that an IAM user does not exist
+
+ describe aws_iam_user(user_name: 'invalid-user') do
+ it { should_not exist }
+ end
+
+### Test that an IAM user has MFA enabled
+
+ describe aws_iam_user('psmith') do
+ it { should exist }
+ it { should have_mfa_enabled }
+ end
+
+### Ensure a User has no Access Keys or Inline Policies
+
+ describe aws_iam_user('psmith') do
+ it { should exist }
+ its('access_keys') { should be_empty }
+ its('inline_policy_names') { should be_empty }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+### has_mfa_enabled
+
+This will check if the requested User has Multi Factor Authentication enabled.
+
+ it { should have_mfa_enabled }
+
+#### has_console_password
+
+This will ensure the User has a console password set.
+
+ it { should have_console_password }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions action set to allow:
+`iam:GetUser`
+`iam:GetLoginProfile`
+`iam:ListMFADevices`
+`iam:ListAccessKeys`
+`iam:ListUserPolicies`
+`iam:ListAttachedUserPolicies`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_users.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_users.md
new file mode 100644
index 0000000000..19b76b03f3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_iam_users.md
@@ -0,0 +1,95 @@
++++
+title = "aws_iam_users resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_iam_users"
+ identifier = "inspec/resources/aws/aws_iam_users.md aws_iam_users resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_iam_users` InSpec audit resource to test properties of some or all AWS IAM Users.
+
+## Syntax
+
+An `aws_iam_users` resource block returns all IAM Users and allows the testing of that group of Users.
+
+ describe aws_iam_users do
+ its('usernames') { should include 'payroll-admin' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html).
+
+## Properties
+
+| Property | Description |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| usernames | The usernames of the returned Users. |
+| user_arns | The Amazon Resource Names of the returned Users. |
+| user_ids | The IDs of the returned Users. |
+| access_keys | Array of Access Keys belonging to each User. |
+| has_attached_policies | Whether or not the User has IAM Policies attached. |
+| attached_policy_names | The names (if any) of the IAM Policies attached to the User. |
+| attached_policy_arns | The Amazon Resource Names (if any) of the IAM Policies attached to the User. |
+| has_console_password | Whether or not the User has a console password set. |
+| has_inline_policies | Boolean indicating whether or not the User has policies set directly on them. |
+| inline_policy_names | The names of the policies (if any) which are directly on the User. |
+| has_mfa_enabled | Boolean indicating whether the User has MFA enabled or not. |
+| password_ever_used? | Whether the user has even used their console password. |
+| password_last_used_days_ago | How long ago, in days, since the user last used their console password. Returns `-1` if the password has never been used. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure there are no Users who do not have MFA enabled.
+
+ describe aws_iam_users.where( has_mfa_enabled: false) do
+ it { should_not exist }
+ end
+
+### Ensure there are no Users with inline policies
+
+ describe aws_iam_users.where(has_inline_policies: true) do
+ its('usernames') { should be_empty }
+ end
+
+### Ensure there are no Users with attached policies
+
+ describe aws_iam_users.where(has_attached_policies: true) do
+ its('usernames') { should be_empty }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_iam_users.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_iam_users.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the following permissions set to Allow:
+`iam:GetLoginProfile`
+`iam:ListUsers`
+`iam:ListMFADevices`
+`iam:ListAccessKeys`
+`iam:ListUserPolicies`
+`iam:ListAttachedUserPolicies`
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_internet_gateway.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_internet_gateway.md
new file mode 100644
index 0000000000..3c3a2bd3bd
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_internet_gateway.md
@@ -0,0 +1,92 @@
++++
+title = "aws_internet_gateway resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_internet_gateway"
+ identifier = "inspec/resources/aws/aws_internet_gateway"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_internet_gateway` InSpec audit resource to test the properties of a single AWS internet gateway.
+
+## Syntax
+
+An `aws_internet_gateway` resource block declares the tests for a single AWS internet gateway by id or name.
+
+ describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
+ it { should exist }
+ end
+
+ describe aws_internet_gateway(name: 'my-igw') do
+ it { should exist }
+ end
+
+## Parameters
+
+Either the id or the name must be provided.
+
+### id _(required if `name` not provided)_
+
+The value of the `internet_gateway_id` assigned by the AWS after the resource has been created.
+This should be in the format of `igw-` followed by 8 or 17 hexadecimal characters and passed as an `id: 'value'` key-value entry in a hash.
+
+### name _(required if `id` not provided)_
+
+If a `Name` tag is applied to the internet gateway, this can be used to lookup the resource.
+This must be passed as a `name: 'value'` key-value entry in a hash.
+If there are multiple internet gateways with the same name, this resource will raise an error.
+
+## Properties
+
+| Property | Description |
+| --------- | --------------------------------------------------------------------------------------------- |
+| id | The ID of the internet gateway. |
+| name | The value of the `Name` tag. It is `nil` if not defined. |
+| vpc_id | The ID of the attached VPC. It is `nil` if the resource is in a `detached` state. |
+| tags | A hash, with each key-value pair corresponding to an internet gateway tag. |
+| attached? | Indicates whether the internet gateway is **attached** to a VPC or not (`true` or `false`). |
+| detached? | Indicates whether the internet gateway is in a **detached** state or not (`true` or `false`). |
+| owner_id | The ID of the AWS account that owns the internet gateway. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InternetGateway.html)
+
+## Examples
+
+### Test that the internet gateway is attached
+
+ describe aws_internet_gateway(name: 'my-igw') do
+ it { should be_attached }
+ end
+
+### Test that the ID of the attached VPC is `vpc-1234567890abcdef1`
+
+ describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
+ its('vpc_id') { should eq `vpc-1234567890abcdef1` }
+ end
+
+### Test that the internet gateway has a certain tag
+
+ describe aws_internet_gateway(name: 'my-igw') do
+ its('tags') { should include('environment' => 'dev') }
+ its('tags') { should include('shutdown-at-10-pm') } # Regardless of the value
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matcher. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_internet_gateway(name: 'my-igw') do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInternetGateways` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_internet_gateways.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_internet_gateways.md
new file mode 100644
index 0000000000..dac93b77c4
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_internet_gateways.md
@@ -0,0 +1,78 @@
++++
+title = "aws_internet_gateways resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_internet_gateways"
+ identifier = "inspec/resources/aws/aws_internet_gateways.md aws_internet_gateways"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_internet_gateways` InSpec audit resource to test the properties of all AWS internet gateways owned by the AWS account.
+
+## Syntax
+
+An `aws_internet_gateways` resource block collects all of the internet gateways and then tests that group.
+
+ describe aws_internet_gateways do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| ----------------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| ids | The ID of the internet gateway. The field name is `id`. |
+| names | The value of the `Name` tag. It is `nil` if not defined. The field name is `name`. |
+| vpc_ids | The ID of the attached VPC. It is `nil` if the resource is in a `detached` state. The field name is `vpc_id`. |
+| tags | A hash, with each key-value pair corresponding to an internet gateway tag. The field name is `tags`. |
+| attachment_states | Indicates whether the internet gateway is attached to a VPC (`attached` or `detached`). The field name is `attachment_state`. |
+| owner_ids | The ID of the AWS account that owns the internet gateway. The field name is `owner_id`. |
+
+## Examples
+
+### Test that there are exactly 3 internet gateways
+
+ describe aws_internet_gateway do
+ its('count') { should cmp 3 }
+ end
+
+### Use this InSpec resource to request the ids of all internet gateways, then test in-depth using `aws_internet_gateway`.
+
+ aws_internet_gateways.ids.each do |id|
+ describe aws_internet_gateway(id: id) do
+ it { should be_attached }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+The field names described in the [properties table](#properties) should be used for the `` in the `where` clause.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_internet_gateways.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_internet_gateways.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInternetGateways` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_kms_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_kms_key.md
new file mode 100644
index 0000000000..a528e53e3f
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_kms_key.md
@@ -0,0 +1,140 @@
++++
+title = "aws_kms_key resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_kms_key"
+ identifier = "inspec/resources/aws/aws_kms_key.md aws_kms_key resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_kms_key` InSpec audit resource to test properties of a single AWS KMS Key.
+
+AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS lets you create master keys that can never be exported from the service and which can be used to encrypt and decrypt data based on policies you define.
+
+Each AWS KMS Key is uniquely identified by its key_id or arn.
+
+## Syntax
+
+An aws_kms_key resource block identifies a key by key_arn or the key id.
+
+ # Find a kms key by arn
+ describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
+ it { should exist }
+ end
+
+ # Find a kms key by just the id
+ describe aws_kms_key('4321dcba-21io-23de-85he-ab0987654321') do
+ it { should exist }
+ end
+
+ # Hash syntax for key arn
+ describe aws_kms_key(key_id: 'arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
+ it { should exist }
+ end
+
+## Parameters
+
+### alias _(required if `key_id` not specified)_
+
+This resource accepts searching for a KMS Key by it's Alias.
+This can be passed as a `alias: 'alias/value'` key-value entry in a hash. This will then use the `target_key_id` from the Alias to search for the KMS Key.
+
+### key_id _(required if `alias` not specified)_
+
+This resource accepts searching for a KMS Key by the KMS Key ID which can represent both the actual Key ID or the ARN of the Key.
+This can be passed either as a string or as a `key_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on KS Keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html).
+
+## Properties
+
+| Property | Description |
+| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| key_id | The globally unique identifier for the key. |
+| arn | The ARN identifier of the specified key. |
+| creation_date | Specifies the date and time when the key was created. |
+| created_days_ago | Specifies the number of days since the key was created. |
+| key_state | Specifies the state of the key one of "Enabled", "Disabled", "PendingDeletion", "PendingImport". To just check if the key is enabled or not, use the `be_enabled` matcher. |
+| description | The description of the key. |
+| deletion_time | Specifies the date and time after which AWS KMS deletes the key. This value is present only when KeyState is PendingDeletion, otherwise this value is nil. |
+| invalidation_time | Provides the date and time until the key is not valid. Once the key is not valid, AWS KMS deletes the key and it becomes unusable. This value will be null unless the keys Origin is EXTERNAL and its matcher have_key_expiration is set to true. |
+
+## Examples
+
+### Test that the specified key does exist
+
+ describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
+ it { should exist }
+ end
+
+### Test that the specified key is enabled
+
+ describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
+ it { should be_enabled }
+ end
+
+### Test that the specified key is rotation enabled
+
+ describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
+ it { should have_rotation_enabled }
+ end
+
+### Makes sure that the key was created at least 10 days ago
+
+ describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
+ its('creation_date') { should be < Time.now - 10 * 86400 }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](/inspec/matchers/).
+
+Use `should_not` to test the entity should not exist in all cases.
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+ it { should exist }
+
+ it { should_not exist }
+
+### be_enabled
+
+The test will pass if the specified key's key_state is set to enabled.
+
+ it { should be_enabled }
+
+### be_external
+
+Provides whether the source of the key's key material is external or not. If it is not external than it was created by AWS KMS. When it is external, the key material was imported from an existing key management infrastructure or the key lacks key material.
+
+ it { should be_external }
+
+### be_managed_by_aws
+
+Provides whether or not the key manager is from AWS. If it is not managed by AWS, it is managed by the customer.
+
+ it { should be_managed_by_aws }
+
+### have_key_expiration
+
+Specifies whether the key's key material expires. This value is null unless the keys Origin is External.
+
+ it { should have_key_expiration }
+
+### have_rotation_enabled
+
+The test will pass if automatic rotation of the key material is enabled for the specified key.
+
+ it { should have_rotation_enabled }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `kms:DescribeKey`, and `kms:GetKeyRotationStatus` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Key Management Service](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awskeymanagementservice.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_kms_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_kms_keys.md
new file mode 100644
index 0000000000..6854830ff5
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_kms_keys.md
@@ -0,0 +1,84 @@
++++
+title = "aws_kms_keys resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_kms_keys"
+ identifier = "inspec/resources/aws/aws_kms_keys.md aws_kms_keys resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_kms_keys` InSpec audit resource to test properties of some or all AWS KMS Keys.
+
+AWS Key Management Service (KMS) is a managed service that makes creating and
+controlling your encryption keys for your data easier. KMS uses Hardware Security
+Modules (HSMs) to protect the security of your keys.
+
+AWS Key Management Service is integrated with several other AWS services to help
+you protect the data you store with these services.
+
+## Syntax
+
+An `aws_kms_keys` resource block uses an optional filter to select a group of KMS Keys and then tests that group.
+
+ # Verify the number of KMS keys in the AWS account
+ describe aws_kms_keys do
+ its('entries.count') { should cmp 10 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on KS Keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html).
+
+## Properties
+
+| Property | Description |
+| -------- | -------------------------------------------------------------------------------------------- |
+| key_ids | The IDs of the returned keys. |
+| key_arns | The Amazon Resource Names of the returned keys. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Ensure a Key exists
+
+ describe aws_kms_keys do
+ its('key_ids') { should include 'fd7e608b-f435-4186-b8b5-111111111111'}
+ end
+
+### Allow at most 100 KMS Keys on the account
+
+ describe aws_kms_keys do
+ its('entries.count') { should be <= 100}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_kms_keys do
+ it { should exist }
+ end
+
+ describe aws_kms_keys.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `kms:ListKeys` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Key Management Service](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awskeymanagementservice.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_lambda.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_lambda.md
new file mode 100644
index 0000000000..b360e3f705
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_lambda.md
@@ -0,0 +1,56 @@
++++
+title = "aws_lambda resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_lambda"
+ identifier = "inspec/resources/aws/aws_lambda.md aws_lambda resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_lambda` resource to test a specific lambda.
+
+## Syntax
+
+```ruby
+describe aws_lambda do
+ it { should exist}
+ its ('handler') { should eq 'main.on_event'}
+ its ('version') { should eq '$LATEST' }
+ its ('runtime') { should eq 'python3.7' }
+end
+```
+
+## Parameters
+
+This resource expects the name of the function.
+
+## Properties
+
+All properties as defined by the [Aws::lambda::Types::GetFunctionResponse](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Types/GetFunctionResponse.html)
+
+## Examples
+
+### tests that all lambdas with a particular tag is correctly deployed
+
+```ruby
+describe aws_lambda('my_new_lambda') do
+ it { should exist}
+ its ('handler') { should eq 'main.on_event'}
+ its ('version') { should eq '$LATEST' }
+ its ('runtime') { should eq 'python3.7' }
+end
+```
+
+## Matchers
+
+This InSpec audit resource uses the standard matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `lambda:GetFunction` action with Effect set to Allow.
+
+You can find detailed documentation at [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_lambdas.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_lambdas.md
new file mode 100644
index 0000000000..cfdd535645
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_lambdas.md
@@ -0,0 +1,68 @@
++++
+title = "aws_lambdas resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_lambdas"
+ identifier = "inspec/resources/aws/aws_lambdas.md aws_lambdas resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_lambdas` resource to test the collection of lambdas deployed into an account.
+
+## Syntax
+
+```ruby
+describe aws_lambdas do
+ its('count') { should eq 20 }
+end
+```
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| -------- | --------------------------------- |
+| names | The names of the lambda deployed. |
+| tags | The tags of the lambda deployed. |
+
+## Examples
+
+### tests that all lambdas with a particular tag is correctly deployed
+
+```ruby
+lambdas = aws_lambdas()
+
+describe lambdas do
+ its ('count') { should eq 33}
+end
+
+lambdas.tags.each_with_index { | tag, i |
+ if tag!= {} and tag.include? 'Application' and tag['Application']=='test')
+ lambda_name = lambdas.names[i]
+
+ describe aws_lambda(lambda_name) do
+ it { should exist}
+ its ('handler') { should eq 'main.on_event'}
+ its ('version') { should eq '$LATEST' }
+ its ('runtime') { should eq 'python3.7' }
+ end
+ end
+}
+```
+
+## Matchers
+
+This InSpec audit resource uses the standard matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `lambda:ListFunctions` action with Effect set to Allow.
+
+You can find detailed documentation at [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_launch_configuration.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_launch_configuration.md
new file mode 100644
index 0000000000..413e0e06ec
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_launch_configuration.md
@@ -0,0 +1,108 @@
++++
+title = "aws_launch_configuration resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_launch_configuration"
+ identifier = "inspec/resources/aws/aws_launch_configuration.md aws_launch_configuration resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_launch_configuration` InSpec audit resource to test properties of a
+single AWS Launch Configuration.
+
+## Syntax
+
+ # Ensure that a launch configuration exists and has the correct key name
+ describe aws_launch_configuration('my-config') do
+ it { should exist }
+ its('key_name') { should be 'my-key-name' }
+ end
+
+ # You may also use hash syntax to pass the launch configuration name
+ describe aws_launch_configuration(launch_configuration_name: 'my-config') do
+ it { should exist }
+ end
+
+## Parameters
+
+### launch_configuration_name _(required)_
+
+This resource expects a single parameter, the `launch_configuration_name` which
+uniquely identifies the of a Launch Configuration.
+
+See also the [AWS documentation on Launch Configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html).
+
+## Properties
+
+| Property | Description |
+| --------------------------- | ----------------------------------------------------------------------------------------- |
+| arn | An string indicating the ARN of the launch configuration |
+| image_id | An string indicating the AMI of the launch configuration |
+| instance_type | A string indicating the instance type of the launch configuration |
+| iam_instance_profile | A string indicating the IAM profile for the launch configuration |
+| key_name | A string indicating the AWS key pair for the launch configuration |
+| security_groups | An array of strings of the security group IDs associated with the launch configuration |
+| associate_public_ip_address | A boolean indicating if the launch configuration is configured to set a public IP address |
+| user_data | A string containing the user data configured for the launch configuration |
+| ebs_optimized | A boolean indicating if the launch configuration is optimized for Amazon EBS |
+| instance_monitoring | A string indicating if instance monitoring is set to `detailed` or `basic` |
+| spot_price | A floating point number indicating the spot price configured |
+
+## Examples
+
+### Ensure a Launch Config is using the correct AMI
+
+ describe aws_launch_configuration('my-config') do
+ its('image_id') { should eq 'ami-012345'}
+ end
+
+### Test the instance type used in a Launch Config
+
+ describe aws_launch_configuration('my-config') do
+ its('instance_type') { should eq 't3.micro'}
+ end
+
+### Ensure a Launch Config is associated with the right IAM Profile
+
+ describe aws_launch_configuration('my-config') do
+ its('iam_instance_profile') { should eq 'iam-profile' }
+ end
+
+### Ensure the Launch Config does not set a public IP
+
+ describe aws_launch_configuration('my-config') do
+ its('associate_public_ip_address') { should be false }
+ end
+
+### Ensure the correct UserData is set on launched instances
+
+ describe aws_launch_configuration('my-config') do
+ its('user_data') { should include 'user-data' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_launch_configuration('AnExistingLC') do
+ it { should exist }
+ end
+
+ describe aws_launch_configuration('ANonExistentLC') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `autoscaling:Describe*` action with Effect set to Allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups and launch configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_nat_gateway.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_nat_gateway.md
new file mode 100644
index 0000000000..7fc0a64eb1
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_nat_gateway.md
@@ -0,0 +1,122 @@
++++
+title = "aws_nat_gateway resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_nat_gateway"
+ identifier = "inspec/resources/aws/aws_nat_gateway.md aws_nat_gateway"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_nat_gateway` InSpec audit resource to test the properties of a single AWS NAT gateway.
