Check for be_public and region is not working


#1

I have the following inspec test that uses kitchen terraform to test the properties of a replicated bucket:

title 'Bucket test'

ENV['AWS_REGION'] = "us-east-1"

fixtures = {}
[
  'role_name',
  'policy_name',
  'source_bucket',
  'source_bucket_arn',
  'dest_bucket',
  'dest_bucket_arn'
].each do |fixture_name|
  fixtures[fixture_name] = attribute(
  fixture_name,
  default: "default.#{fixture_name}",
  description: 'See ../build/asg.tf',
  )
end

role_name = fixtures['role_name']
policy_name = fixtures['policy_name']
source_bucket_name = fixtures['source_bucket']
source_bucket_arn = fixtures['source_bucket_arn']
dest_bucket_name = fixtures['dest_bucket']
dest_bucket_arn = fixtures['dest_bucket_arn']

# Replicated Bucket
control 'check-replicated-bucket-created-successfully' do
  impact 0.7
  title 'Replicated bucket'
  desc 'Test bucket replication'
  describe aws_s3_bucket(bucket_name: source_bucket_name) do
    it { should exist }
    it { should_not be_public }
    it { should have_default_encryption_enabled }
    its('region') { should eq 'us-east-1'}
  end
  describe aws_s3_bucket(bucket_name: dest_bucket_name) do
    it { should exist }
    it { should_not be_public }
    it { should have_default_encryption_enabled }
    its('region') { should eq 'us-west-2'}
  end
  describe aws_iam_role(role_name: role_name) do
    it { should exist }
  end
  describe aws_iam_policy(policy_name: policy_name) do
    it { should exist }
    it { should be_attached }
    it { should_not have_statement(Action: 's3:*') }
  end
end

The issues I am facing are:

  1. that the check to see if the replicated bucket is_public in the us-west-2 region test is failing although it passed for the bucket in the us-east-1 region
  2. the region check its('region') { should eq 'us-east-1'} fails for both buckets.

Here is the output of the test:
Profile: InSpec Profile (test/verify)
Version: 0.1.0
Target: aws://

  ×  check-replicated-bucket-created-successfully: Replicated bucket (2 failed)
     ✔  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-east-1 should exist
     ✔  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-east-1 should not be public
     ✔  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-east-1 should have default encryption enabled
     ×  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-east-1 region should eq "us-east-1"
     
     expected: "us-east-1"
          got: ""
     
     (compared using ==)

     ✔  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-west-2 should exist
     ×  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-west-2 should not be public
     undefined method `any?' for #<String:0x00007fe92ab56ec0>
     ✔  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-west-2 should have default encryption enabled
     ✔  S3 Bucket frgcloud.lab.internal.private.replicated-bucket-us-west-2 region should eq "us-west-2"
     ✔  IAM Role replicated-bucket-replication-role should exist
     ✔  Policy replicated-bucket-bucket-replication-policy should exist
     ✔  Policy replicated-bucket-bucket-replication-policy should be attached
     ✔  Policy replicated-bucket-bucket-replication-policy should not have statement {:Action=>"s3:*"}


Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 10 successful, 2 failures, 0 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <replicated-terraform>.  Please see .kitchen/logs/replicated-terraform.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

Kindly let me know if any more information is required because I am really quite puzzled by this error.