Add router support in InSpec (#1332)

Merged PR #1332.

products/compute/inspec.yaml

@@ -53,8 +53,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   RegionDiskType: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true
-  Router: !ruby/object:Overrides::Inspec::ResourceOverride
-    exclude: true
   Snapshot: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true
   SslCertificate: !ruby/object:Overrides::Inspec::ResourceOverride

templates/inspec/examples/attributes/google_compute_router.erb

@@ -0,0 +1,4 @@
+gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: '<%= external_attribute('gcp_location') -%>', description: 'The GCP project region.')
+router = attribute('router', default: <%= JSON.pretty_generate(grab_attributes['router']) -%>, description: 'Compute router description')
+gcp_network_name = attribute(:gcp_network_name, default: '<%= external_attribute('gcp_network_name') -%>', description: 'GCP network name')

templates/inspec/examples/google_compute_route.erb

@@ -13,6 +13,6 @@ describe google_compute_route(project: <%= gcp_project_id -%>, name: <%= doc_gen
   its('priority') { should eq <%= doc_generation ? "'#{route['priority']}'" : "route['priority']" -%> }
 end
 
-describe google_compute_route(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>, name: 'nonexistent') do
+describe google_compute_route(project: <%= gcp_project_id -%>, name: 'nonexistent') do
   it { should_not exist }
 end

templates/inspec/examples/google_compute_router.erb

@@ -0,0 +1,22 @@
+<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%>
+<% gcp_location = "#{external_attribute('gcp_location', doc_generation)}" -%>
+<% router = grab_attributes['router'] -%>
+<% gcp_network_name = "#{external_attribute('gcp_network_name', doc_generation)}" -%>
+describe google_compute_router(project: <%= gcp_project_id -%>, region: <%= gcp_location -%>, name: <%= doc_generation ? "'#{router['name']}'" : "router['name']" -%>) do
+  it { should exist }
+  its('bgp.asn') { should eq <%= doc_generation ? "'#{router['bgp_asn']}'" : "router['bgp_asn']" -%> }
+  its('bgp.advertise_mode') { should eq <%= doc_generation ? "'#{router['bgp_advertise_mode']}'" : "router['bgp_advertise_mode']" -%> }
+  its('bgp.advertised_groups') { should include <%= doc_generation ? "'#{router['bgp_advertised_group']}'" : "router['bgp_advertised_group']" -%> }
+  its('bgp.advertised_ip_ranges.count') { should eq 2 }
+  its('bgp.advertised_ip_ranges.first.range') { should eq <%= doc_generation ? "'#{router['bgp_advertised_ip_range1']}'" : "router['bgp_advertised_ip_range1']" -%> }
+  its('bgp.advertised_ip_ranges.last.range') { should eq <%= doc_generation ? "'#{router['bgp_advertised_ip_range1']}'" : "router['bgp_advertised_ip_range2']" -%> }
+  <% if doc_generation -%>
+  its('network') { should match /\/<%= "#{gcp_network_name}".gsub('\'', '') -%>$/ }
+  <% else -%>
+  its('network') { should match /\/#{gcp_network_name}$/ }
+  <% end -%>
+end
+
+describe google_compute_router(project: <%= gcp_project_id -%>, region: <%= gcp_location -%>, name: 'nonexistent') do
+  it { should_not exist }
+end

templates/inspec/examples/google_compute_routers.erb

@@ -0,0 +1,6 @@
+<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%>
+<% gcp_location = "#{external_attribute('gcp_location', doc_generation)}" -%>
+<% router = grab_attributes['router'] -%>
+describe google_compute_routers(project: <%= gcp_project_id -%>, region: <%= gcp_location -%>) do
+  its('names') { should include <%= doc_generation ? "'#{router['name']}'" : "router['name']" -%> }
+end

templates/inspec/tests/integration/build/gcp-mm.tf

@@ -82,6 +82,10 @@ variable "route" {
   type = "map"
 }
 
+variable "router" {
+  type = "map"
+}
+
 resource "google_compute_ssl_policy" "custom-ssl-policy" {
   name            = "${var.ssl_policy["name"]}"
   min_tls_version = "${var.ssl_policy["min_tls_version"]}"
@@ -337,4 +341,21 @@ resource "google_compute_route" "gcp-inspec-route" {
   # automatically create subnetworks, we need to create a dependency so
   # the route is not created before the subnetwork 
   depends_on  = ["google_compute_subnetwork.inspec-gcp-subnetwork"]
+}
+
+resource "google_compute_router" "gcp-inspec-router" {
+  project = "${var.gcp_project_id}"
+  name    = "${var.router["name"]}"
+  network = "${google_compute_network.inspec-gcp-network.name}"
+  bgp {
+    asn               = "${var.router["bgp_asn"]}"
+    advertise_mode    = "${var.router["bgp_advertise_mode"]}"
+    advertised_groups = ["${var.router["bgp_advertised_group"]}"]
+    advertised_ip_ranges {
+      range = "${var.router["bgp_advertised_ip_range1"]}"
+    }
+    advertised_ip_ranges {
+      range = "${var.router["bgp_advertised_ip_range2"]}"
+    }
+  }
 }

templates/inspec/tests/integration/configuration/mm-attributes.yml

@@ -126,3 +126,11 @@ route:
   dest_range: 15.0.0.0/24
   next_hop_ip: 10.2.0.1
   priority: 100
+
+router:
+  name: inspec-gcp-router
+  bgp_asn: 64514
+  bgp_advertise_mode: CUSTOM
+  bgp_advertised_group: "ALL_SUBNETS"
+  bgp_advertised_ip_range1: "1.2.3.4"
+  bgp_advertised_ip_range2: "6.7.0.0/16"