+
+## Syntax
+
+An `aws_nat_gateway` resource block declares the tests for a single AWS NAT gateway by id, name, vpc_id or subnet_id.
+
+ describe aws_nat_gateway(id: 'nat-abc0123456789deff') do
+ it { should exist }
+ end
+
+ describe aws_nat_gateway(name: 'my-nat-gateway') do
+ it { should exist }
+ end
+
+Multiple parameters can be provided for better granularity.
+
+ describe aws_nat_gateway(vpc_id: 'vpc-abc01234', subnet_id: 'subnet-6789deff') do
+ it { should exist }
+ end
+
+## Parameters
+
+At least one of the following parameters must be provided.
+
+- id
+- name
+- subnet_id
+- vpc_id
+
+### id
+
+The value of the `nat_gateway_id` assigned by the AWS after the resource has been created.
+This should be in the format of `nat-` followed by 8 or 17 hexadecimal characters and passed as an `id: 'value'` key-value entry in a hash.
+
+### name
+
+If a `Name` tag is applied to the NAT gateway, this can be used to lookup the resource.
+This must be passed as a `name: 'value'` key-value entry in a hash.
+If there are multiple NAT gateways with the same name, this resource will raise an error.
+
+### subnet_id
+
+The ID of the subnet in which the NAT gateway is placed.
+This should be in the format of `subnet-` followed by 8 or 17 hexadecimal characters and passed as an `subnet_id: 'value'` key-value entry in a hash.
+
+### vpc_id
+
+The ID of the VPC in which the NAT gateway is located.
+This should be in the format of `vpc-` followed by 8 or 17 hexadecimal characters and passed as an `vpc_id: 'value'` key-value entry in a hash.
+
+## Properties
+
+| Property | Description |
+| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| id | The ID of the NAT gateway. |
+| name | The value of the `Name` tag. It is `nil` if not defined. |
+| vpc_id | The ID of the VPC in which the NAT gateway is located. |
+| subnet_id | The ID of the subnet in which the NAT gateway is placed. |
+| tags | A hash, with each key-value pair corresponding to a NAT gateway tag. |
+| nat_gateway_address_set | A hash of [NatGatewayAddress object](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_NatGatewayAddress.html) that gives information about the IP addresses and network interface associated with the NAT gateway. |
+| state | The sate of the NAT gateway. Valid values are: `pending`, `failed`, `available`, `deleting` and `deleted`. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_NatGateway.html)
+
+## Examples
+
+### Test that the NAT gateway is in `available` state
+
+ describe aws_nat_gateway(name: 'my-nat-gateway') do
+ its('state') { should eq 'available' }
+ end
+
+### Test that the ID of the VPC is `vpc-1234567890abcdef1`
+
+ describe aws_nat_gateway(id: 'nat-abc0123456789deff') do
+ its('vpc_id') { should eq `vpc-1234567890abcdef1` }
+ end
+
+### Test that the NAT gateway has a certain tag
+
+ describe aws_nat_gateway(name: 'my-nat-gateway') do
+ its('tags') { should include('environment' => 'dev') }
+ its('tags') { should include('delete-at-10-pm') } # Regardless of the value
+ end
+
+### Test that the private IP address is `10.0.1.68`
+
+ describe aws_nat_gateway(vpc_id: 'vpc-abc01234', subnet_id: 'subnet-12345678') do
+ its('nat_gateway_address_set') { should include(:private_ip => '10.0.1.68') }
+ end
+
+For more examples, please check the [integration tests](https://github.com/inspec/inspec-aws/blob/main/test/integration/verify/controls/aws_nat_gateway.rb).
+
+## Matchers
+
+This InSpec audit resource has the following special matcher. For a full list of
+available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+ describe aws_nat_gateway(name: 'my-nat-gateway') do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeNatGateways` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_nat_gateways.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_nat_gateways.md
new file mode 100644
index 0000000000..61216eee4f
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_nat_gateways.md
@@ -0,0 +1,86 @@
++++
+title = "aws_nat_gateways resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_nat_gateways"
+ identifier = "inspec/resources/aws/aws_nat_gateways.md aws_nat_gateways"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_nat_gateways` InSpec audit resource to test the properties of all
+AWS NAT gateways owned by the AWS account.
+
+## Syntax
+
+An `aws_nat_gateways` resource block collects all of the NAT gateways and then tests that group.
+
+ describe aws_nat_gateways do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| ---------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| ids | The ID of the NAT gateway. The field name is `id`. |
+| names | The value of the `Name` tag. It is `nil` if not defined. The field name is `name`. |
+| vpc_ids | The ID of the VPC in which the NAT gateway is located. The field name is `vpc_id`. |
+| subnet_ids | The ID of the subnet in which the NAT gateway is placed. The field name is `subnet_id`. |
+| tags | A hash, with each key-value pair corresponding to a NAT gateway tag. The field name is `tags`. |
+| states | The sate of the NAT gateway. Valid values are: `pending`, `failed`, `available`, `deleting` and `deleted`. The field name is `state`. |
+
+## Examples
+
+### Test that there are exactly 3 NAT Gateways
+
+ describe aws_nat_gateways do
+ its('count') { should cmp 3 }
+ end
+
+### Request The IDs of all NAT Gateways
+
+Use this InSpec resource to request the ids of all NAT gateways, then test in-depth
+using `aws_nat_gateway` InSpec singular AWS resource.
+
+ aws_nat_gateways.ids.each do |id|
+ describe aws_nat_gateway(id: id) do
+ its('state') { should eq 'available' }
+ end
+ end
+
+For more examples, please check the [integration tests](https://github.com/inspec/inspec-aws/blob/main/test/integration/verify/controls/aws_nat_gateways.rb).
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+#### exist
+
+The control will pass if the describe returns at least one result.
+The field names described in the [properties table](#properties) should be used for the `` in the `where` clause.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_nat_gateways.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_nat_gateways.where( : ) do
+ it { should_not exist }
+ end
+
+Please see [here](https://github.com/inspec/inspec/blob/main/docs/dev/filtertable-usage.md) for more information on how to use filter table.
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeNatGateways` action set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_organizations_member.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_organizations_member.md
new file mode 100644
index 0000000000..8e5f0cd972
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_organizations_member.md
@@ -0,0 +1,88 @@
++++
+title = "aws_organizations_member resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_organizations_member"
+ identifier = "inspec/resources/aws/aws_organizations_member.md aws_organizations_member resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_organizations_member` InSpec audit resource to test the current AWS Account being used within an organization.
+
+## Syntax
+
+An `aws_organizations_member` resource block tests if the current AWS Account is the Master Account.
+
+The `master` matcher will return `true` or `false` accordingly.
+You may also verify that the `master_account_id` and `master_account_arn` properties match known values.
+
+If the current AWS Account _**is**_ the Master Account, you may also access properties of that account.
+
+ describe aws_organizations_member do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+{{< note >}}
+
+This resource must target AWS Region `us-east-1`. If another region is specified
+in your configuration, it will be overwritten at runtime.
+
+{{< /note >}}
+
+## Properties
+
+| Property | Description |
+| ------------------ | ----------------------------------------------- |
+| master_account_id | The ID of the AWS Organizations Master Account |
+| master_account_arn | The ARN of the AWS Organizations Master Account |
+
+_**If the current Account is the Master Account, the following properties are also available:**_
+
+| Property | Description |
+| ------------- | ------------------------------------------------------ |
+| account_id | The ID of the current Account. |
+| account_arn | The ARN of the current Account. |
+| account_name | The Name of the current Account. |
+| account_email | The Email address associated with the current Account. |
+
+## Examples
+
+### Ensure you are a child account with a certain ID for the top level account.
+
+ describe aws_organizations_member do
+ it { should_not be_master }
+ its('master_account_id') { should cmp '56845218745' }
+ end
+
+### Ensure you are the top level account, with the right name and email associated.
+
+ describe aws_organizations_member do
+ it { should be_master }
+ its('account_name') { should eq 'MyAWSMasterAccount' }
+ its('account_email') { should eq 'aws.admin@org.com' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list
+of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### be_master
+
+The `be_master` matcher tests if the account is a 'master' AWS Account.
+
+ it { should_not be_master }
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+ it { should exist }
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_cluster.md
new file mode 100644
index 0000000000..d37c4dedc1
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_cluster.md
@@ -0,0 +1,100 @@
++++
+title = "aws_rds_cluster resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_rds_cluster"
+ identifier = "inspec/resources/aws/aws_rds_cluster.md aws_rds_cluster"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_rds_cluster` InSpec audit resource to test detailed properties of an individual RDS cluster.
+
+RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.
+
+## Syntax
+
+An `aws_rds_cluster` resource block uses resource parameters to search for an RDS
+cluster, and then tests that RDS cluster. If no RDS clusters match, no error is
+raised, but the `exists` matcher will return `false` and all properties will be
+`nil`. If more than one RDS cluster matches (due to vague search parameters),
+an error is raised.
+
+ describe aws_rds_cluster('test-cluster-id') do
+ it { should exist }
+ end
+
+ # Can also use hash syntax
+ describe aws_rds_cluster(db_cluster_identifier: 'test-cluster-id') do
+ it { should exist }
+ end
+
+## Parameters
+
+### db_cluster_identifier _(required)_
+
+This resource accepts a single parameter, the user-supplied cluster identifier. This parameter isn't case-sensitive.
+This can be passed either as a string or as a `db_cluster_identifier: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on RDS cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.html).
+
+## Properties
+
+For a comprehensive list of properties available to test on an RDS cluster see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/DBCluster.html).
+
+## Examples
+
+### Test the engine used with an RDS cluster
+
+ describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do
+ its('engine') { should eq 'mysql' }
+ its('engine_version') { should eq '5.6.37' }
+ end
+
+### Test the storage allocated to an RDS cluster
+
+ describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do
+ its('storage_encrypted') { should eq true }
+ its('allocated_storage') { should eq 10 }
+ end
+
+### Test the cluster status and master username
+
+ describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do
+ its('master_username') { should eq 'db-maintain' }
+ its('status') { should eq 'available' }
+ end
+
+### Test the maximum and minumum capacity of a serverless RDS cluster
+
+ describe aws_rds_cluster(db_cluster_identifier: 'awsrds123') do
+ its('scaling_configuration_info.min_capacity') { should eq 2 }
+ its('scaling_configuration_info.max_capacity') { should eq 64 }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_rds_cluster(db_cluster_identifier: 'AnExistingRDS') do
+ it { should exist }
+ end
+
+ describe aws_rds_cluster(db_cluster_identifier: 'ANonExistentRDS') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `rds:DescribeDBclusters` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_clusters.md
new file mode 100644
index 0000000000..6b516b6c46
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_clusters.md
@@ -0,0 +1,88 @@
++++
+title = "aws_rds_clusters resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_rds_clusters"
+ identifier = "inspec/resources/aws/aws_rds_clusters.md aws_rds_clusters resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_rds_clusters` InSpec audit resource to test properties of a collection of AWS RDS clusters.
+
+RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL,
+Microsoft SQL Server, Oracle, or Amazon Aurora database server.
+
+## Syntax
+
+Ensure you have exactly 3 clusters
+
+ describe aws_rds_clusters do
+ its('db_cluster_identifiers.count') { should cmp 3 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on RDS](https://docs.aws.amazon.com/rds/?id=docs_gateway).
+
+## Properties
+
+| Property | Description |
+| ------------------ | ------------------------------------------------------------------------------------- |
+| cluster_identifier | The unique IDs of the RDS clusters returned. |
+| database_name | The name of the database associated with each RDS cluster. |
+| cluster_members | The RDS instances attached to each RDS cluster. |
+| engine | The name of the database engine used by each cluster. |
+| engine_version | The version of the database engine used by each cluster. |
+| status | The current status of each cluster. |
+| allocated_storage | The storage allocated to each cluster. |
+| storage_encrypted | Returns T/F whether the cluster is encrypted or not. |
+| availability_zones | A list of availability zones of the RDS clusters returned. |
+| multi_az | Returns T/F depending on whether multiple availability zones are used in the cluster. |
+| arn | The unique Amazon resource name of the RDS clusters. |
+
+## Examples
+
+### Ensure a specific cluster exists
+
+ describe aws_rds_clusters do
+ its('db_cluster_identifier') { should include 'cluster-12345678' }
+ end
+
+### Test That All RDS Clusters Are Encrypted by ID
+
+Use the InSpec resource to request the IDs of all RDS clusters, then test
+in-depth using `aws_rds_cluster` to ensure all clusters are encrypted and have a
+sensible size.
+
+ aws_rds_clusters.cluster_identifier.each do |cluster_identifier|
+ describe aws_rds_cluster(cluster_identifier) do
+ it { should have_encrypted_storage }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_rds_clusters do
+ it { should exist }
+ end
+
+ describe aws_rds_clusters do
+ it { should_not exist }
+ end
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:Describeclusters`, and `iam:GetInstanceProfile` actions set to allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_instance.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_instance.md
new file mode 100644
index 0000000000..34631cf079
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_instance.md
@@ -0,0 +1,89 @@
++++
+title = "aws_rds_instance resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_rds_instance"
+ identifier = "inspec/resources/aws/aws_rds_instance.md aws_rds_instance"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_rds_instance` InSpec audit resource to test detailed properties of an individual RDS instance.
+
+RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.
+
+## Syntax
+
+An `aws_rds_instance` resource block uses resource parameters to search for an RDS instance, and then tests that RDS instance. If no RDS instances match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one RDS instance matches (due to vague search parameters), an error is raised.
+
+ describe aws_rds_instance('test-instance-id') do
+ it { should exist }
+ end
+
+ # Can also use hash syntax
+ describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
+ it { should exist }
+ end
+
+## Parameters
+
+### db_instance_identifier _(required)_
+
+This resource accepts a single parameter, the user-supplied instance identifier. This parameter isn't case-sensitive.
+This can be passed either as a string or as a `db_instance_identifier: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.html).
+
+## Properties
+
+For a comprehensive list of properties available to test on an RDS Instance see the [AWS Response Object](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RDS/Types/DBInstance.html)
+
+## Examples
+
+### Test the engine used with an RDS instance
+
+ describe aws_rds_instance(db_instance_identifier: 'awsrds123') do
+ its ('engine') { should eq 'mysql' }
+ its ('engine_version') { should eq '5.6.37' }
+ end
+
+### Test the storage allocated to an RDS instance
+
+ describe aws_rds_instance(db_instance_identifier: 'awsrds123') do
+ its ('storage_type') { should eq 'gp2' }
+ its ('allocated_storage') { should eq 10 }
+ end
+
+### Test the instance type and master username
+
+ describe aws_rds_instance(db_instance_identifier: 'awsrds123') do
+ its ('master_username') { should eq 'db-maintain' }
+ its ('db_instance_class') { should eq 'db.t3.micro' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_rds_instance(db_instance_identifier: 'AnExistingRDS') do
+ it { should exist }
+ end
+
+ describe aws_rds_instance(db_instance_identifier: 'ANonExistentRDS') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `rds:DescribeDBInstances` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon RDS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_instances.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_instances.md
new file mode 100644
index 0000000000..c3913853b8
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_rds_instances.md
@@ -0,0 +1,79 @@
++++
+title = "aws_rds_instances resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_rds_instances"
+ identifier = "inspec/resources/aws/aws_rds_instances.md aws_rds_instances resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_rds_instances` InSpec audit resource to test properties of a collection of AWS RDS instances.
+
+RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.
+
+RDS instances are compute instances used by the RDS service.
+
+## Syntax
+
+Ensure you have exactly 3 instances
+
+ describe aws_rds_instances do
+ its('db_instance_identifiers.count') { should cmp 3 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on RDS](https://docs.aws.amazon.com/rds/?id=docs_gateway).
+
+## Properties
+
+| Property | Description |
+| ----------------------- | -------------------------------------------------------------------------------------------- |
+| db_instance_identifiers | The unique IDs of the RDS Instances returned. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure a specific instance exists
+
+ describe aws_rds_instances do
+ its('db_instance_identifiers') { should include 'rds-12345678' }
+ end
+
+### Test That All Rds Instances Are Encrypted by Id
+
+Use the InSpec resource to request the IDs of all RDS instances, then test in-depth
+using `aws_rds_instance` to ensure all instances are encrypted and have a sensible size.
+
+ aws_rds_instances.db_instance_identifiers.each do |db_instance_identifier|
+ describe aws_rds_instance(db_instance_identifier) do
+ it { should be_encrypted }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_rds_instances do
+ it { should exist }
+ end
+
+ describe aws_rds_instances do
+ it { should_not exist }
+ end
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInstances`, and `iam:GetInstanceProfile` actions set to allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_region.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_region.md
new file mode 100644
index 0000000000..d7216fb5e3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_region.md
@@ -0,0 +1,72 @@
++++
+title = "aws_region resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_region"
+ identifier = "inspec/resources/aws/aws_region.md aws_region resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_region` InSpec audit resource to test properties of a single AWS region.
+
+## Syntax
+
+An `aws_region` resource block identifies an AWS region by ID. If no region is provided, the current default is used.
+
+ describe aws_region('eu-west-2') do
+ it { should exist }
+ end
+
+ describe aws_region(region_name: 'us-east-1') do
+ it { should exist }
+ end
+
+## Parameters
+
+### region_name _(optional)_
+
+This resource accepts a single parameter, the region_name.
+This can be passed either as a string or as a `region_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
+
+## Properties
+
+| Property | Description |
+| ----------- | ------------------------------------ |
+| region_name | The Name of the region. |
+| endpoint | The resolved endpoint of the region. |
+
+## Examples
+
+### Test whether a region exists
+
+ describe aws_region('region-not-real') do
+ it { should_not exist }
+ end
+
+### Test the Region Endpoint
+
+ describe aws_region(region_name: 'eu-west-2') do
+ its('endpoint') { should eq 'ec2.eu-west-2.amazonaws.com' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+ it { should exist }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeRegions` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_regions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_regions.md
new file mode 100644
index 0000000000..df30321a82
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_regions.md
@@ -0,0 +1,79 @@
++++
+title = "aws_regions resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_regions"
+ identifier = "inspec/resources/aws/aws_regions.md aws_regions resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_regions` InSpec audit resource to test properties of some or all AWS regions in bulk.
+
+Note that this resource lists all AWS regions that are currently available to the caller.
+
+## Syntax
+
+An `aws_regions` resource block uses an optional filter to select a group of regions and then tests that group.
+
+ describe aws_regions.where { region_name: 'us-not-there-1' } do
+ it { should_not exist }
+ end
+
+## Parameters
+
+### name _(required)_
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
+
+## Properties
+
+| Property | Description |
+| ------------ | -------------------------------------- |
+| region_names | The Names of the regions. |
+| endpoints | The resolved endpoints of the regions. |
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Check for a Particular Region
+
+ describe aws_regions do
+ its('region_names') { should include 'eu-west-2' }
+ end
+
+### Check an endpoint exists
+
+ describe aws_regions do
+ its('endpoints') { should include 'ec2.eu-west-2.amazonaws.com' }
+ end
+
+### Use the regions resource to check single regions in more detail
+
+ aws_regions.region_names.each do |aws_region_name|
+ describe aws_region(region_name: aws_region_name) do
+ it { should exist }
+ end
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+ it { should exist }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_route_table.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_route_table.md
new file mode 100644
index 0000000000..2a2b4adf71
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_route_table.md
@@ -0,0 +1,103 @@
++++
+title = "aws_route_table resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_route_table"
+ identifier = "inspec/resources/aws/aws_route_table.md aws_route_table resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_route_table` InSpec audit resource to test properties of a single Route Table. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
+
+## Syntax
+
+This resource expects a single parameter that uniquely identifies the Route Table. You may pass it as a string, or as the value in a hash:
+
+ describe aws_route_table('rtb-123abcde') do
+ it { should exist }
+ end
+
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
+ it { should exist }
+ end
+
+## Parameters
+
+### route_table_id _(required)_
+
+This resource accepts a single parameter, the route_table_id.
