From 107fcaee9ca723b975334fbef626512857e48bd8 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Mon, 28 Jan 2019 12:49:51 -0800 Subject: [PATCH] Add compute instance template for InSpec (#1308) Merged PR #1308. --- build/inspec | 2 +- products/compute/inspec.yaml | 2 -- .../google_compute_instance_template.erb | 2 ++ .../google_compute_instance_template.erb | 18 ++++++++++ .../google_compute_instance_templates.erb | 5 +++ .../inspec/tests/integration/build/gcp-mm.tf | 36 +++++++++++++++++++ .../configuration/mm-attributes.yml | 15 ++++++++ 7 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 templates/inspec/examples/attributes/google_compute_instance_template.erb create mode 100644 templates/inspec/examples/google_compute_instance_template.erb create mode 100644 templates/inspec/examples/google_compute_instance_templates.erb diff --git a/build/inspec b/build/inspec index f0be43aaacdb..2e55d45ab8c7 160000 --- a/build/inspec +++ b/build/inspec @@ -1 +1 @@ -Subproject commit f0be43aaacdbf7823b93faa713a9219abebf28ee +Subproject commit 2e55d45ab8c7f55ac7aaad87de8e063538a6a45d diff --git a/products/compute/inspec.yaml b/products/compute/inspec.yaml index dc560ce563f8..b78cd91dfb6b 100644 --- a/products/compute/inspec.yaml +++ b/products/compute/inspec.yaml @@ -41,8 +41,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides exclude: true InstanceGroup: !ruby/object:Overrides::Inspec::ResourceOverride exclude: true - InstanceTemplate: !ruby/object:Overrides::Inspec::ResourceOverride - exclude: true InterconnectAttachment: !ruby/object:Overrides::Inspec::ResourceOverride exclude: true License: !ruby/object:Overrides::Inspec::ResourceOverride diff --git a/templates/inspec/examples/attributes/google_compute_instance_template.erb b/templates/inspec/examples/attributes/google_compute_instance_template.erb new file mode 100644 index 000000000000..ccc90bb07712 --- /dev/null +++ b/templates/inspec/examples/attributes/google_compute_instance_template.erb @@ -0,0 +1,2 @@ +gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.') +instance_template = attribute('instance_template', default: <%= JSON.pretty_generate(grab_attributes['instance_template']) -%>, description: 'An instance template definition') \ No newline at end of file diff --git a/templates/inspec/examples/google_compute_instance_template.erb b/templates/inspec/examples/google_compute_instance_template.erb new file mode 100644 index 000000000000..ad95cb041b4d --- /dev/null +++ b/templates/inspec/examples/google_compute_instance_template.erb @@ -0,0 +1,18 @@ +<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%> +<% instance_template = grab_attributes['instance_template'] -%> +describe google_compute_instance_template(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>, name: <%= doc_generation ? "'#{instance_template['name']}'" : "instance_template['name']" -%>) do + it { should exist } + its('description') { should eq <%= doc_generation ? "'#{instance_template['description']}'" : "instance_template['description']" -%> } + its('properties.description') { should eq <%= doc_generation ? "'#{instance_template['instance_description']}'" : "instance_template['instance_description']" -%> } + its('properties.machine_type') { should eq <%= doc_generation ? "'#{instance_template['machine_type']}'" : "instance_template['machine_type']" -%> } + its('properties.tags.items') { should include <%= doc_generation ? "'#{instance_template['tag']}'" : "instance_template['tag']" -%> } + its('properties.disks.count') { should eq 1 } + its('properties.disks.first.auto_delete') { should eq <%= doc_generation ? "'#{instance_template['disk_auto_delete']}'" : "instance_template['disk_auto_delete']" -%> } + its('properties.disks.first.boot') { should eq <%= doc_generation ? "'#{instance_template['disk_boot']}'" : "instance_template['disk_boot']" -%> } + its('properties.network_interfaces.count') { should eq 1 } + its('properties.service_accounts.count') { should eq 1 } +end + +describe google_compute_instance_template(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>, name: 'nonexistent') do + it { should_not exist } +end \ No newline at end of file diff --git a/templates/inspec/examples/google_compute_instance_templates.erb b/templates/inspec/examples/google_compute_instance_templates.erb new file mode 100644 index 000000000000..dd968bfbf06a --- /dev/null +++ b/templates/inspec/examples/google_compute_instance_templates.erb @@ -0,0 +1,5 @@ +<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%> +<% instance_template = grab_attributes['instance_template'] -%> +describe google_compute_instance_templates(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>) do + its('names') { should include <%= doc_generation ? "'#{instance_template['name']}'" : "instance_template['name']" -%> } +end \ No newline at end of file diff --git a/templates/inspec/tests/integration/build/gcp-mm.tf b/templates/inspec/tests/integration/build/gcp-mm.tf index 9901bcb9eb62..b5f7f6fa485b 100644 --- a/templates/inspec/tests/integration/build/gcp-mm.tf +++ b/templates/inspec/tests/integration/build/gcp-mm.tf @@ -50,6 +50,10 @@ variable "https_health_check" { type = "map" } +variable "instance_template" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" @@ -187,4 +191,36 @@ resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { timeout_sec = "${var.https_health_check["timeout_sec"]}" check_interval_sec = "${var.https_health_check["check_interval_sec"]}" unhealthy_threshold = "${var.https_health_check["unhealthy_threshold"]}" +} + +resource "google_compute_instance_template" "gcp-inspec-instance-template" { + project = "${var.gcp_project_id}" + name = "${var.instance_template["name"]}" + description = "${var.instance_template["description"]}" + + tags = ["${var.instance_template["tag"]}"] + + instance_description = "${var.instance_template["instance_description"]}" + machine_type = "${var.instance_template["machine_type"]}" + can_ip_forward = "${var.instance_template["can_ip_forward"]}" + + scheduling { + automatic_restart = "${var.instance_template["scheduling_automatic_restart"]}" + on_host_maintenance = "${var.instance_template["scheduling_on_host_maintenance"]}" + } + + // Create a new boot disk from an image + disk { + source_image = "${var.instance_template["disk_source_image"]}" + auto_delete = "${var.instance_template["disk_auto_delete"]}" + boot = "${var.instance_template["disk_boot"]}" + } + + network_interface { + network = "${var.instance_template["network_interface_network"]}" + } + + service_account { + scopes = ["${var.instance_template["service_account_scope"]}"] + } } \ No newline at end of file diff --git a/templates/inspec/tests/integration/configuration/mm-attributes.yml b/templates/inspec/tests/integration/configuration/mm-attributes.yml index c81af35299cb..e4e34dc6d78c 100644 --- a/templates/inspec/tests/integration/configuration/mm-attributes.yml +++ b/templates/inspec/tests/integration/configuration/mm-attributes.yml @@ -74,3 +74,18 @@ https_health_check: timeout_sec: 15 check_interval_sec: 15 unhealthy_threshold: 3 + +instance_template: + name: inspec-gcp-instance-template + description: A description of the instance template + instance_description: A description of the instance itself + machine_type: n1-standard-1 + tag: foo + can_ip_forward: false + scheduling_automatic_restart: true + scheduling_on_host_maintenance: MIGRATE + disk_source_image: debian-cloud/debian-9 + disk_auto_delete: true + disk_boot: true + network_interface_network: default + service_account_scope: storage-ro \ No newline at end of file