Skip to main content

aws_signer_signing_profile Resource

Use the aws_signer_signing_profile InSpec audit resource to test properties of a single specific AWS Signer signing profile.

A signing profile is a code signing template that can be used to carry out a pre-defined signing job.

For additional information, including details on parameters and properties, see the AWS documentation on AWS Signer SigningProfile..

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that the signing profile exists.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
  it { should exist }
end

Parameters

profile_name (required)

The name of the target signing profile.

Properties

profile_name
The name of the target signing profile.
profile_version
The current version of the signing profile.
profile_version_arn
The signing profile ARN, including the profile version.
revocation_record.revocation_effective_from
The time when revocation becomes effective.
revocation_record.revoked_at
The time when the signing profile was revoked.
revocation_record.revoked_by
The identity of the revoker.
signing_material.certificate_arn
The Amazon Resource Name (ARN) of the certificates that is used to sign your code.
platform_id
The ID of the platform that is used by the target signing profile.
platform_display_name
A human-readable name for the signing platform associated with the signing profile.
signature_validity_period.value
The numerical value of the time unit for signature validity.
signature_validity_period.type
The time unit for signature validity.
overrides.signing_configuration.encryption_algorithm
A specified override of the default encryption algorithm that is used in a code signing job.
overrides.signing_configuration.hash_algorithm
A specified override of the default hash algorithm that is used in a code signing job.
overrides.signing_image_format
profile_name.
signing_parameters
A map of key-value pairs for signing operations that is attached to the target signing profile.
status
The status of the target signing profile.
status_reason
Reason for the status of the target signing profile.
arn
The Amazon Resource Name (ARN) for the signing profile.
tags
A list of tags associated with the signing profile.

Examples

Ensure a profile name is available.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
  its('profile_name') { should eq 'PROFILE_NAME' }
end

Ensure a profile version is available.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
    its('profile_version') { should eq 'PROFILE_VERSION' }
end

Ensure a status is Active.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
    its('status') { should eq 'Active' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

Use should to test that the entity exists.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_signer_signing_profile(profile_name: 'PROFILE_NAME') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the Signer:Client:GetSigningProfileResponse action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×