+This can be passed either as a string or as a `route_table_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Route Tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html).
+
+## Properties
+
+| Property | Description |
+| ---------------- | ----------------------------------------------------------------- |
+| route_table_id | The ID of the route table. |
+| owner_id | The ID of the AWS account that owns the route table. |
+| vpc_id | The ID of the VPC. |
+| routes | The routes in the route table. |
+| associations | The associations between the route table and one or more subnets. |
+| propagating_vgws | Any virtual private gateway (VGW) propagating routes. |
+| tags | Any tags assigned to the route table. |
+
+## Examples
+
+### Confirm that the route table has expected VPC identifier
+
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
+ its('vpc_id') { should eq 'vpc-01625e36123456789' }
+ end
+
+### Confirm that the route table has expected owner identifier
+
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
+ its('owner_id') { should eq '123456789012' }
+ end
+
+### Ensure the expected number of routes is present
+
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
+ its('routes.count') { should eq 2 }
+ end
+
+### Ensure the expected number of associations is present
+
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
+ its('associations.count') { should eq 1 }
+ end
+
+### Ensure there are no virtual private gateway (VGW) propagating routes
+
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
+ its('propagating_vgws') { should be_empty }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_route_table('should-be-there') do
+ it { should exist }
+ end
+
+ describe aws_route_table('should-not-be-there') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeRouteTables` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_route_tables.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_route_tables.md
new file mode 100644
index 0000000000..58edc7cc13
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_route_tables.md
@@ -0,0 +1,68 @@
++++
+title = "aws_route_tables resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_route_tables"
+ identifier = "inspec/resources/aws/aws_route_tables.md aws_route_tables"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_route_tables` InSpec audit resource to test properties of all or a group of Route Tables. A Route Table contains a set of rules, called routes, that are used to determine where network traffic is directed.
+
+## Syntax
+
+Ensure that there is at least one route table
+
+ describe aws_route_tables do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Route Tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html).
+
+## Properties
+
+| Property | Description |
+| --------------- | -------------------------------------------------------------------------------------------- |
+| route_table_ids | The route table IDs |
+| vpc_ids | The VPC IDs |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Confirm that a route table exists
+
+ describe aws_route_tables do
+ its('vpc_ids') { should include 'vpc-01625e36123456789' }
+ end
+
+### Confirm a Route Table exists.
+
+ describe aws_route_tables do
+ its('route_table_ids') { should include 'rtb-12345678' }
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeRouteTables` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_bucket.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_bucket.md
new file mode 100644
index 0000000000..578cd7f8e1
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_bucket.md
@@ -0,0 +1,156 @@
++++
+title = "aws_s3_bucket resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_s3_bucket"
+ identifier = "inspec/resources/aws/aws_s3_bucket.md aws_s3_bucket resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_s3_bucket` InSpec audit resource to test properties of a single AWS bucket.
+
+## Syntax
+
+An `aws_s3_bucket` resource block declares a bucket by name, and then lists tests to be performed.
+
+ describe aws_s3_bucket(bucket_name: 'test_bucket') do
+ it { should exist }
+ it { should_not be_public }
+ end
+
+ describe aws_s3_bucket('test_bucket') do
+ it { should exist }
+ end
+
+## Parameters
+
+### bucket_name _(required)_
+
+This resource accepts a single parameter, the S3 Bucket Name which uniquely identifies the bucket.
+This can be passed either as a string or as a `bucket_name: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html).
+
+## Properties
+
+| Property | Description |
+| ---------------------- | ----------------------------------------------------------------------------------------------------------------------- |
+| region | The region of the bucket. Region is overridden based on the location returned from S3 |
+| bucket_acl | An array of AWS Grants detailing permission grants on the bucket. |
+| bucket_policy | The IAM policy document controlling access to the bucket. |
+| bucket_lifecycle_rules | The lifecycle policy rules that define actions S3 will take for all objects (or a subset of objects) in their lifetime. |
+| tags | An hash with each key-value pair corresponding to a tag associated with the entity |
+
+## Examples
+
+### Test the bucket-level ACL
+
+ describe aws_s3_bucket('test_bucket') do
+ its('bucket_acl.count') { should eq 1 }
+ end
+
+### Check if a bucket has a bucket policy
+
+ describe aws_s3_bucket('test_bucket') do
+ its('bucket_policy') { should be_empty }
+ end
+
+### Check if a bucket appears to be exposed to the public
+
+ describe aws_s3_bucket('test_bucket') do
+ it { should_not be_public }
+ end
+
+### Check if the correct region is set
+
+ describe aws_s3_bucket('test_bucket') do
+ its('region') { should eq 'us-east-1' }
+ end
+
+### Check bucket's ACL for correct grants
+
+ bucket_acl = aws_s3_bucket('my-bucket').bucket_acl
+
+ # Look for grants to "AllUsers" (that is, the public)
+ all_users_grants = bucket_acl.select do |g|
+ g.grantee.type == 'Group' && g.grantee.uri =~ /AllUsers/
+ end
+
+ # Look for grants to "AuthenticatedUsers" (that is, any authenticated AWS user - nearly public)
+ auth_grants = bucket_acl.select do |g|
+ g.grantee.type == 'Group' && g.grantee.uri =~ /AuthenticatedUsers/
+ end
+
+### Test all buckets
+
+ aws_s3_buckets.bucket_names.each do |bucket_name|
+ describe aws_s3_bucket(bucket_name) do
+ it { should have_default_encryption_enabled }
+ end
+ end
+
+### Test buckets in a specific region
+
+ aws_s3_buckets.bucket_names.each do |bucket_name|
+ if aws_s3_bucket(bucket_name: bucket_name).region == region
+ describe aws_s3_bucket(bucket_name) do
+ it { should have_default_encryption_enabled }
+ end
+ end
+ end
+
+### Check if a bucket has a bucket policy that requires requests to use HTTPS
+
+ describe aws_s3_bucket('test_bucket') do
+ it { should have_secure_transport_enabled }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### be_public
+
+The `be_public` matcher tests if the bucket has potentially insecure access controls. This high-level matcher detects several insecure conditions, which may be enhanced in the future. Currently, the matcher reports an insecure bucket if any of the following conditions are met:
+
+1. A bucket ACL grant exists for the 'AllUsers' group
+2. A bucket ACL grant exists for the 'AuthenticatedUsers' group
+3. A bucket policy has an effect 'Allow' and principal '\*'
+
+Note: This resource does not detect insecure object ACLs.
+
+ it { should_not be_public }
+
+### have_access_logging_enabled
+
+The `have_access_logging_enabled` matcher tests if access logging is enabled for the s3 bucket.
+
+ it { should have_access_logging_enabled }
+
+### have_default_encryption_enabled
+
+The `have_default_encryption_enabled` matcher tests if default encryption is enabled for the s3 bucket.
+
+ it { should have_default_encryption_enabled }
+
+### have_versioning_enabled
+
+The `have_versioning_enabled` matcher tests if versioning is enabled for the s3 bucket.
+
+it { should have_versioning_enabled }
+
+### have_secure_transport_enabled
+
+The `have_secure_transport_enabled` matcher tests if a bucket policy that explicitly denies requests via HTTP is enabled for the s3 bucket.
+
+it { should have_secure_transport_enabled }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `s3:GetBucketAcl`, `s3:GetBucketLocation`, `s3:GetBucketLogging`, `s3:GetBucketPolicy`, and `s3:GetEncryptionConfiguration` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_bucket_object.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_bucket_object.md
new file mode 100644
index 0000000000..411d11ebeb
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_bucket_object.md
@@ -0,0 +1,100 @@
++++
+title = "aws_s3_bucket_object resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_s3_bucket_object"
+ identifier = "inspec/resources/aws/aws_s3_bucket_object.md aws_s3_bucket_object resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_s3_bucket_object` InSpec audit resource to test properties of a single AWS bucket object.
+
+Each S3 Object has a 'key' which can be thought of as the name of the S3 Object which uniquely identifies it.
+
+## Syntax
+
+An `aws_s3_bucket_object` resource block declares a bucket and an object key by name, and then lists tests to be performed.
+
+ describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_object_key') do
+ it { should exist }
+ it { should_not be_public }
+ end
+
+## Parameters
+
+### bucket_name _(required)_
+
+The S3 Bucket Name which uniquely identifies the bucket.
+This must be passed as a `bucket_name: 'value'` key-value entry in a hash.
+
+### key _(required)_
+
+The S3 Bucket Key which uniquely identifies the bucket object.
+This must be passed as a `key: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html).
+
+## Properties
+
+| Property | Description |
+| -------------- | ------------------------------------------------------------------------ |
+| bucket_name | The name of the bucket. |
+| key | The key within the bucket. |
+| content_length | Size of the body in bytes. |
+| content_type | A standard MIME type describing the format of the object data. |
+| object_acl | An array of AWS Grants detailing permission grants on the bucket object. |
+
+There are also additional properties available. For a comprehensive list, see [the API reference documentation](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
+
+## Examples
+
+### Test an object's object-level ACL
+
+ describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do
+ its('object_acl.count') { should eq 1 }
+ end
+
+### Test an object's size in bytes is less than `100000`
+
+ describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do
+ its('content_length') { should be < 1_000_000 }
+ end
+
+### Test an object's type is "image/jpeg"
+
+ describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do
+ its('content_type') { should eq "image/jpeg" }
+ end
+
+### Check to see if a object appears to be exposed to the public
+
+ describe aws_s3_bucket_object(bucket_name: 'test_bucket', key: 'test_key') do
+ it { should_not be_public }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](/inspec/matchers/).
+
+### be_public
+
+The `be_public` matcher tests if the object has potentially insecure access controls. This high-level matcher detects several insecure conditions, which may be enhanced in the future. Currently, the matcher reports an insecure object if any of the following conditions are met:
+
+1. A object ACL grant exists for the 'AllUsers' group
+1. A object ACL grant exists for the 'AuthenticatedUsers' group
+
+{{< note >}}
+This resource does not detect insecure bucket ACLs.
+{{< /note >}}
+
+ it { should_not be_public }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `s3:GetObject`, and `s3:GetObjectAcl` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_buckets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_buckets.md
new file mode 100644
index 0000000000..350c3b700c
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_s3_buckets.md
@@ -0,0 +1,70 @@
++++
+title = "aws_s3_buckets resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_s3_buckets"
+ identifier = "inspec/resources/aws/aws_s3_buckets.md aws_s3_buckets"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_s3_buckets` InSpec audit resource to list all buckets in a single account.
+
+## Syntax
+
+An `aws_s3_buckets` resource block takes no arguments
+
+ describe aws_s3_buckets do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html).
+
+## Properties
+
+| Property | Description |
+| ------------ | -------------------------------------------------------------------------------------------- |
+| bucket_names | An Array of bucket names. |
+| tags | An hash with each key-value pair corresponding to a tag associated with the entity |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Examine what buckets have been created.
+
+ describe aws_s3_buckets do
+ its('bucket_names') { should eq ['my_bucket'] }
+ # OR
+ its('bucket_names') { should include 'my_bucket' }
+ end
+
+### Check the tags on buckets
+
+ describe aws_s3_buckets.where( bucket_names: 'my-bucket' ) do
+ its('tags') { should include(:Environment => 'env-name',
+ :Name => 'bucket-name')}
+ end
+
+## Matchers
+
+### exists
+
+The control will pass if the resource contains at least one bucket.
+
+ # Test if there are any buckets
+ describe aws_s3_buckets
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `s3:ListAllMyBuckets` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_security_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_security_group.md
new file mode 100644
index 0000000000..abda0fcf82
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_security_group.md
@@ -0,0 +1,238 @@
++++
+title = "aws_security_group resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_security_group"
+ identifier = "inspec/resources/aws/aws_security_group.md aws_security_group"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
+
+SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security.
+
+## Limitations
+
+While this resource provides facilities for searching inbound and outbound rules on a variety of criteria, there is currently no support for performing matches based on:
+
+- References to VPC peers or other AWS services (that is, no support for searches based on 'prefix lists').
+
+## Syntax
+
+ describe aws_security_group('sg-12345678') do
+ it { should exist }
+ end
+
+ # May also use hash syntax
+ describe aws_security_group(group_id: 'sg-12345678') do
+ it { should exist }
+ end
+
+ # Ensure you have a Security Group with a specific name. Names are
+ # unique within a VPC but not across VPCs.
+ # Using only Group returns an error if multiple SGs match.
+ describe aws_security_group(group_name: 'my-group') do
+ it { should exist }
+ end
+
+ # Add vpc_id to ensure uniqueness.
+ describe aws_security_group(group_name: 'my-group', vpc_id: 'vpc-12345678') do
+ it { should exist }
+ end
+
+## Parameters
+
+You must provide at least one parameter; `group_id`, `group_name` or `vpc_id`
+
+### group_id _(required if no other parameter provided)_
+
+The Security Group ID which uniquely identifies the SG.
+This can be passed either as a string or as a `group_id: 'value'` key-value entry in a hash.
+
+### group_name _(required if no other parameter provided)_
+
+The Security Group name.
+This can be passed either as a string or as a `group_name: 'value'` key-value entry in a hash.
+
+### vpc_id _(required if no other parameter provided)_
+
+The ID of the VPC associated with the SG.
+This can be passed either as a string or as a `vpc_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html).
+
+## Properties
+
+| Property | Description |
+| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| description | A String reflecting the human-meaningful description that was given to the SG at creation time. |
+| group_id | Provides the Security Group ID. |
+| group_name | A String reflecting the name that was given to the SG at creation time. |
+| inbound_rules | A list of the rules that the Security Group applies to incoming network traffic. |
+| inbound_rules_count | A Number totalling the number of individual rules defined - It is a sum of the combinations of port, protocol, IPv4 rules, IPv6 rules and security group rules. |
+| outbound_rules | A list of the rules that the Security Group applies to outgoing network traffic initiated by the AWS resource in the Security Group. |
+| outbound_rules_count | A Number totalling the number of individual rules defined - It is a sum of the combinations of port, protocol, IPv4 rules, IPv6 rules and security group rules. |
+| vpc_id | A String in the format `vpc-` followed by 8 hexadecimal characters reflecting VPC that contains the Security Group. |
+| tags | The tags of the security group. |
+
+## Examples
+
+### Test outbound rules
+
+ describe aws_security_group(group_name: isolated_servers) do
+ its('outbound_rules.last') { should_not include(ip_ranges:['0.0.0.0/0']) }
+ end
+
+### Test a rule that allows All Traffic
+
+ describe aws_security_group(group_name: my_group) do
+ it { should allow_in(ipv4_range: ["10.1.2.0/24", "10.3.2.0/24"], protocol: 'all') }
+ end
+
+### Ensure a SG only allows SSH from a specific range
+
+ describe aws_security_group(group_name: linux_servers) do
+ it { should allow_in(port: 22, ipv4_range: '10.5.0.0/16') }
+ it { should_not allow_in(port: 22, ipv4_range: '0.0.0.0/0') }
+ end
+
+### Ensure that the careful_updates Security Group may only initiate contact with specific IPs.
+
+ describe aws_security_group(group_name: 'careful_updates') do
+
+ # If you have two rules, with one CIDR each:
+ [ '10.7.23.12/32', '10.8.23.12/32' ].each do |allowed_destination|
+ # This doesn't care about which ports are enabled
+ it { should allow_out(ipv4_range: allowed_destination) }
+ end
+
+ # If you have one rule with two CIDRs:
+ it { should allow_out(ipv4_range: [ '10.7.23.12/32', '10.8.23.12/32' ]) }
+
+ # Expect exactly three rules.
+ its('outbound_rules.count') { should cmp 3 }
+ end
+
+### Ensure that the canary_deployments Security Group only allows access from one specific security group id on port 443.
+
+ describe aws_security_group(group_name: 'canary_deployments') do
+ it { should allow_in_only(port: 443, security_group: "sg-33334444") }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of additional available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### allow
+
+The `allow` series of matchers includes:
+
+- allow_in
+- allow_out
+- allow_in_only
+- allow_out_only
+
+The `allow` series of matchers enable you to perform queries about what network traffic would be permitted through the Security Group rule set.
+
+`allow_in` and `allow_in_exactly` examine inbound rules, and `allow_out` and `allow_out_exactly` examine outbound rules.
+
+`allow_in` and `allow_out` examine if at least one rule that matches the criteria exists. `allow_in` and `allow_out` also perform inexact (ie, range-based or subset-based) matching on ports and IP addresses ranges, allowing you to specify a candidate port or IP address and determine if it is covered by a rule.
+
+`allow_in_only` and `allow_out_only` examines if exactly one rule exists (but see `position`, below), and if it matches the criteria (this is useful for ensuring no unexpected rules have been added). Additionally, `allow_in_only` and `allow_out_only` do _not_ perform inexact matching; you must specify exactly the port range or IP address(es) you wish to match.
+
+### Matchers search criteria
+
+The matchers accept a key-value list of search criteria. For a rule to match, it must match all provided criteria.
+
+`from_port`
+: Determines if a rule exists whose port range begins at the specified number. The word `from_` does _not_ relate to inbound/outbound directionality; it relates to the port range ("counting _from_"). `from_port` is an exact criterion; so if the rule allows 1000-2000 and you specify a `from_port` of 1001, it does not match.
+
+`ipv4_range`
+: Specifies an IPv4 address or subnet as a CIDR, or a list of them, to be checked as a permissible origin (for `allow_in`) or destination (for `allow_out`) for traffic. Each AWS Security Group rule may have multiple allowed source IP ranges.
+
+`ipv6_range`
+: Specifies an IPv6 address or subnet as a CIDR, or a list of them, to be checked as a permissible origin (for `allow_in`) or destination (for `allow_out`) for traffic. Each AWS Security Group rule may have multiple allowed source IP ranges.
+
+`port`
+: Determines if a particular TCP/IP port is reachable. `allow_in` and `allow_out` examine whether the specified port is included in the port range of a rule, while `allow_in`. You may specify the port as a string (`'22'`) or as a number.
+
+`position`
+: A one-based index into the list of rules. If provided, this restricts the evaluation to the rule at that position. You may also use the special values `:first` and `:last`. `position` may also be used to enable `allow_in_only` and `allow_out_only` to work with multi-rule Security Groups.
+
+`protocol`
+: Specifies the IP protocol. `tcp`, `udp`, and `icmp` are some typical values. The string `"-1"` or `any` is used to indicate any protocol.
+
+`to_port`
+: Determines if a rule exists whose port range ends at the specified number. The word `to_` does _not_ relate to inbound/outbound directionality; it relates to the port range ("counting _to_"). `to_port` is an exact criterion; so if the rule allows 1000-2000 and you specify a `to_port` of 1999, it does not match.
+
+`security_group`
+: Specifies a security-group id, to be checked as permissible origin (for `allow_in`) or destination (for `allow_out`) for traffic. Each AWS Security Group rule may have multiple allowed source or destination security groups.
+
+```ruby
+describe aws_security_group(group_name: 'mixed-functionality-group') do
+ # Allow RDP from defined range
+ it { should allow_in(port: 3389, ipv4_range: '10.5.0.0/16') }
+ it { should allow_in(port: 3389, ipv6_range: '2001:db8::/122') }
+
+ # Allow SSH from two ranges
+ it { should allow_in(port: 22, ipv4_range: ['10.5.0.0/16', '10.2.3.0/24']) }
+
+ # Check Bacula port range
+ it { should allow_in(from_port: 9101, to_port: 9103, ipv4_range: '10.6.7.0/24') }
+
+ # Assuming the AWS SG allows 9001-9003, use inexact matching to check 9002
+ it { should allow_in(port: 9002) }
+
+ # Assuming the AWS SG allows 10.2.1.0/24, use inexact matching to check 10.2.1.33/32
+ it { should allow_in(ipv4_range: '10.2.1.33/32') }
+
+ # Ensure the 3rd outbound rule is TCP-based
+ it { should allow_in(protocol: 'tcp', position: 3') }
+
+ # Do not allow unrestricted IPv4 access.
+ it { should_not allow_in(ipv4_range: '0.0.0.0/0') }
+
+ # Allow unrestricted access from security-group.
+ it { should allow_in(security_group: 'sg-11112222') }
+end
+```
+
+Suppose you have a Group that should allow SSH and RDP from
+the admin network, 10.5.0.0/16. The resource has 2 rules to
+allow this, and you want to ensure no others have been added.
+
+```ruby
+describe aws_security_group(group_name: 'admin-group') do
+ # Allow RDP from a defined range and nothing else
+ # The SG must have this rule in position 1 and it must match this exactly
+ it { should allow_in_only(port: 3389, ipv4_range: '10.5.0.0/16', position: 1) }
+
+ # Specify position 2 for the SSH rule. Without `position`,
+ # allow_in_only only allows one rule, total.
+ it { should allow_in_only(port: 22, ipv4_range: '10.5.0.0/16', position: 2) }
+
+ # Because this is an _only matcher, this fails - _only matchers
+ # use exact IP matching.
+ it { should allow_in_only(port: 3389, ipv4_range: '10.5.1.34/32', position: 1) }
+end
+```
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSecurityGroups` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_security_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_security_groups.md
new file mode 100644
index 0000000000..c52a5528f0
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_security_groups.md
@@ -0,0 +1,83 @@
++++
+title = "aws_security_groups resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_security_groups"
+ identifier = "inspec/resources/aws/aws_security_groups.md aws_security_groups resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups.
+
+Security groups are a networking construct that contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security.
+
+## Syntax
+
+An `aws_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
+
+ describe aws_security_groups do
+ its('entries.count') { should be > 1 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html).
+
+## Properties
+
+| Property | Description |
+| ----------- | -------------------------------------------------------------------------------------------- |
+| group_ids | The name of the auto scaling launch configuration associated with the auto scaling group |
+| group_names | An integer indicating the maximum number of instances in the auto scaling group |
+| vpc_ids | An integer indicating the desired number of instances in the auto scaling group |
+| tags | An integer indicating the minimum number of instances in the auto scaling group |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Look for a particular security group in just one VPC
+
+ describe aws_security_groups.where( vpc_id: 'vpc-12345678') do
+ its('group_ids') { should include('sg-abcdef12')}
+ end
+
+### Examine the default security group in all VPCs
+
+ describe aws_security_groups.where( group_name: 'default') do
+ it { should exist }
+ end
+
+### Allow at most 100 security groups on the account
+
+ describe aws_security_groups do
+ its('entries.count') { should be <= 100}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the filter returns at least one result.
+
+Use `should_not` if you expect zero matches.
+
+ # You will always have at least one SG, the VPC default SG
+ describe aws_security_groups
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSecurityGroups` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_subscription.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_subscription.md
new file mode 100644
index 0000000000..ea20e48751
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_subscription.md
@@ -0,0 +1,105 @@
++++
+title = "aws_sns_subscription resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_sns_subscription"
+ identifier = "inspec/resources/aws/aws_sns_subscription.md aws_sns_subscription"
+ parent = "inspec/resources/aws"
++++
+
+[\[edit on GitHub\]](https://github.com/inspec/inspec/blob/main/docs-chef-io/content/aws_sns_subscription.md)
+
+Use the `aws_sns_subscription` InSpec audit resource to test detailed properties of a AWS SNS Subscription.
+
+## Syntax
+
+An `aws_sns_subscription` resource block uses resource parameters to search for a SNS Subscription, and then tests that subscriptions properties. If no Subscriptions match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`.
+
+ describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
+ it { should exist }
+ end
+
+## Parameters
+
+### subscription_arn _(required)_
+
+This resource accepts a single parameter, the subscription_arn.
+This can be passed either as a string or as a `subscription_arn: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------------ | ------------------------------------------------------------------------------------------ |
+| arn | An integer indicating the minimum number of instances in the auto scaling group |
+| owner | An integer indicating the maximum number of instances in the auto scaling group |
+| raw_message_delivery | An integer indicating the desired number of instances in the auto scaling group |
+| topic_arn | The name of the auto scaling launch configuration associated with the auto scaling group |
+| protocol | An array of strings corresponding to the subnet IDs associated with the auto scaling group |
+| confirmation_was_authenticated | An hash with each key-value pair corresponding to a tag associated with the entity |
+
+## Examples
+
+### Inspect the endpoint
+
+ describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
+ # If protocol is 'sms', this should be a phone number:
+ its('endpoint') { should cmp '+16105551234' }
+ # If protocol is 'email' or 'email-json', endpoint should be an email address
+ its('endpoint') { should cmp 'myemail@example.com' }
+ # If protocol is 'http', endpoint should be a URL beginning with 'https://'
+ its('endpoint') { should cmp 'https://www.exampleurl.com' }
+ # If the protocol is 'lambda', its endpoint should be the ARN of a AWS Lambda function
+ its('endpoint') { should cmp 'rn:aws:lambda:us-east-1:account-id:function:myfunction' }
+ end
+
+### Inspect the owners ID
+
+ describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
+ its('owner') { should cmp '12345678' }
+ end
+
+### Inspect the endpoint
+
+ describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
+ its('protocol') { should cmp 'sqs' }
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ it { should exist }
+
+ it { should_not exist }
+
+### be_confirmation_authenticated
+
+Provides whether or not the subscription confirmation request was authenticated.
+
+ describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
+ it { should be_confirmation_authenticated }
+ end
+
+### have_raw_message_delivery
+
+Provides whether or not the original message is passed as is, not formatted as a json or yaml.
+
+ describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
+ it { should have_raw_message_delivery }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sns:GetSubscriptionAttributes` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_topic.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_topic.md
new file mode 100644
index 0000000000..a4e2377cd0
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_topic.md
@@ -0,0 +1,72 @@
++++
+title = "aws_sns_topic resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_sns_topic"
+ identifier = "inspec/resources/aws/aws_sns_topic.md aws_sns_topic"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS Simple Notification Service Topic. SNS topics are channels for related events. AWS resources place events in the SNS topic, while other AWS resources subscribe to receive notifications when new events occur.
+
+## Syntax
+
+ describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
+ it { should exist }
+ end
+
+ # You may also use has syntax to pass the ARN
+ describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do
+ it { should exist }
+ end
+
+## Parameters
+
+### arn _(required)_
+
+This resource accepts a single parameter, the ARN of the SNS Topic.
+This can be passed either as a string or as a `arn: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html).
+
+## Properties
+
+| Property | Description |
+| ---------------------------- | ------------------------------------------------------------------- |
+| confirmed_subscription_count | An integer indicating the number of currently active subscriptions. |
+
+## Examples
+
+### Make sure something is subscribed to the topic
+
+ describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
+ its('confirmed_subscription_count') { should_not be_zero}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_sns_topic('arn:aws:sns:*::good-news') do
+ it { should exist }
+ end
+
+ describe aws_sns_topic('arn:aws:sns:*::bad-news') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sns:GetTopicAttributes` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_topics.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_topics.md
new file mode 100644
index 0000000000..6afc7019ec
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sns_topics.md
@@ -0,0 +1,68 @@
++++
+title = "aws_sns_topics resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_sns_topics"
+ identifier = "inspec/resources/aws/aws_sns_topics.md aws_sns_topics"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_sns_topics` InSpec audit resource to test all or a group of the SNS Topic ARNs in an account.
+
+User the 'aws_sns_topic' InSpec audit resource to test a single SNS Topic in an account.
+
+## Syntax
+
+ # Get all SNS Topic arns
+ describe aws_sns_topics do
+ its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html).
+
+## Properties
+
+| Property | Description |
+| ---------- | -------------------------------------------------------------------------------------------- |
+| topic_arns | The ARNs of the SNS Topics. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Ensure a Topic exists
+
+ describe aws_sns_topics do
+ its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' }
+ end
+
+## Matchers
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_sns_topics do
+ it { should exist }
+ end
+
+ describe aws_sns_topics do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sns:ListTopics` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sqs_queue.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sqs_queue.md
new file mode 100644
index 0000000000..cadb7e567c
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sqs_queue.md
@@ -0,0 +1,99 @@
++++
+title = "aws_sqs_queue resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_sqs_queue"
+ identifier = "inspec/resources/aws/aws_sqs_queue.md aws_sqs_queue"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_sqs_queue` InSpec audit resource to test properties of a single AWS Simple Queue Service queue.
+
+## Syntax
+
+ describe aws_sqs_queue(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ it { should exist }
+ end
+
+## Parameters
+
+### queue_url _(required)_
+
+This resource accepts a single parameter, the SQS Queue URL.
+This can be passed either as a string or as a `queue_url: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------------------ | ------------------------------------------------------------------------------------------------------ |
+| arn | The ARN of the SQS Queue. |
+| is_fifo_queue | A boolean value indicating if this queue is a FIFO queue |
+| visibility_timeout | An integer indicating the visibility timeout of the message in seconds |
+| maximum_message_size | An integer indicating the maximum message size in bytes |
+| message_retention_period | An integer indicating the maximum retention period for a message in seconds |
+| delay_seconds | An integer indicating the delay in seconds for the queue |
+| receive_message_wait_timeout_seconds | An integer indicating the number of seconds an attempt to receive a message will wait before returning |
+| content_based_deduplication | A boolean value indicating if content based dedcuplication is enabled or not |
+| redrive_policy | A string indicating the redrive policy |
+
+## Examples
+
+### Ensure that a queue exists and has a visibility timeout of 300 seconds
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ it { should exist }
+ its('visibility_timeout') { should be 300 }
+ end
+
+### Ensure maximum message size is set
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ its('maximum_message_size') { should be 262144 } # 256 KB
+ end
+
+### Test the delay time
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ its('delay_seconds') { should be 0 }
+ end
+
+### Ensure messages are retained for 4 days
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ its('message_retention_period') { should be 345600 } # 4 days
+ end
+
+### Check if queue is fifo
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ its('is_fifo_queue') { should be false }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ it { should exist }
+ end
+
+ describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sqs:GetQueueAttributes` action with Effect set to Allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sqs_queues.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sqs_queues.md
new file mode 100644
index 0000000000..27e4628fdc
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sqs_queues.md
@@ -0,0 +1,71 @@
++++
+title = "aws_sqs_queues"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_sqs_queues"
+ identifier = "inspec/resources/aws/aws_sqs_queues.md aws_sqs_queues"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_sqs_queues` InSpec audit resource to test properties of some or all AWS Simple Queue Service queues.
+
+## Syntax
+
+ describe aws_sqs_queues() do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html).
+
+## Properties
+
+| Property | Description |
+| ------------------------------------ | ------------------------------------------------------------------------------------------------------ |
+| arns | The ARNs of the SQS Queues. |
+| is_fifo_queues | A boolean value indicating if queues are FIFO queues |
+| visibility_timeouts | An integer indicating the visibility timeout of the message in seconds |
+| maximum_message_sizes | An integer indicating the maximum message size in bytes |
+| message_retention_periods | An integer indicating the maximum retention period for a message in seconds |
+| delay_seconds | An integer indicating the delay in seconds for the queues |
+| receive_message_wait_timeout_seconds | An integer indicating the number of seconds an attempt to receive a message will wait before returning |
+| content_based_deduplications | A boolean value indicating if content based deduplication is enabled or not |
+
+## Examples
+
+### Ensure that a queue exists and has a visibility timeout of 300 seconds
+
+ describe aws_sqs_queues.where(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
+ it { should exist }
+ its('visibility_timeout') { should be 300 }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_sqs_queues() do
+ it { should exist }
+ end
+
+ describe aws_sqs_queues() do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sqs:GetQueueAttributes` action with Effect set to Allow.
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ssm_parameter.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ssm_parameter.md
new file mode 100644
index 0000000000..369d95f605
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ssm_parameter.md
@@ -0,0 +1,83 @@
++++
+title = "aws_ssm_parameter resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ssm_parameter"
+ identifier = "inspec/resources/aws/aws_ssm_parameter.md aws_ssm_parameter resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ssm_parameter` InSpec audit resource to test properties of a ssm parameter.
+
+## Syntax
+
+An `aws_ssm_parameter` resource block uses the parameter to select a ssm parameter.
+
+ describe aws_ssm_parameter(name: 'ssm-parameter-name-1234') do
+ it { should exist }
+ end
+
+## Parameters
+
+### name _(required)_
+
+This resource accepts a single parameter, the SSM Parameter Name.
+This can be passed either as a string or as a `aws_ssm_parameter: 'value'` key-value entry in a hash.
+
+### with_decryption _(optional)_
+
+This decrypts the value associated with the ssm parameter. This must be passed as a string `with_decryption: "true"`.
+
+See also the [AWS documentation on SSM Parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html).
+
+## Properties
+
+| Property | Description |
+| ------------------ | -------------------------------------------------------------------------------------------------- |
+| arn | Provides the Amazon Resource Name (ARN) of the parameter. |
+| data_type | Provides the data type of the parameter. |
+| last_modified_date | Provides the date the parameter was last changed or updated and the parameter version was created. |
+| name | Provides the name of the parameter. |
+| selector | Provides the version number or label used to retrieve the parameter value. |
+| source_result | Applies to parameters that reference information in other AWS services. |
+| type | Provides the type of the parameter. |
+| value | Provides the value of the parameter. |
+| version | Provides the version of the parameter. |
+
+For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Parameter.html)
+
+## Examples
+
+### Check the Name of a SSM Parameter
+
+ describe aws_ssm_parameter(name: 'ssm_parameter-name-1234') do
+ its('name') { should eq 'ssm_parameter-name-1234' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ssm_parameter(name: 'ssm_parameter-name-1234') do
+ it { should exist }
+ end
+
+ describe aws_ssm_parameter(name: 'ssm_parameter-name-6789') do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ssm:GetParameter` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ssm_parameters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ssm_parameters.md
new file mode 100644
index 0000000000..3e69bf4522
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_ssm_parameters.md
@@ -0,0 +1,75 @@
++++
+title = "aws_ssm_parameters resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_ssm_parameters"
+ identifier = "inspec/resources/aws/aws_ssm_parameters.md aws_ssm_parameters resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_ssm_parameters` InSpec audit resource to test properties of a collection of AWS SSM parameters.
+
+## Syntax
+
+Ensure you have exactly 3 SSM Parameters
+
+ describe aws_ssm_parameters do
+ its('names.count') { should cmp 3 }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on SSM](https://docs.aws.amazon.com/systems-manager/?id=docs_gateway).
+
+## Properties
+
+| Property | Description |
+| ------------------- | -------------------------------------------------------------------------------------------------- |
+| names | Provides the name of the parameter. |
+| types | Provides the type of the parameter. |
+| key_ids | Provides the key id of the parameter. |
+| last_modified_dates | Provides the date the parameter was last changed or updated and the parameter version was created. |
+| last_modified_users | Provides the user that last changed or updated the parameter. |
+| descriptions | Provides the description of the parameter. |
+| versions | Provides the version of the parameter. |
+| tiers | Provides the tier of the parameter. |
+
+For a comprehensive list of properties available, see [the API reference documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_Parameter.html)
+
+## Examples
+
+### Ensure Name of a SSM Parameter exists
+
+ describe aws_ssm_parameters do
+ its('names') { should include 'ssm-parameter-name' }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_ssm_parameters.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_ssm_parameters.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ssm:DescribeParameters` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon Systems Manager](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sts_caller_identity.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sts_caller_identity.md
new file mode 100644
index 0000000000..16d85c4668
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_sts_caller_identity.md
@@ -0,0 +1,73 @@
++++
+title = "aws_sts_caller_identity resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_sts_caller_identity"
+ identifier = "inspec/resources/aws/aws_sts_caller_identity.md aws_sts_caller_identity resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_sts_caller_identity` InSpec audit resource to test properties of AWS IAM identity whose credentials are used in the current InSpec scan.
+
+## Syntax
+
+An `aws_sts_caller_identity` resource block may be used to perform tests on details of the AWS credentials being used in the current InSpec scan. You can also test if the credentials belong to a GovCloud account or not.
+
+ describe aws_sts_caller_identity do
+ it { should exist }
+ end
+
+## Parameters
+
+### name _(required)_
+
+This resource does not expect any parameters.
+
+## Properties
+
+| Property | Description |
+| -------- | --------------------------- |
+| arn | The ARN of the IAM Identity |
+
+## Examples
+
+### Check that the credentials used to run the scan is correct
+
+ describe aws_sts_caller_identity do
+ its("arn") { should match "arn:aws:iam::.*:user/service-account-inspec" }
+ end
+
+### Test if the account belongs to GovCloud
+
+ describe aws_sts_caller_identity do
+ it { should be_govcloud }
+ end
+
+### Skip a test if we are using GovCloud
+
+ if aws_sts_caller_identity.govcloud?
+ describe 'Skipping Root User MFA check as we are on GovCloud' do
+ skip
+ end
+ else
+ describe aws_iam_root_user do
+ it { should have_mfa_enabled }
+ end
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list
+of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### be_govcloud
+
+The `be_govcloud` matcher tests if the account is a 'GovCloud' AWS Account.
+
+ describe aws_sts_caller_identity do
+ it { should_not be_govcloud }
+ end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_subnet.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_subnet.md
new file mode 100644
index 0000000000..e70a732583
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_subnet.md
@@ -0,0 +1,117 @@
++++
+title = "aws_subnet resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_subnet"
+ identifier = "inspec/resources/aws/aws_subnet.md aws_subnet resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet.
+
+## Syntax
+
+An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
+
+ describe aws_subnet(subnet_id: 'subnet-1234567') do
+ it { should exist }
+ end
+
+## Parameters
+
+### subnet_id _(required)_
+
+This resource accepts a single parameter, the Subnet ID.
+This can be passed either as a string or as a `subnet_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html).
+
+## Properties
+
+| Property | Description |
+| -------------------------- | -------------------------------------------------------------- |
+| subnet_id | Provides the ID of the Subnet. |
+| vpc_id | Provides the ID of the VPC the subnet is in. |
+| availability_zone | Provides the Availability Zone of the subnet. |
+| cidr_block | Provides the block of ip addresses specified to the subnet. |
+| available_ip_address_count | Provides the number of available IPv4 addresses on the subnet. |
+
+## Examples
+
+### Check availability zone of a subnet
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ its('availability_zone') { should eq 'us-east-1c' }
+ end
+
+### Check the number of available IP addresses
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ its('available_ip_address_count') { should eq 251 }
+ end
+
+### Test the block of ip addresses specified to the subnet
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ its('cidr_block') { should eq '10.0.1.0/24' }
+ end
+
+### Ensure the subnet is in the right VPC
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ its('vpc_id') { should eq 'vpc-12345678' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### assigning_ipv_6_address_on_creation
+
+Detects if the network interface on the subnet accepts IPv6 addresses.
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ it { should be_assigning_ipv_6_address_on_creation }
+ end
+
+### available
+
+Provides the current state of the subnet.
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ it { should be_available }
+ end
+
+### default_for_az
+
+Detects if the subnet is the default subnet for the Availability Zone.
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ it { should be_default_for_az }
+ end
+
+### mapping_public_ip_on_launch
+
+Provides the VPC ID for the subnet.
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ it { should be_mapping_public_ip_on_launch }
+ end
+
+### exist
+
+The `exist` matcher indicates that a subnet exists for the specified vpc.
+
+ describe aws_subnet(subnet_id: 'subnet-12345678') do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSubnets` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_subnets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_subnets.md
new file mode 100644
index 0000000000..c84e4c33ba
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_subnets.md
@@ -0,0 +1,97 @@
++++
+title = "aws_subnets resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_subnets"
+ identifier = "inspec/resources/aws/aws_subnets.md aws_subnets resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
+
+Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
+VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
+Separating IP addresses allows for protection if there is a failure in one availability zone.
+
+## Syntax
+
+An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
+
+ # Test all subnets within a single vpc
+ describe aws_subnets.where(vpc_id: 'vpc-12345678') do
+ its('subnet_ids') { should include 'subnet-12345678' }
+ its('subnet_ids') { should include 'subnet-98765432' }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html).
+
+## Properties
+
+| Property | Description |
+| ----------------------- | ------------------------------------------------------------------------------------------------- |
+| subnet_ids | The name of the auto scaling launch configuration associated with the auto scaling group |
+| vpc_ids | An integer indicating the maximum number of instances in the auto scaling group |
+| cidr_blocks | An integer indicating the minimum number of instances in the auto scaling group |
+| availability_zone | The availability zone this subnet is part of. |
+| map_public_ip_on_launch | A boolean indicating if a public IP is automatically mapped to instances launched in this subnet. |
+| states | An array of strings corresponding to the subnet IDs associated with the auto scaling group |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Look for all subnets within a vpc
+
+ describe aws_subnets.where( vpc_id: 'vpc-12345678') do
+ its('subnet_ids') { should include 'subnet-12345678' }
+ its('subnet_ids') { should include 'subnet-98765432' }
+ end
+
+### Examine a specific subnet
+
+ describe aws_subnets.where(subnet_id: 'subnet-12345678') do
+ its('cidr_blocks') { should eq ['10.0.1.0/24'] }
+ end
+
+### Examine a specific vpcs Subnet IDs
+
+ describe aws_subnets.where( vpc_id: 'vpc-12345678') do
+ its('states') { should_not include 'pending' }
+ end
+
+### Examine a specific subnets VPC IDS
+
+ describe aws_subnets.where( subnet_id: 'subnet-12345678') do
+ its('vpc_ids') { should include 'vpc-12345678' }
+ end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+## exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_subnets.where( : ) do
+ it { should exist }
+ end
+
+ describe aws_subnets.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSubnets` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_transit_gateway.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_transit_gateway.md
new file mode 100644
index 0000000000..ce31a95b7f
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_transit_gateway.md
@@ -0,0 +1,69 @@
++++
+title = "aws_transit_gateway resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_transit_gateway"
+ identifier = "inspec/resources/aws/aws_transit_gateway.md aws_transit_gateway resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_transit_gateway` InSpec audit resource to test properties of a transit gateway.
+
+## Syntax
+
+An `aws_transit_gateway` resource block uses the parameter to select a transit gateway.
+
+ describe aws_transit_gateway(transit_gateway_id: 'tgw-1234567') do
+ it { should exist }
+ end
+
+## Parameters
+
+### transit_gateway_id _(required)_
+
+This resource accepts a single parameter, the Transit Gateway ID.
+This can be passed either as a string or as a `transit_gateway_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on Transit Gateways](https://docs.aws.amazon.com/vpc/latest/tgw/).
+
+## Properties
+
+| Property | Description |
+| ---------------------------------- | ----------------------------------------------------------------------- |
+| transit_gateway_id | Provides the ID of the Transit Gateway. |
+| transit_gateway_arn | Provides the ARN of the Transit Gateway. |
+| transit_gateway_owner_id | Provides the id of the owner of the Transit Gateway. |
+| default_route_table_id | Provides the id of the default route table of the Transit Gateway. |
+| propagation_default_route_table_id | Provides the propagation default route table id for the Transit gateway |
+| dns_support | Provides the status of dns support for the Transit Gateway |
+| vpn_ecmp_support | Provides the status of vpn ecmp support for the Transit Gateway |
+
+## Examples
+
+### Check the owner id zone of the Transit Gateway
+
+ describe aws_transit_gateway(transit_gateway_id: 'tgw-0e231ae7f5e5e7bd5') do
+ its('transit_gateway_owner_id') { should eq 'owner_id' }
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### exist
+
+The `exist` matcher indicates that a transit gateway exists.
+
+ describe aws_transit_gateway(transit_gateway_id: 'tgw-0e231ae7f5e5e7bd5') do
+ it { should exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeTransitGateways` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_vpc.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_vpc.md
new file mode 100644
index 0000000000..a07c9ffafd
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_vpc.md
@@ -0,0 +1,108 @@
++++
+title = "aws_vpc resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_vpc"
+ identifier = "inspec/resources/aws/aws_vpc.md aws_vpc resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_vpc` InSpec audit resource to test properties of a single AWS Virtual Private Cloud (VPC).
+
+Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
+
+Every AWS account has at least one VPC, the "default" VPC, in every region.
+
+## Syntax
+
+An `aws_vpc` resource block identifies a VPC by id. If no VPC ID is provided, the default VPC is used.
+
+ # Find the default VPC
+ describe aws_vpc do
+ it { should exist }
+ end
+
+ # Find a VPC by ID
+ describe aws_vpc('vpc-12345678987654321') do
+ it { should exist }
+ end
+
+ # Hash syntax for ID
+ describe aws_vpc(vpc_id: 'vpc-12345678') do
+ it { should exist }
+ end
+
+## Parameters
+
+If no parameter is provided, the subscription's default VPC will be returned.
+
+### vpc_id _(optional)_
+
+This resource accepts a single parameter, the VPC ID.
+This can be passed either as a string or as a `vpc_id: 'value'` key-value entry in a hash.
+
+See also the [AWS documentation on VPCs](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html).
+
+## Properties
+
+| Property | Description |
+| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
+| cidr_block | The IPv4 address range that is managed by the VPC. |
+| dhcp_options_id | The ID of the set of DHCP options associated with the VPC (or `default` if the default options are associated with the VPC). |
+| instance_tenancy | The allowed tenancy of instances launched into the VPC. |
+| state | The state of the VPC (`pending` | `available`). |
+| vpc_id | The ID of the VPC. |
+| tags | The tags of the VPC. |
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the CIDR of a named VPC
+
+ describe aws_vpc('vpc-87654321') do
+ its('cidr_block') { should cmp '10.0.0.0/16' }
+ end
+
+### Test the state of the VPC
+
+ describe aws_vpc do
+ its ('state') { should eq 'available' }
+ # or equivalently
+ it { should be_available }
+ end
+
+### Test the allowed tenancy of instances launched into the VPC
+
+ describe aws_vpc do
+ its ('instance_tenancy') { should eq 'default' }
+ end
+
+### Test tags on the VPC
+
+ describe aws_vpc do
+ its('tags') { should include(:Environment => 'env-name',
+ :Name => 'vpc-name')}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### be_default
+
+The test will pass if the identified VPC is the default VPC for the region.
+
+ describe aws_vpc('vpc-87654321') do
+ it { should be_default }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_vpcs.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_vpcs.md
new file mode 100644
index 0000000000..c70e88b307
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/aws_vpcs.md
@@ -0,0 +1,102 @@
++++
+title = "aws_vpcs resource"
+draft = false
+gh_repo = "inspec"
+platform = "aws"
+
+[menu]
+ [menu.inspec]
+ title = "aws_vpcs"
+ identifier = "inspec/resources/aws/aws_vpcs.md aws_vpcs resource"
+ parent = "inspec/resources/aws"
++++
+
+Use the `aws_vpcs` InSpec audit resource to test properties of some or all AWS Virtual Private Clouds (VPCs).
+
+Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
+
+Every AWS account has at least one VPC, the "default" VPC, in every region.
+
+## Syntax
+
+An `aws_vpcs` resource block uses an optional filter to select a group of VPCs and then tests that group.
+
+ # Since you always have at least one VPC, this will always pass.
+ describe aws_vpcs do
+ it { should exist }
+ end
+
+## Parameters
+
+This resource does not expect any parameters.
+
+See also the [AWS documentation on VPCs](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html).
+
+## Properties
+
+| Property | Description |
+| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
+| cidr_blocks | The cidr_blocks property provides a list of the CIDR blocks that the matched VPCs serve as strings. |
+| dhcp_options_ids | The dhcp_option_set_ids property provides a de-duplicated list of the DHCP Option Set IDs that the matched VPCs use when assigning IPs to resources. |
+| vpc_ids | The vpc_ids property provides a list of the IDs of the matched VPCs. |
+| tags | A hash of key-value pairs corresponding to the tags associated with the entity. |
+| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
+
+## Examples
+
+### Ensure all VPCs use the same DHCP option set
+
+ describe aws_vpcs.where { dhcp_options_id != 'dopt-12345678' } do
+ it { should_not exist }
+ end
+
+### Check for a Particular VPC ID
+
+ describe aws_vpcs do
+ its('vpc_ids') { should include 'vpc-12345678' }
+ end
+
+### Use the VPC IDs to Get a List of Default Security Groups
+
+ aws_vpcs.vpc_ids.each do |vpc_id|
+ describe aws_security_group(vpc_id: vpc_id, group_name: 'default') do
+ it { should_not allow_in(port: 22) }
+ end
+ end
+
+### We shun the 10.0.0.0/8 space
+
+ describe aws_vpcs.where { cidr_block.start_with?('10') } do
+ it { should_not exist }
+ end
+
+### Check tags
+
+ describe aws_vpc do
+ its('tags') { should include(:Environment => 'env-name',
+ :Name => 'vpc-name')}
+ end
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exist
+
+The control will pass if the describe returns at least one result.
+
+Use `should_not` to test the entity should not exist.
+
+ describe aws_vpcs do
+ it { should exist }
+ end
+
+ describe aws_vpcs.where( : ) do
+ it { should_not exist }
+ end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_generic_resource.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_generic_resource.md
new file mode 100644
index 0000000000..907c9268d3
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_generic_resource.md
@@ -0,0 +1,181 @@
++++
+title = "azure_generic_resource resource"
+draft = false
+gh_repo = "inspec"
+platform = "azure"
+
+[menu]
+ [menu.inspec]
+ title = "azure_generic_resource"
+ identifier = "inspec/resources/azure/azure_generic_resource.md azure_generic_resource"
+ parent = "inspec/resources/azure"
++++
+
+{{< warning >}}
+
+This resource is deprecated and should not be used. It will be removed in Chef InSpec 5.0. Instead of using any of the demonstration Azure resources included with Chef InSpec, use the [`inspec-azure`](https://github.com/inspec/inspec-azure) resource pack, which offers rich functionality and specific resources to fit many common use cases.
+
+{{< /warning >}}
+
+Use the `azure_generic_resource` Chef InSpec audit resource to test any valid Azure Resource. This is very useful if you need to test something that we do not yet have a specific Chef InSpec resource for.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v2.0.16 of InSpec.
+
+## Syntax
+
+ describe azure_generic_resource(group_name: 'MyResourceGroup', name: 'MyResource') do
+ its('property') { should eq 'value' }
+ end
+
+where:
+
+- `MyResourceGroup` is the name of the resource group that contains the Azure Resource to be validated
+- `MyResource` is the name of the resource that needs to be checked
+- `property` This generic resource dynamically creates the properties on the fly based on the type of resource that has been targeted.
+- `value` is the expected output from the chosen property
+
+## Parameters
+
+- `group_name`
+- `name`
+- `apiversion`
+- `type`
+
+The options that can be passed to the resource are as follows.
+
+### `group_name` (required)
+
+Use this parameter to define the Azure Resource Group to be tested.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
+ ...
+ end
+
+### `name`
+
+Use this parameter to define the name of the Azure resource to test.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
+ ...
+ end
+
+### `apiversion`
+
+The API Version to use when querying the resource. Defaults to the latest version for the resource.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0') do
+ ...
+ end
+
+### `type`
+
+Use this parameter to define the type of resources to test.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0', type: 'Microsoft.Compute/virtualMachines') do
+ ...
+ end
+
+These options can also be set using the environment variables:
+
+- `AZURE_RESOURCE_GROUP_NAME`
+- `AZURE_RESOURCE_NAME`
+- `AZURE_RESOURCE_TYPE`
+- `AZURE_RESOURCE_API_VERSION`
+
+When the options have been set as well as the environment variables, the environment variables take priority.
+
+### Parameter Example
+
+ describe azure_generic_resource(group_name: 'Inspec-Azure', name: 'Linux-Internal-VM', apiversion: '2.0') do
+ its('location') { should eq 'westeurope' }
+ end
+
+## Properties
+
+The properties that can be tested are entirely dependent on the Azure Resource that is under scrutiny. That means the properties vary. The best way to see what is available please use the [Azure Resources Portal](https://resources.azure.com) to select the resource you are interested in and see what can be tested.
+
+This resource allows you to test _any_ valid Azure Resource. The trade off for this is that the language to check each item is not as natural as it would be for a native Chef InSpec resource.
+
+## Property Examples
+
+The following examples show how to use some of the Chef InSpec audit properties:
+
+### Tests the virtual machine's location
+
+ its('location') { should cmp 'westeurope' }
+
+### Tests for the presence of a specified address prefix
+
+ its('properties.addressSpace.addressPrefixes') { should include '10.1.1.0/24' }
+
+### Tests that virtual machine was created from the correct disk
+
+ its('properties.creationData.createOption') { should eq 'FromImage' }
+
+### Tests that the image is Ubuntu
+
+ its('properties.creationData.imageReference.id') { should match 'Canonical' }
+ its('properties.creationData.imageReference.id') { should match 'UbuntuServer' }
+ its('properties.creationData.imageReference.id') { should match '16.04.0-LTS' }
+
+### Tests the disk size
+
+ its('properties.diskSizeGB') { should be > 25 }
+
+### Tests the disk state
+
+ its('properties.diskState') { should cmp 'Attached' }
+
+### Tests that there are no custom DNS settings
+
+ its('properties.dnsSettings.dnsServers.count') { should eq 0 }
+ its('properties.dnsSettings.appliedDnsServers.count') { should eq 0 }
+
+### Tests that the NIC is connected to the correct machine
+
+ its('properties.virtualMachine.id') { should match 'Linux-External-VM' }
+
+### Tests that the blob and file services are enabled
+
+ its('properties.encryption.services.blob.enabled') { should be true }
+ its('properties.encryption.services.file.enabled') { should be true }
+ its('properties.encryption.keySource') { should cmp 'Microsoft.Storage' }
+
+### Test the hardware profile
+
+ its('properties.hardwareProfile.vmSize') { should cmp 'Standard_DS2_v2' }
+
+### Test the network interfaces
+
+ its('properties.networkProfile.networkInterfaces.count') { should eq 1 }
+
+### Test the authentication and OS type
+
+ its('properties.osProfile.computerName') { should eq 'linux-external-1' }
+ its('properties.osProfile.adminUsername') { should eq 'azure' }
+ its('properties.osProfile.linuxConfiguration.disablePasswordAuthentication') { should be true }
+
+### Test that the tags are properly set
+
+ it { should have_tags }
+ its('tag_count') { should be 1 }
+ its('tags') { should include 'Description' }
+ its('Description_tag') { should match 'Externally facing' }
+
+## Matchers
+
+This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+## References
+
+Please see the integration tests for in depth examples of how this resource can be used.
+
+[Chef InSpec Integration Tests for Azure Generic Resources](https://github.com/chef/inspec/tree/main/test/integration/azure/verify/controls)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_resource_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_resource_group.md
new file mode 100644
index 0000000000..27e82e0c41
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_resource_group.md
@@ -0,0 +1,295 @@
++++
+title = "azure_resource_group resource"
+draft = false
+gh_repo = "inspec"
+platform = "azure"
+
+[menu]
+ [menu.inspec]
+ title = "azure_resource_group"
+ identifier = "inspec/resources/azure/azure_resource_group.md azure_resource_group resource"
+ parent = "inspec/resources/azure"
++++
+
+Use the `azure_resource_group_resource_count` Chef InSpec audit resource to check the number of Azure resources in a resource group.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v2.0.16 of InSpec.
+
+## Syntax
+
+The name of the resource group is specified as a parameter on the resource:
+
+ describe azure_resource_group(name: 'MyResourceGroup') do
+ its('property') { should eq 'value' }
+ end
+
+where
+
+- `MyResourceGroup` is the name of the resource group being interrogated
+- `property` is one a resource property
+- `value` is the expected output from the matcher
+
+## Examples
+
+The following examples show how to use this Chef InSpec audit resource:
+
+### Ensure the Resource Group has the correct number of resources
+
+ describe azure_resource_group_resource_count(name: 'InSpec-Azure') do
+ its('total') { should eq 7}
+ end
+
+### Ensure that the Resource Group contains the correct resources
+
+ describe azure_resource_group_resource_count(name: 'InSpec-Azure') do
+ its('total') { should eq 7 }
+ its('vm_count') { should eq 2 }
+ its('nic_count') { should eq 2 }
+ its('public_ip_count') { should eq 1 }
+ its('sa_count') { should eq 1 }
+ its('vnet_count') { should eq 1 }
+ end
+
+## Parameters
+
+- `group_name`
+- `name`
+
+### `group_name` (required)
+
+Use this parameter to define the Azure Resource Group to be tested.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
+ ...
+ end
+
+### `name`
+
+Use this parameter to define the name of the Azure resource to test.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
+ ...
+ end
+
+If both `group_name` and `name` is set then `name` takes priority
+
+These options can also be set using the environment variables:
+
+- `AZURE_RESOURCE_GROUP_NAME`
+- `AZURE_RESOURCE_NAME`
+
+When the options have been set as well as the environment variables, the environment variables take priority.
+
+### Parameter Example
+
+ describe azure_generic_resource(group_name: 'InSpec-Azure', name: 'Linux-Internal-VM') do
+ its('location') { should eq 'westeurope' }
+ end
+
+## Properties
+
+- `name`
+- `location`
+- `id`
+- `provisioning_state`
+- `subscription_id`
+- `total`
+- `nic_count`
+- `vm_count`
+- `extension_count`
+- `vnet_count`
+- `sa_count`
+- `public_ip_count`
+- `managed_disk_image_count`
+- `managed_disk_count`
+- `tag_count`
+
+### name
+
+Tests the name of the resource group.
+
+ its('name') { should cmp 'InSpec-Azure' }
+
+### location
+
+Tests where in Azure the resource group is located.
+
+ its('location') { should cmp 'westeurope' }
+
+### id
+
+Tests the full qualified ID of the resource group.
+
+This takes the format: `/subscriptions//resourceGroups/`.
+
+ its('id') { should cmp 'FQDN' }
+
+### provisioning_state
+
+Tests the provisioning state of the resource group.
+
+ its('provisioning_state') { should cmp 'Succeeded' }
+
+### total
+
+Tests the total number of resources in the resource group.
+
+ its('total') { should eq 13 }
+
+### nic_count
+
+Tests the number of network interface cards in the resource group.
+
+ it { should have_nics }
+ its('nic_count') { should eq 3 }
+
+### vm_count
+
+Tests the number of virtual machines in the resource group.
+
+ its('vm_count') { should eq 5 }
+
+### vnet_count
+
+Tests the number of virtual networks in the resource group.
+
+ its('vnet_count') { should eq 5 }
+
+### sa_count
+
+Tests the number of storage accounts in the resource group.
+
+ its('sa_count') { should eq 5 }
+
+### public_ip_count
+
+Tests the number of Public IP Addresses in the resource group.
+
+ its('public_ip_count') { should eq 5 }
+
+### managed_disk_image_count
+
+Tests the number of managed disk images that are in the resource group.
+
+Managed disks are created from disk images and then attached to the machines. Generally, the images are created from a base image or a custom image (e.g., Packer)
+
+ its('managed_disk_image_count') { should eq 5 }
+
+### managed_disk_count
+
+Tests the number of managed disks in the resource group.
+
+If a resource group contains one virtual machine with an OS disk and 2 data disks that are all Managed Disks, then the count would be 3.
+
+ its('managed_disk_count') { should eq 3 }
+
+## Matchers
+
+This resource has a number of special matchers that provide a simple way to test if a specific Azure Resource type exists in the resource group.
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### have_nics
+
+Use this matcher to test if network interfaces exist.
+
+ it { should have_nics }
+
+### have_vms
+
+Use this matcher to test that virtual machines exist.
+
+ it { should have_vms }
+
+### have_extensions
+
+Use this matcher to test for virtual machine extensions.
+
+ it { should have_extensions }
+
+### have_nsgs
+
+Use this matcher to test that network security groups exist.
+
+ it { should have_nsgs }
+
+### have_vnets
+
+Use this matcher to test that virtual networks exist.
+
+ it { should have_vnets }
+
+### have_managed_disks
+
+Use this matcher to test that managed disks exist.
+
+ it { should have_managed_disks }
+
+### have_managed_disk_images
+
+Use this matcher to test that managed disk images exist.
+
+ it { should have_managed_disk_images }
+
+### have_sas
+
+Use this matcher to test that storage accounts exist.
+
+ it { should have_sas }
+
+### have_public_ips
+
+Use this matcher to test that public ips exist.
+
+ it { should have_public_ips }
+
+## Tags
+
+It is possible to test the tags that have been assigned to the resource. There are some properties for checking that a resource has tags, that it has the correct number of tags, and that the correct tags are assigned.
+
+### have_tags
+
+This is a simple test to see if the machine has tags assigned to it or not.
+
+ it { should have_tags }
+
+### tag_count
+
+Returns the number of tags that are assigned to the resource
+
+ its ('tag_count') { should eq 2 }
+
+### tags
+
+It is possible to check if a specific tag has been set on the resource.
+
+ its('tags') { should include 'owner' }
+
+### xxx_tag
+
+To get the value of the tag, some properties are created from the tags themselves.
+
+For example, if the following tag is set on a resource:
+
+- owner: JG Jinglehimerschmidt
+
+Then a property is available called `Owner_tag`.
+
+ its('owner_tag') { should cmp 'JG Jinglehimerschmidt' }
+
+Note: The tag name is case sensitive which makes the test case sensitive. E.g. `owner_tag` does not equal `Owner_tag`.
+
+## References
+
+For more information on Azure Ruby SDK resources, see:
+
+- [Azure Ruby SDK - Resources](https://github.com/Azure/azure-sdk-for-ruby/tree/main/management/azure_mgmt_resources)
+- [Resource Group](https://github.com/chef/inspec/blob/fc990346f2438690f0ac36a9f6606e61574a79b8/test/azure/verify/controls/resource_group.rb)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_virtual_machine.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_virtual_machine.md
new file mode 100644
index 0000000000..3f75f74dbd
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_virtual_machine.md
@@ -0,0 +1,353 @@
++++
+title = "azure_virtual_machine resource"
+draft = false
+gh_repo = "inspec"
+platform = "azure"
+
+[menu]
+ [menu.inspec]
+ title = "azure_virtual_machine"
+ identifier = "inspec/resources/azure/azure_virtual_machine.md azure_virtual_machine resource"
+ parent = "inspec/resources/azure"
++++
+
+Use the `azure_virtual_machine` Chef InSpec audit resource to ensure that a Virtual Machine has been provisioned correctly.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v2.0.16 of InSpec.
+
+## Syntax
+
+The name of the machine and the resource group are required as properties to the resource.
+
+ describe azure_virtual_machine(group_name: 'MyResourceGroup', name: 'MyVM') do
+ its('property') { should eq 'value' }
+ end
+
+where
+
+- `MyVm` is the name of the virtual machine as seen in Azure; it is **not** the hostname of the machine
+- `MyResourceGroup` is the name of the machine's resource group
+- `property` is one of the resource properties
+- `value` is the expected output from the matcher
+
+## Examples
+
+The following examples show to use this Chef InSpec audit resource.
+
+### Check that the first data disk is of the correct size
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Linux-Internal-VM').where(number: 1) do
+ its('size') { should cmp >= 15 }
+ end
+
+## Parameters
+
+- `group_name`
+- `name`
+- `apiversion`
+
+The options that can be passed to the resource are as follows.
+
+### `group_name` (required)
+
+Use this parameter to define the Azure Resource Group to be tested.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
+ ...
+ end
+
+### `name`
+
+Use this parameter to define the name of the Azure resource to test.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
+ ...
+ end
+
+### `apiversion`
+
+The API Version to use when querying the resource. Defaults to the latest version for the resource.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0') do
+ ...
+ end
+
+These options can also be set using the environment variables:
+
+- `AZURE_RESOURCE_GROUP_NAME`
+- `AZURE_RESOURCE_NAME`
+- `AZURE_RESOURCE_API_VERSION`
+
+When the options have been set as well as the environment variables, the environment variables take priority.
+
+## Properties
+
+- `type`, `location`, `name`, `publisher`, `offer`, `sku`, `os_type`, `os_disk_name`, `have_managed_osdisk`, `caching`, `create_option`, `disk_size_gb`, `have_data_disks`, `data_disk_count` , `storage_account_type`, `vm_size`, `computer_name`, `admin_username`, `have_nics`, `nic_count`, `connected_nics`, `have_password_authentication`, `password_authentication?`, `have_custom_data`, `custom_data?`, `have_ssh_keys`, `ssh_keys?`, `ssh_key_count`, `ssh_keys`, `have_boot_diagnostics`, `boot_diagnostics_storage_uri`
+
+## Property Examples
+
+This Chef InSpec audit resource has the following properties that can be tested:
+
+### type
+
+The Azure Resource type. For a virtual machine this will always return `Microsoft.Compute/virtualMachines`
+
+ its('type') { should cmp 'Microsoft.Compute/virtualMachines' }
+
+### location
+
+Where the machine is located
+
+ its('location') { should eq 'westeurope' }
+
+### name
+
+Name of the Virtual Machine in Azure. Be aware that this is not the computer name or hostname, rather the name of the machine when seen in the Azure Portal.
+
+ its('name') { should cmp 'InSpec-Azure' }
+
+### publisher
+
+The publisher of this machine's build image.
+
+`nil` if the machine was created from a custom image.
+
+ its('publisher') { should cmp 'MicrosoftWindowsServer' }
+
+### offer
+
+The offer from the publisher of the build image.
+
+`nil` if the machine was created from a custom image.
+
+ its('offer') { should cmp 'WindowsServer' }
+
+### sku
+
+The item from the publisher that was used to create the image.
+
+`nil` if the machine was created from a custom image.
+
+ its('sku') { should cmp '2016-Datacenter' }
+
+### os_type
+
+Test that returns the classification in Azure of the operating system type. Usually either `Linux` or `Windows`.
+
+ its('os_type') { should cmp 'Windows' }
+
+### os_disk_name
+
+Return the name of the operating system disk attached to the machine.
+
+ its('os_disk_name') { should cmp 'Windows-Internal-OSDisk-MD' }
+
+### caching
+
+Returns the type of caching that has been set on the operating system disk.
+
+ its('caching') { should cmp 'ReadWrite' }
+
+### create_option
+
+When the operating system disk is created, how it was created is set as a property. This property returns how the disk was created.
+
+ its('create_option') { should cmp 'FromImage' }
+
+### disk_size_gb
+
+Returns the size of the operating system disk.
+
+ its('disk_size_gb') { should be >= 30 }
+
+### data_disk_count
+
+Return the number of data disks that are attached to the machine
+
+### storage_account_type
+
+This provides the storage account type for a machine that is using managed disks for the operating system disk.
+
+ its('storage_account_type') { should cmp 'Standard_LRS' }
+
+### vm_size
+
+The size of the machine in Azure
+
+ its('vm_size') { should eq 'Standard_DS2_v2' }
+
+### computer_name
+
+The name of the machine. This is what was assigned to the machine during deployment and is what _should_ be returned by the `hostname` command.
+
+ its('computer_name') { should cmp 'win-internal-1' }
+
+### admin_username
+
+The admin username that was assigned to the machine
+
+NOTE: Azure does not allow the use of `Administrator` as the admin username on a Windows machine
+
+ its('admin_username') { should cmp 'azure' }
+
+### nic_count
+
+The number of network interface cards that have been attached to the machine
+
+ its('nic_count') { should eq 1 }
+
+### connected_nics
+
+This returns an array of the NIC ids that are connected to the machine. This means that it possible to check that the machine has the correct NIC(s) attached and thus on the correct subnet.
+
+ its('connected_nics') { should include /Inspec-NIC-1/ }
+
+Note the use of the regular expression here. This is because the NIC id is a long string that contains the subscription id, resource group, machine id as well as other things. By using the regular expression the NIC can be checked without breaking this string up. It also means that other tests can be performed.
+
+An example of the id string is `/subscriptions/1e0b427a-d58b-494e-ae4f-ee558463ebbf/resourceGroups/Inspec-Azure/providers/Microsoft.Network/networkInterfaces/Inspec-NIC-1`
+
+### password_authentication?
+
+Boolean to state of password authentication is enabled or not for the admin user.
+
+ its('password_authentication?') { should be false }
+
+This only applies to Linux machines and will always return `true` on Windows.
+
+### custom_data
+
+Boolean to state if the machine has custom data or not
+
+ its('custom_data') { should be true }
+
+### ssh_keys?
+
+Boolean to state of the machine is accessible using SSH keys
+
+ its('ssh_keys?') { should be true }
+
+### ssh_key_count
+
+Returns how many SSH keys have been applied to the machine.
+
+This only applies to Linux machines and will always return `0` on Windows.
+
+ its('ssh_key_count') { should eq '0' }
+
+### ssh_keys
+
+Returns an array of the keys that are assigned to the machine. This checks if the correct keys are assigned.
+
+Most SSH public keys have a signature at the end of them that can be tested. For example:
+
+ its('ssh_keys') { should include /azure@inspec.local/ }
+
+### boot_diagnostics_storage_uri
+
+If boot diagnostics are enabled for the machine they will be saved in a storage account. This method returns the URI for the storage account.
+
+ its('boot_diagnostics_storage_uri') { should match 'ghjgjhgjg' }
+
+## Matchers
+
+There are a number of built in comparison operators that are available to test the result with an expected value.
+
+For information on all that are available please refer to the [Chef InSpec Matchers Reference](/inspec/matchers/) page.
+
+### boot_diagnostics?
+
+Boolean test to see if boot diagnostics have been enabled on the machine
+
+ it { should have_boot_diagnostics }
+
+### have_custom_data
+
+Returns a boolean stating if the machine has custom data assigned to it.
+
+ it { should have_custom_data }
+
+### have_data_disks
+
+Denotes if the machine has data disks attached to it or not.
+
+ it { should have_data_disks }
+
+### have_managed_osdisk
+
+Determine if the operating system disk is a Managed Disks or not.
+
+This test can be used in the following way:
+
+ it { should have_managed_osdisk }
+
+### have_nics
+
+Returns a boolean to state if the machine has NICs connected or not.
+
+This can be used in the following way:
+
+ it { should have_nics }
+
+### have_password_authentication
+
+Returns a boolean to denote if the machine is accessible using a password.
+
+ it { should have_password_authentication }
+
+### have_ssh_keys
+
+Boolean to state if the machine has SSH keys assigned to it
+
+ it { should have_ssh_keys }
+
+For a Windows machine this will always be false.
+
+## Tags
+
+It is possible to test the tags that have been assigned to the resource. There are a number of properties that can be called to check that it has tags, that it has the correct number and that the correct ones are assigned.
+
+### have_tags
+
+This is a simple test to see if the machine has tags assigned to it or not.
+
+ it { should have_tags }
+
+### tag_count
+
+Returns the number of tags that are assigned to the resource
+
+ its ('tag_count') { should eq 2 }
+
+### tags
+
+It is possible to check if a specific tag has been set on the resource.
+
+ its('tags') { should include 'Owner' }
+
+### xxx_tag
+
+To get the value of the tag, a number of tests have been created from the tags that are set.
+
+For example, if the following tag is set on a resource:
+
+- owner: J.G. Jingleheimerschmidt
+
+Then a test is available called `Owner_tag`.
+
+ its('owner_tag') { should cmp 'J.G. Jingleheimerschmidt' }
+
+Note: The tag name is case sensitive which makes the test case sensitive. E.g. `owner_tag` does not equal `Owner_tag`.
+
+## References
+
+- [Azure Ruby SDK - Resources](https://github.com/Azure/azure-sdk-for-ruby/tree/main/management/azure_mgmt_resources)
+- [Virtual Machine External VM](https://github.com/chef/inspec/blob/fc990346f2438690f0ac36a9f6606e61574a79b8/test/azure/verify/controls/virtual_machine_external_vm.rb)
+- [Virtual Machine Internal VM](https://github.com/chef/inspec/blob/fc990346f2438690f0ac36a9f6606e61574a79b8/test/azure/verify/controls/virtual_machine_internal_vm.rb)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_virtual_machine_data_disk.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_virtual_machine_data_disk.md
new file mode 100644
index 0000000000..059474ea2d
--- /dev/null
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azure_virtual_machine_data_disk.md
@@ -0,0 +1,226 @@
++++
+title = "azure_virtual_machine_data_disk resource"
+draft = false
+gh_repo = "inspec"
+platform = "azure"
+
+[menu]
+ [menu.inspec]
+ title = "azure_virtual_machine_data_disk"
+ identifier = "inspec/resources/azure/azure_virtual_machine_data_disk.md azure_virtual_machine_data_disk resource"
+ parent = "inspec/resources/azure"
++++
+
+Use this resource to ensure that a specific data disk attached to a machine has been created properly.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v2.0.16 of InSpec.
+
+## Syntax
+
+The name of the resource group and machine are required to use this resource.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'MyVM') do
+ its('property') { should eq 'value' }
+ end
+
+where:
+
+- `MyVm` is the name of the virtual machine as seen in Azure. (It is **not** the hostname of the machine)
+- `InSpec-Azure` is the name of the resource group that the machine is in.
+- `property` is a resource property
+- `value` is the expected output from the matcher
+
+## Examples
+
+The following examples show to use this Chef InSpec audit resource.
+
+### Check that the first data disk is of the correct size
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Linux-Internal-VM').where(number: 1) do
+ its('size') { should cmp >= 15 }
+ end
+
+## Resource Parameters
+
+- `group_name`
+- `name`
+- `apiversion`
+
+## Parameter Examples
+
+The options that can be passed to the resource are as follows.
+
+### `group_name` (required)
+
+Use this parameter to define the Azure Resource Group to be tested.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
+ ...
+ end
+
+### name
+
+Use this parameter to define the name of the Azure resource to test.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
+ ...
+ end
+
+### apiversion
+
+The API Version to use when querying the resource. Defaults to the latest version for the resource.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0') do
+ ...
+ end
+
+These options can also be set using the environment variables:
+
+- `AZURE_RESOURCE_GROUP_NAME`
+- `AZURE_RESOURCE_NAME`
+- `AZURE_RESOURCE_API_VERSION`
+
+When the options have been set as well as the environment variables, the environment variables take priority.
+
+## Filter Criteria
+
+- `number`
+- `disk`
+
+## Filter Examples
+
+### disk
+
+The zero based index of the disk attached to the machine.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM').where(disk: 0)
+ end
+
+### number
+
+The '1' based index of the disk attached to the machine.
+
+ describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM').where(number: 1)
+ end
+
+## Properties
+
+- `count`, `disk`, `number`, `name`, `size`, `lun`, `caching`, `create_option`, `is_managed_disk?`, `vhd_uri`, `storage_account_name`, `storage_account_type`, `id`, `subscription_id`, `resource_group`
+
+## Property Examples
+
+### count
+
+Returns the number of data disks attached to the machine
+
+ its('count') { should eq 1 }
+
+### name
+
+Returns a string of the name of the disk.
+
+ its('name') { should cmp 'linux-external-datadisk-1' }
+
+### size
+
+Returns an integer of size of this disk in GB.
+
+ its('size') { should cmp >= 15 }
+
+### lun
+
+The disk number as reported by Azure. Has a zero-based index value.
+
+ its('lun') { should cmp 0 }
+
+### caching
+
+String stating the caching that has been set on the disk.
+
+ its('caching') { should cmp 'none' }
+
+### create_option
+
+How the disk was created. Typically for data disks, this will be the string value 'Empty'.
+
+ its('create_option') { should cmp 'Empty' }
+
+### is_managed_disk?
+
+Boolean stating if the disk is a managed disk or not. If it is not a managed disk then it is one that is stored in a Storage Account.
+
+ its('is_managed_disk?') { should cmp 'false' }
+
+### vhd_uri
+
+If this is _not_ a managed disk, then the `vhd_uri` will be the full URI to the disk in the storage account.
+
+ its('vhd_uri') { should cmp 'https://primary_storage.blob.core.windows.net/container_name/vm_name.vhd' }
+
+### storage_account_name
+
+If this is _not_ a managed disk this will be the storage account name in which the disk is stored.
+
+This derived from the `vhd_uri`.
+
+ its('storage_account_name') { should cmp 'primary_storage' }
+
+### storage_account_type
+
+If this is a managed disk this is the storage account type, e.g. `Standard_LRS`.
+
+ its('storage_account_type') { should cmp 'Standard_LRS' }
+
+### id
+
+If this is a managed disk then this is the fully qualified id for the disk in Azure.
+
+ its('id') { should cmp '/subscriptions/1234abcd-e567-890f-g123-456h78i9jkl0/resourceGroups/InSpec-Azure' }
+
+### subscription_id
+
+If this is a managed disk, this returns the subscription id of where the disk is stored.
+
+This is derived from the `id`.
+
+ its('subscription_id') { should cmp '1234abcd-e567-890f-g123-456h78i9jkl0' }
+
+### resource_group
+
+If this is a managed disk, this returns the resource group in which the disk is stored.
+
+This is derived from the `id`.
+
+ its('resource_group') { should cmp 'InSpec-Azure' }
+
+## Matchers
+
+This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+The following properties are applied to the virtual machine itself and not specific disks.
+
+### have_data_disks
+
+Returns a boolean denoting if any data disks are attached to the machine.
+
+ it { should have_data_disks }
+
+### have_managed_disks
+
+Returns a boolean stating if the machine has Managed Disks for data disks.
+
+ it { should have_managed_disks }
+
+## References
+
+- [Azure Ruby SDK - Compute](https://github.com/Azure/azure-sdk-for-ruby/tree/main/management/azure_mgmt_compute)
+- [Linux Internal Data Disks](https://github.com/chef/inspec/blob/main/test/azure/verify/controls/virtual_machine_linux_external_vm_datadisk.rb)
+- [Windows Internal Data Disk](https://github.com/chef/inspec/blob/main/test/azure/verify/controls/virtual_machine_windows_internal_vm_datadisk.rb)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md
index 5ce890e3aa..01383c66fa 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_user.md
@@ -11,12 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< warning >}}
-
-This resource will be deprecated when version 2 of the inspec-azure resource pack is released.
-
-{{< /warning >}}
-
Use the `azurerm_ad_user` InSpec audit resource to test properties of
an Azure Active Directory user within a Tenant.
@@ -232,7 +226,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md
index 1e9d37124b..3d2492f516 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_ad_users.md
@@ -11,12 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< warning >}}
-
-This resource will be deprecated when version 2 of the inspec-azure resource pack is released.
-
-{{< /warning >}}
-
Use the `azurerm_ad_users` InSpec audit resource to test properties of
some or all Azure Active Directory users within a Tenant.
@@ -82,7 +76,7 @@ The following examples show how to use this InSpec audit resource.
Filters the results to include only those Users that match the given
name. This is a string value.
- describe azurerm_ad_users.where{ displayName.eql?('Haris Shefu') } do
+ describe azurerm_ad_users.where{ displayName.eql?('Joe Bloggs') } do
it { should exist }
end
@@ -119,7 +113,8 @@ The userTypes property provides a list of all User Types for all users.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md
index 4e928b44c7..078fffe2b0 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_cluster.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_aks_cluster" >}}
-
Use the `azurerm_aks_cluster` InSpec audit resource to test properties of an Azure AKS Cluster.
## Azure REST API version
@@ -119,7 +117,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md
index 3a85f73435..8df5edee4c 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_aks_clusters.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_aks_clusters" >}}
-
Use the `azurerm_aks_clusters` InSpec audit resource to enumerate AKS Clusters.
## Azure REST API version
@@ -69,7 +67,9 @@ The name of the AKS Cluster
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md
index 94a46310b5..a5219e246b 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_cosmosdb_database_account.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_cosmosdb_database_account" >}}
-
Use the `azurerm_cosmosdb_database_account` InSpec audit resource to test properties and configuration of
an Azure CosmosDb Database Account within a Resource Group.
## Azure REST API version
This resource interacts with version `2015-04-08` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure.service/new-azureprofile?view=azuresmps-4.0.0).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/databaseaccounts/get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -104,7 +102,7 @@ Indicates the type of database account, e.g. `GlobalDocumentDB`, `MongoDB`
### tags
-Resource tags applied to the Cosmos DB Account.
+Resource tags applied to the ComsosDb Account.
### properties
@@ -128,7 +126,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md
index 5fb6e74923..5fb8063b6e 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_authorization_rule.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_event_hub_authorization_rule" >}}
-
Use the `azurerm_event_hub_authorization_rule` InSpec audit resource to test properties and configuration of
an Azure Event Hub Authorization Rule within a Resource Group.
## Azure REST API version
This resource interacts with version `2017-04-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/dotnet/api/microsoft.servicebus.messaging.namespaceinfo?view=azure-dotnet).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/namespaces/getauthorizationrule).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -49,7 +47,7 @@ This resource first became available in 1.11.0 of the inspec-azure resource pack
The `resource_group`, `namespace_name`, `event_hub_name` and `authorization_rule_name` must be given as a parameter.
- describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name 'event-hub-namespace', event_hub_name: 'event-hub', authorization_rule_name: 'my-auth-rule') do
+ describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name 'my-event-hub-ns', event_hub_name: 'myeventhub', authorization_rule_name: 'my-auth-rule') do
it { should exist }
end
@@ -57,13 +55,13 @@ The `resource_group`, `namespace_name`, `event_hub_name` and `authorization_rule
If an Event Hub Authorization Rule is referenced with a valid `Resource Group`, `Namespace Name`, `Event Hub Name` and `Authorization Rule Name`
- describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name: 'event-hub-namespace', event_hub_endpoint: 'event-hub', authorization_rule: 'my-auth-rule') do
+ describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_endpoint: 'myeventhub', authorization_rule: 'my-auth-rule') do
it { should exist }
end
If a Event Hub Authorization Rule is referenced with an invalid `Resource Group`, `Namespace Name`, `Event Hub Name` or `Authorization Rule Name`
- describe azurerm_event_hub_namespace(resource_group: 'invalid-rg', namespace_name: 'i-do-not-exist', event_hub_endpoint: 'fake-endpoint', authorization_rule: 'fake-auth-rule') do
+ describe azurerm_event_hub_namespace(resource_group: 'invalid-rg', namespace_name: 'i-dont-exist', event_hub_endpoint: 'fakeendpoint', authorization_rule: 'fake-auth-rule') do
it { should_not exist }
end
@@ -113,11 +111,13 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
- describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name 'event-hub-namespace', event_hub_name: 'event-hub', authorization_rule_name: 'my-auth-rule') do
+ describe azurerm_event_hub_authorization_rule(resource_group: 'my-rg', namespace_name 'my-event-hub-ns', event_hub_name: 'myeventhub', authorization_rule_name: 'my-auth-rule') do
it { should exist }
end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md
index c86e843b69..8e3f8528cf 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_event_hub.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_event_hub_event_hub" >}}
-
Use the `azurerm_event_hub_event_hub` InSpec audit resource to test properties and configuration of
an Azure Event Hub Event Hub within a Resource Group.
## Azure REST API version
This resource interacts with version `2017-04-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/dotnet/api/eventhub?view=bts-2020).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/eventhubs/get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -49,7 +47,7 @@ This resource first became available in 1.11.0 of the inspec-azure resource pack
The `resource_group`, `namespace_name` and `event_hub_name` must be given as a parameter.
- describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name 'my-event-hub-ns', event_hub_name 'event-hub') do
+ describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name 'my-event-hub-ns', event_hub_name 'myeventhub') do
it { should exist }
end
@@ -57,13 +55,13 @@ The `resource_group`, `namespace_name` and `event_hub_name` must be given as a p
If an Event Hub Event Hub is referenced with a valid `Resource Group`, `Namespace Name` and `Event Hub Name`
- describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_name 'event-hub') do
+ describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_name 'myeventhub') do
it { should exist }
end
If a Event Hub Event Hub is referenced with an invalid `Resource Group`, `Namespace Name` and `Event Hub Name`
- describe azurerm_event_hub_event_hub(resource_group: 'invalid-rg', namespace_name: 'i-do-not-exist', event_hub_name 'i-do-not-exist') do
+ describe azurerm_event_hub_event_hub(resource_group: 'invalid-rg', namespace_name: 'i-dont-exist', event_hub_name 'i-dont-exist') do
it { should_not exist }
end
@@ -86,7 +84,7 @@ Azure resource ID.
### name
-Event Hub name, e.g. `event-hub`.
+Event Hub name, e.g. `myeventhub`.
### type
@@ -112,11 +110,13 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
- describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_name: 'event-hub') do
+ describe azurerm_event_hub_event_hub(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns', event_hub_name: 'myeventhub') do
it { should exist }
end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md
index 9f30872909..6d509e5dc5 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_event_hub_namespace.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_event_hub_namespace" >}}
-
Use the `azurerm_event_hub_namespace` InSpec audit resource to test properties and configuration of
an Azure Event Hub Namespace within a Resource Group.
## Azure REST API version
This resource interacts with version `2017-04-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/relay/namespaces).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/namespaces/get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -63,7 +61,7 @@ If an Event Hub Namespace is referenced with a valid `Resource Group` and `Names
If an Event Hub Namespace is referenced with an invalid `Resource Group` or `Namespace Name`
- describe azurerm_event_hub_namespace(resource_group: 'invalid-rg', namespace_name: 'i-do-not-exist') do
+ describe azurerm_event_hub_namespace(resource_group: 'invalid-rg', namespace_name: 'i-dont-exist') do
it { should_not exist }
end
@@ -127,7 +125,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md
index 9b96fc1866..6d103a537d 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_iothub" >}}
-
Use the `azurerm_iothub` InSpec audit resource to test properties and configuration of
an Azure Event Hub Namespace within a Resource Group.
@@ -63,7 +61,7 @@ If an IoT Hub is referenced with a valid `Resource Group` and `Resource Name`
If an IoT Hub is referenced with an invalid `Resource Group` or `Resource Name`
- describe azurerm_iothub(resource_group: 'invalid-rg', resource_name: 'i-do-not-exist') do
+ describe azurerm_iothub(resource_group: 'invalid-rg', resource_name: 'i-dont-exist') do
it { should_not exist }
end
@@ -133,7 +131,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md
index 6823ad40f4..e6c6ee4428 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_group.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_iothub_event_hub_consumer_group" >}}
-
Use the `azurerm_iothub_event_hub_consumer_group` InSpec audit resource to test
properties and configuration of an Azure IoT Hub Event Hub Consumer Group within
a Resource Group.
@@ -50,7 +48,7 @@ This resource first became available in 1.11.0 of the inspec-azure resource pack
The `resource_group`, `resource_name`, `event_hub_endpoint` and `consumer_group` must be given as a parameter.
- describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub', consumer_group: 'my-consumer-group') do
+ describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'myeventhub', consumer_group: 'my-consumer-group') do
it { should exist }
end
@@ -58,13 +56,13 @@ The `resource_group`, `resource_name`, `event_hub_endpoint` and `consumer_group`
If an IoT Hub Event Hub Consumer Group is referenced with a valid `Resource Group`, `Resource Name`, `Event Hub Endpoint` and `Consumer Group`
- describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub', consumer_group: 'my-consumer-group') do
+ describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'myeventhub', consumer_group: 'my-consumer-group') do
it { should exist }
end
If an IoT Hub Event Hub Consumer Group is referenced with an invalid `Resource Group`, `Resource Name`, `Event Hub Endpoint` or `Consumer Group`
- describe azurerm_iothub_event_hub_consumer_group(resource_group: 'invalid-rg', resource_name: 'invalid-resource', event_hub_endpoint: 'invalid-event-hub', consumer_group: 'invalid-consumer-group') do
+ describe azurerm_iothub_event_hub_consumer_group(resource_group: 'invalid-rg', resource_name: 'invalid-resource', event_hub_endpoint: 'invalideventhub', consumer_group: 'invalid-consumer-group') do
it { should_not exist }
end
@@ -119,11 +117,13 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
- describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub', consumer_group: 'my-consumer-group') do
+ describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'myeventhub', consumer_group: 'my-consumer-group') do
it { should exist }
end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md
index 3dead3273e..3fad2909ee 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_iothub_event_hub_consumer_groups.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_iothub_event_hub_consumer_groups" >}}
-
Use the `azurerm_iothub_event_hub_consumer_groups` InSpec audit resource to test properties and configuration of
an Azure IoT Hub Event Hub Consumer Groups within a Resource Group.
@@ -49,7 +47,7 @@ This resource first became available in 1.11.0 of the inspec-azure resource pack
The `resource_group`, `resource_name` and `event_hub_endpoint` must be given as a parameter.
- describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub') do
+ describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'myeventhub') do
its('names') { should include "my-consumer-group"}
its('types') { should include 'Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups' }
end
@@ -58,7 +56,7 @@ The `resource_group`, `resource_name` and `event_hub_endpoint` must be given as
If a IoT Hub Event Hub Consumer Groups is referenced with a valid `Resource Group`, `Resource Name` and `Event Hub Endpoint`
- describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub') do
+ describe azurerm_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'myeventhub') do
it { should exist }
end
@@ -122,11 +120,13 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
- describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'event-hub') do
+ describe azurerm_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name 'my-iot-hub', event_hub_endpoint: 'myeventhub') do
it { should exist }
end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md
index 752f9ce356..671e52a388 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_key_vault" >}}
-
Use the `azurerm_key_vault` InSpec audit resource to test properties and configuration of
an Azure Key Vault.
@@ -122,7 +120,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md
index 26a2eaa6b0..432751ee9b 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_key.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_key_vault_key" >}}
-
Use the `azurerm_key_vault_key` InSpec audit resource to test properties and configuration of
an Azure Key within a Vault.
@@ -117,7 +115,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md
index d4e522cb7d..e8b3fe1b76 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_keys.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_key_vault_keys" >}}
-
Use the `azurerm_key_vault_keys` InSpec audit resource to test properties and
configuration of Azure Keys within Vaults.
@@ -103,7 +101,8 @@ Resource tags applied to the Key.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md
index ff70dcdaad..86de60e08d 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secret.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_key_vault_secret" >}}
-
Use the `azurerm_key_vault_secret` InSpec audit resource to test properties and configuration of
an Azure Secret within a Vault.
@@ -130,7 +128,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md
index 3e563c8eb6..e7172a9d85 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vault_secrets.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_key_vault_secrets" >}}
-
Use the `azurerm_key_vault_secrets` InSpec audit resource to test properties and configuration of Azure Secrets within Vaults.
## Azure REST API version
@@ -107,7 +105,8 @@ Resource tags applied to the Key.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md
index b773b9b2fc..7c97781596 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_key_vaults.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_key_vaults" >}}
-
Use the `azurerm_key_vaults` InSpec audit resource to test properties and configuration of Azure Key Vaults.
## Azure REST API version
@@ -121,7 +119,8 @@ A collection of additional configuration properties related to the Key Vault, e.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md
index b5d010ba41..a26f5b0361 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancer.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_load_balancer" >}}
-
Use the `azurerm_load_balancer` InSpec audit resource to test properties and configuration of
an Azure Load Balancer.
@@ -63,7 +61,7 @@ If a Load Balancer is referenced with a valid `Resource Group` and `Load balance
If a Load Balancer is referenced with an invalid `Resource Group` or `Load balancer Name`
- describe azurerm_load_balancer(resource_group: 'invalid-rg', loadbalancer_name: 'i-do-not-exist') do
+ describe azurerm_load_balancer(resource_group: 'invalid-rg', loadbalancer_name: 'i-dont-exist') do
it { should_not exist }
end
@@ -126,7 +124,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md
index 06783d4eab..83caf55b4f 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_load_balancers.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_load_balancer" >}}
-
Use the `azurerm_load_balancers` InSpec audit resource to test properties and configuration of Azure Load Balancers.
## Azure REST API version
@@ -131,7 +129,8 @@ The type of Resource, typically `Microsoft.Network/loadBalancers`.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md
index 22de20cc3d..258969b96c 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_locks.md
@@ -11,9 +11,8 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_locks" >}}
-
-Use the `azurerm_locks` InSpec audit resource to test properties of some or all Azure Resource Locks.
+Use the `azurerm_locks` InSpec audit resource to test properties of
+some or all Azure Resource Locks.
## Azure REST API version
@@ -70,7 +69,8 @@ The following examples show how to use this InSpec audit resource.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md
index 2e1f575692..bab07a84e2 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_group.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_management_group" >}}
-
Use the `azurerm_management_group` InSpec audit resource to test properties related to a
management group.
## Azure REST API version
This resource interacts with version `2018-03-01-preview` of the Azure
-Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.loganalytics.models.managementgroups?view=azure-java-preview).
+Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/managementgroups/get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -251,17 +249,19 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
# If a management group is found it will exist
- describe azurerm_management_group(group_id: 'MyGroupId') do
+ describe azurerm_management_group(groupd_id: 'MyGroupId') do
it { should exist }
end
# management groups that aren't found will not exist
- describe azurerm_management_group(group_id: 'DoesNotExist') do
+ describe azurerm_management_group(groupd_id: 'DoesNotExist') do
it { should_not exist }
end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md
index b73240dd59..c45cb084fc 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_management_groups.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_management_groups" >}}
-
Use the `azurerm_management_groups` InSpec audit resource to test properties related to
management groups.
## Azure REST API version
This resource interacts with version `2018-03-01-preview` of the Azure
-Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.loganalytics.models.managementgroups.list?view=azure-java-preview).
+Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/managementgroups/list).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md
index d398d209b3..511057bf99 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alert.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_monitor_activity_log_alert" >}}
-
Use the `azurerm_monitor_activity_log_alert` InSpec audit resource to test properties
of an Azure Monitor Activity Log Alert.
@@ -146,7 +144,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md
index 045b9328c4..1fc2d5dddb 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_activity_log_alerts.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_monitor_activity_log_alerts" >}}
-
Use the `azurerm_monitor_activity_log_alerts` InSpec audit resource to verify that an
Activity Log Alert exists.
@@ -70,7 +68,9 @@ The name of the Activity Log Alert
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md
index 3a3d736db1..bbaf0e3b51 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profile.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_monitor_log_profile" >}}
-
Use the `azurerm_monitor_log_profile` InSpec audit resource to test properties
of an Azure Monitor Log Profile.
@@ -108,7 +106,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md
index fc92b939c3..4cb93e219b 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_monitor_log_profiles.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_monitor_log_profiles" >}}
-
Use the `azurerm_monitor_log_profiles` InSpec audit resource to verify that a Log Profile
exists.
@@ -69,7 +67,9 @@ The name of the Log Profile
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md
index 698179f155..fa5d82a6d7 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_database.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_mysql_database" >}}
-
Use the `azurerm_mysql_database` InSpec audit resource to test properties and configuration of
an Azure MySQL Database on a MySQL Server.
## Azure REST API version
This resource interacts with version `2017-12-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/flexibleserver/databases).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/databases/get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -113,7 +111,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md
index 2ab3a29a9f..fd64ec36b7 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_databases.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_mysql_databases" >}}
-
Use the `azurerm_mysql_databases` InSpec audit resource to test properties and configuration of Azure MySQL Databases.
## Azure REST API version
This resource interacts with version `2017-12-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/flexibleserver/databases/list-by-server).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/databases/listbyserver).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -46,7 +44,7 @@ This resource first became available in 1.6.0 of the inspec-azure resource pack.
## Syntax
-An `azurerm_mysql_databases` resource block returns all MySQL Databases on a MySQL Server, within a resource group.
+An `azurerm_mysql_databases` resource block returns all MySQL Databases on a MySQL Server, within a Rsource Group.
describe azurerm_mysql_databases(resource_group: ..., server_name: ...) do
...
@@ -111,7 +109,8 @@ A collection of additional configuration properties related to the MySQL Databas
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md
index 99f86c05ce..f0a1e52b01 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_server.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_mysql_server" >}}
-
Use the `azurerm_mysql_server` InSpec audit resource to test properties and configuration of
an Azure MySQL Server.
@@ -63,7 +61,7 @@ If a SQL Server is referenced with a valid `Resource Group` and `Server Name`
If a SQL Server is referenced with an invalid `Resource Group` or `Server Name`
- describe azurerm_sql_server(resource_group: 'invalid-rg', server_name: 'i-do-not-exist') do
+ describe azurerm_sql_server(resource_group: 'invalid-rg', server_name: 'i-dont-exist') do
it { should_not exist }
end
@@ -126,7 +124,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md
index 3ee988a870..16540dd0a2 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_mysql_servers.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_mysql_servers" >}}
-
Use the `azurerm_mysql_servers` InSpec audit resource to test properties and configuration of multiple Azure MySQL Servers.
## Azure REST API version
This resource interacts with version `2017-12-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/sql/2020-08-01-preview/servers/list).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/mysql/servers/list).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -131,7 +129,8 @@ The type of Resource, typically `Microsoft.DBforMySQL/servers`.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md
index f26eec141c..d2d12fb189 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interface.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_network_interface" >}}
-
Use the `azurerm_network_interface` InSpec audit resource to test properties and configuration of Azure Network Interface.
## Azure REST API version
This resource interacts with version `2018-11-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.devtestlabs.fluent.models.labvirtualmachineinner.networkinterface?view=azure-java-preview).
+information see the [Official Azure Documentation]().
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -62,7 +60,7 @@ If a Network Interface is referenced with a valid `Resource Group` and `Name`
If a Network Interface is referenced with an invalid `Resource Group` or `Name`
- describe azurerm_network_interface(resource_group: 'invalid-rg', name: 'i-do-not-exist') do
+ describe azurerm_network_interface(resource_group: 'invalid-rg', name: 'i-dont-exist') do
it { should_not exist }
end
@@ -130,7 +128,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md
index 99b40c092e..c826524c3c 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_interfaces.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_network_interfaces" >}}
-
Use the `azurerm_network_interfaces` InSpec audit resource to test properties and configuration of Azure Network interfaces.
## Azure REST API version
This resource interacts with version `2018-11-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/network-interfaces-in-cloud-service).
+information see the [Official Azure Documentation]().
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -127,7 +125,8 @@ The type of Resource, typically `Microsoft.Network/networkInterfaces`.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md
index ff5c75604f..e273ffb522 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_group.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_network_security_group" >}}
-
Use the `azurerm_network_security_group` InSpec audit resource to test properties of an
Azure Network Security Group.
@@ -136,7 +134,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md
index edad524781..09926f0904 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_security_groups.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_network_security_groups" >}}
-
Use the `azurerm_network_security_groups` InSpec audit resource to enumerate Network
Security Groups.
@@ -70,7 +68,9 @@ The name of the Network Security Group
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md
index 0e42e5d498..19af8b361d 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watcher.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_network_watcher" >}}
-
Use the `azurerm_network_watcher` InSpec audit resource to test properties of an Azure
Network Watcher.
@@ -103,7 +101,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md
index 63cfb3cfe4..668287d11a 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_network_watchers.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_network_watchers" >}}
-
Use the `azurerm_network_watchers` InSpec audit resource to verify that a Network Watcher
exists.
@@ -71,7 +69,9 @@ The name of the Network Watcher
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md
index 87e5059387..94b382f69c 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_database.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_postgresql_database" >}}
-
Use the `azurerm_postgresql_database` InSpec audit resource to test properties and configuration of
an Azure PostgreSQL Database on a PostgreSQL Server.
## Azure REST API version
This resource interacts with version `2017-12-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.powershell.cmdlets.postgresql.postgresql.-ctor?view=az-ps-latest).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/databases/get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -113,7 +111,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md
index 4a2b86b19e..eb2a98e7d1 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_databases.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_postgresql_databases" >}}
-
Use the `azurerm_postgresql_databases` InSpec audit resource to test properties and configuration of Azure PostgreSQL Databases.
## Azure REST API version
This resource interacts with version `2017-12-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/databases/list-by-server).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/databases/listbyserver).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -103,7 +101,8 @@ A collection of additional configuration properties related to the PostgreSQL Da
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md
index 6636d2f663..e726f6e9f1 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_server.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_postgresql_server" >}}
-
Use the `azurerm_postgresql_server` InSpec audit resource to test properties and configuration of
an Azure PostgreSQL Server.
@@ -63,7 +61,7 @@ If a PostgreSQL Server is referenced with a valid `Resource Group` and `Server N
If a PostgreSQL Server is referenced with an invalid `Resource Group` or `Server Name`
- describe azurerm_postgresql_server(resource_group: 'invalid-rg', server_name: 'i-do-not-exist') do
+ describe azurerm_postgresql_server(resource_group: 'invalid-rg', server_name: 'i-dont-exist') do
it { should_not exist }
end
@@ -121,7 +119,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md
index 082a7856da..1d18f48778 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_postgresql_servers.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_postgresql_servers" >}}
-
Use the `azurerm_postgresql_servers` InSpec audit resource to test properties and configuration of multiple Azure PostgreSQL Servers.
## Azure REST API version
This resource interacts with version `2017-12-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/flexibleserver(preview)/servers/list).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/postgresql/servers/list).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -126,7 +124,8 @@ The type of Resource, typically `Microsoft.DBforPostgreSQL/servers`.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md
index 480fa0a047..d07e0fb671 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_resource_groups.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_resource_groups" >}}
-
Use the `azurerm_resource_groups` InSpec audit resource to test properties of
some or all Azure Resource Groups
@@ -117,7 +115,9 @@ The tags property provides a list of all the Resource Group tags.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md
index 25dcc05a08..b7a3c7dff1 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definition.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_role_definition" >}}
-
Use the `azurerm_role_definition` InSpec audit resource to test properties of
an Azure Role Definition.
@@ -123,7 +121,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md
index d95499e9e9..5404229d0e 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_role_definitions.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_role_definitions" >}}
-
Use the `azurerm_role_definitions` InSpec audit resource to test properties of
some or all Azure Role Definitions.
@@ -108,7 +106,8 @@ Additional properties available for the Roles. May be accessed with dot notation
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md
index 4c7d936481..1038e0a0c5 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policies.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_security_center_policies" >}}
-
Use the `azurerm_security_center_policies` InSpec audit resource to test
properties of some or all Azure Security Center Policies.
@@ -88,7 +86,9 @@ name. This is a string value.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md
index 8a09e7f35f..77c29b3f20 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_security_center_policy.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_security_center_policy" >}}
-
Use the `azurerm_security_center_policy` InSpec audit resource to test properties
of the `default` Security Center Policy. Azure currently only supports looking
up the `default` policy via their Rest API. If you attempt to look up a
@@ -273,7 +271,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md
index c1f497a4b8..42481a99d1 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_database.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_sql_database" >}}
-
Use the `azurerm_sql_database` InSpec audit resource to test properties and configuration of
an Azure SQL Database on a SQL Server.
@@ -128,7 +126,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md
index 9a68ce00b3..0bee1a373f 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_databases.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_sql_databases" >}}
-
Use the `azurerm_sql_databases` InSpec audit resource to test properties and configuration of Azure SQL Databases.
## Azure REST API version
@@ -46,7 +44,7 @@ This resource first became available in 1.2.0 of the inspec-azure resource pack.
## Syntax
-An `azurerm_sql_databases` resource block returns all SQL Databases on a SQL Server, within a resource group.
+An `azurerm_sql_databases` resource block returns all SQL Databases on a SQL Server, within a Rsource Group.
describe azurerm_sql_databases(resource_group: ..., server_name: ...) do
...
@@ -128,7 +126,8 @@ A collection of additional configuration properties related to the SQL Database,
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md
index 2bb603db04..469cbdde39 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_server.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_sql_server" >}}
-
Use the `azurerm_sql_server` InSpec audit resource to test properties and configuration of
an Azure SQL Server within a Resource Group.
@@ -63,7 +61,7 @@ If a SQL Server is referenced with a valid `Resource Group` and `Server Name`
If a SQL Server is referenced with an invalid `Resource Group` or `Server Name`
- describe azurerm_sql_server(resource_group: 'invalid-rg', server_name: 'i-do-not-exist') do
+ describe azurerm_sql_server(resource_group: 'invalid-rg', server_name: 'i-dont-exist') do
it { should_not exist }
end
@@ -126,7 +124,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md
index c3dc1a5810..cf338552a3 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_sql_servers.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_sql_servers" >}}
-
Use the `azurerm_sql_servers` InSpec audit resource to test properties and configuration of Azure SQL Servers.
## Azure REST API version
@@ -131,7 +129,8 @@ The type of Resource, typically `Microsoft.Sql/servers`.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md
index cc891ef1c5..2c93ff6dbd 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_container.md
@@ -11,15 +11,13 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_storage_account_blob_container" >}}
-
Use the `azurerm_storage_account_blob_container` InSpec audit resource to test properties related to a
Blob Container in an Azure Storage Account.
## Azure REST API version
This resource interacts with version `2018-07-01` of the Azure
-Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/javascript/api/@azure/arm-storage/blobcontainers?view=azure-node-latest).
+Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagerp/blobcontainers/blobcontainers_get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -133,7 +131,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md
index e438c4e959..b26916bb15 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_storage_account_blob_containers.md
@@ -11,14 +11,12 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_storage_account_blob_containers" >}}
-
Use the `azurerm_storage_account_blob_containers` InSpec audit resource to test properties and configuration of Blob Containers within an Azure Storage Account.
## Azure REST API version
This resource interacts with version `2018-07-01` of the Azure Management API. For more
-information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/java/api/com.azure.resourcemanager.storage.models.blobcontainers.list?view=azure-java-stable).
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/storagerp/blobcontainers/blobcontainers_list).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
@@ -100,7 +98,8 @@ The etag of the Resource, e.g. `\"0x8D592D74CC20EBA\"`.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md
index b0ab59c1b9..7212fd5e55 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnet.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_subnet" >}}
-
Use the `azurerm_subnet` InSpec audit resource to test properties related to a
subnet for a given virtual network.
@@ -123,13 +121,13 @@ The subnet's id.
Id will be in
format:
- '/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/Inspec-VNet/subnets/Inspec-Subnet'
+ '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Inspec-Azure-mmclane/providers/Microsoft.Network/virtualNetworks/Inspec-VNet/subnets/Inspec-Subnet'
### name
The subnets's name.
- its('name') { should eq('SubnetName') }
+ its('name') { should eq('MySubnetName') }
### type
@@ -165,7 +163,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md
index 2d1d2ed86a..30d08dfc3e 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subnets.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_subnet" >}}
-
Use the `azurerm_subnets` InSpec audit resource to test properties related to
subnets for a resource group.
@@ -55,7 +53,7 @@ The `resource_group` and 'vnet' must be given as a parameter.
## Examples
- # Exists if any subnets exist for a given virtual network in the resource group
+ # Exists if any subnetss exist for a given virtual network in the resource group
describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
it { should exist }
end
@@ -105,7 +103,9 @@ Gives a list of all the subnet names in the virtual network.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md
index 1c9e2cbb79..7f004549c4 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_subscription.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_subscription" >}}
-
Use the `azurerm_subscription` InSpec audit resource to test properties related to the current subscription
subscription.
@@ -89,7 +87,9 @@ An array of locations available in this subscription.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md
index 8ea10ff800..3bbd56ea5b 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_virtual_machine" >}}
-
Use the `azurerm_virtual_machine` InSpec audit resource to test properties related to a
virtual machine.
@@ -191,7 +189,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md
index 16b01ae3a5..712b69550d 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disk.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_virtual_machine_disk" >}}
-
Use the `azurerm_virtual_machine_disk` InSpec audit resource to test properties related to
a virtual machine's disk. This resource will only support managed disks. If your disk is
not managed it will not `exist` to the matcher.
@@ -167,7 +165,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md
index f6314553a5..c93b313c64 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machine_disks.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_virtual_machine_disks" >}}
-
Use the `azurerm_virtual_machine_disks` InSpec audit resource to test properties of
some or all Azure Disks within a subscription.
@@ -81,7 +79,8 @@ The following examples show how to use this InSpec audit resource.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of available matchers,
+please visit our [Universal Matchers page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md
index 724f142699..3268c688e8 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_machines.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_virtual_machines" >}}
-
Use the `azurerm_virtual_machines` InSpec audit resource to test properties related to
virtual machines for a resource group.
@@ -132,7 +130,9 @@ Gives a list of all the virtual machine names in the resource group.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md
index 116b375d89..e7ed4b7fe5 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_network.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_virtual_network" >}}
-
Use the `azurerm_virtual_network` InSpec audit resource to test properties related to a
virtual network.
@@ -121,7 +119,7 @@ The virtual network's id.
Id will be in
format:
- '/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/MyVnetName'
+ '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Inspec-Azure-mmclane/providers/Microsoft.Network/virtualNetworks/MyVnetName'
### name
@@ -200,7 +198,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md
index 45897ece08..1427bd266c 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_virtual_networks.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_virtual_networks" >}}
-
Use the `azurerm_virtual_networks` InSpec audit resource to test properties related to
virtual networks for a resource group.
@@ -99,7 +97,9 @@ Gives a list of all the virtual network names in the resource group.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md
index e660d0cfca..579a321c6b 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapp.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_webapp" >}}
-
Use the `azurerm_webapp` InSpec audit resource to test properties of an Azure Webapp.
## Azure REST API version
@@ -100,7 +98,7 @@ The Resource Group as well as the Webapp name.
- `auth_settings`
- `configuration`
-All of the attributes are available via dot notation. This is an example of the currently available attributes.
+All of the attributes are avialable via dot notation. This is an example of the currently available attributes.
```ruby
control 'azurerm_webapp' do
@@ -130,7 +128,9 @@ requests are always welcome.
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### using_latest?(stack)
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md
index ec15f0ca2b..d044b56e0e 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/azurerm_webapps.md
@@ -11,8 +11,6 @@ platform = "azure"
parent = "inspec/resources/azure"
+++
-{{< inspec/azurerm_deprecated resource="azure_webapps" >}}
-
Use the `azurerm_webapps` InSpec audit resource to enumerate Webapps.
## Azure REST API version
@@ -69,7 +67,9 @@ The name of the Webapp
## Matchers
-{{% inspec/inspec_matchers_link %}}
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](/inspec/matchers/).
### exists
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md
index b419d27af3..59b8417622 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bash.md
@@ -17,7 +17,7 @@ Use the `bash` Chef InSpec audit resource to test an arbitrary command that is r
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md
index 4a2765b863..f8eb99a964 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bond.md
@@ -17,7 +17,7 @@ Use the `bond` Chef InSpec audit resource to test a logical, bonded network inte
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md
index a4acf6e25e..76c65654de 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bridge.md
@@ -17,7 +17,7 @@ Use the `bridge` Chef InSpec audit resource to test basic network bridge propert
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md
index 4fe9a6afdf..b07cd01e77 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/bsd_service.md
@@ -17,7 +17,7 @@ Use the `bsd_service` Chef InSpec audit resource to test a service using a Berke
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md
index 0ac0946ad7..2580939c0d 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_conf.md
@@ -15,7 +15,7 @@ Use the `cassandradb_conf` Chef InSpec audit resource to test the configuration
## Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
## Requirements
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md
index be08c85740..187b9c945f 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cassandradb_session.md
@@ -17,7 +17,7 @@ Use the `cassandradb_session` Chef InSpec audit resource to test Cassandra Query
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
## Syntax
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cgroup.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cgroup.md
deleted file mode 100644
index c45a53a555..0000000000
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/cgroup.md
+++ /dev/null
@@ -1,79 +0,0 @@
-+++
-title = "cgroup resource"
-draft = false
-gh_repo = "inspec"
-platform = "linux"
-
-[menu]
- [menu.inspec]
- title = "cgroup"
- identifier = "inspec/resources/os/cgroup.md cgroup resource"
- parent = "inspec/resources/os"
-+++
-
-Use the `cgroup` Chef InSpec audit resource to test the different parameters values of the control group (cgroup) resource controllers. A cgroup is a Linux kernel feature that limits, accounts, and isolates the resource usage (such as CPU, memory, disk I/O, network) of a collection of processes.
-
-## Availability
-
-### Installation
-
-This resource is distributed with Chef InSpec.
-
-## Syntax
-
- describe cgroup("CARROTKING") do
- its("cpuset.cpus") { should eq 0 }
- end
-where
-
-- `cpuset.cpus` is a property of this resource and a parameter of the *cpuset* resource controller.
-- `CARROTKING` is the name of cgroup directory.
-
-## Properties
-
-- All parameters of the cgroup resource controller are valid properties of this resource. Some of them are: `cpuset.cpus`, `memory.limit_in_bytes`, `memory.stat`, `freezer.state`, `cpu.stat`, `cpuacct.usage`, `pids.current`, `blkio.throttle.io_service_bytes`.
-
-## Matchers
-
-- For a full list of available matchers, refer [matchers page](https://docs.chef.io/inspec/matchers/).
-- The matchers applicable for this resource are: `eq`, `cmp`, and `match`.
-
-### eq
-
-`eq` tests whether the two values are of same data type and includes configuration entries that are numbers. It fails if the types do not match. Use `cmp` for less restrictive comparisons that ignores data type while comparing.
-
-### cmp
-
-Unlike `eq`, `cmp` is a matcher for less-restrictive comparisons. This matcher attempts to fit the actual value to the comparing type and meant to relieve the user from having to write type-casts and resolutions.
-
-### match
-
-`match` checks if a string matches a regular expression. Use `match` when the output of `cgget -n -r [subsystem.parameters] [cgroup-name]` is a multi-line output.
-
-## Examples
-
-The following examples show how to use this Chef InSpec audit resource.
-
-### Example 1
-
-Use `eq` to test for parameters that have a single line integer value. The value considered is the output obtained on `cgget -n -r [subsystem.parameters] [cgroup-name]`.
-
- describe cgroup("CARROTKING") do
- its("cpuset.cpus") { should eq 0 }
- end
-
-### Example 2
-
-Use `cmp` to test for parameters with less-restrictive comparisons and has a single line integer value. The value considered is the output obtained on `cgget -n -r [subsystem.parameters] [cgroup-name]`.
-
- describe cgroup("CARROTKING") do
- its("memory.limit_in_bytes") { should cmp 9223372036854771712 }
- end
-
-### Example 3
-
-Use `match` to test for parameters that have multi-line values and can be passed as *regex*. The value considered is the output obtained on `cgget -n -r [subsystem.parameters] [cgroup-name]`.
-
- describe cgroup("CARROTKING") do
- its("memory.stat") { should match /\bhierarchical_memory_limit 9223372036854771712\b/ }
- end
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md
index b885c9821e..b02ee48e90 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chocolatey_package.md
@@ -17,7 +17,7 @@ Use the `chocolatey_package` Chef InSpec audit resource to test if the named [Ch
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md
index a5094ffdaf..5b929da118 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/resources/chrony_conf.md
@@ -17,7 +17,7 @@ Use the `chrony_conf` Chef InSpec audit resource to test the synchronization set
### Installation
-{{% inspec/inspec_installation %}}
+This resource is distributed along with Chef InSpec itself. You can use it automatically.