From 97516db39aadd8b04862fe5da82705b537de9d4b Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Wed, 22 Jan 2020 13:59:02 -0800 Subject: [PATCH] Migrate inspec project_metric (logging_metric in normal land), test fixes --- products/logging/api.yaml | 6 ++++++ products/logging/inspec.yaml | 9 ++++++++- products/resourcemanager/inspec.yaml | 2 ++ .../google_cloud_scheduler_job.erb | 1 - .../google_cloud_scheduler_jobs.erb | 1 - .../google_compute_zone/google_compute_zone.erb | 2 +- .../google_compute_zone/google_compute_zones.erb | 2 +- .../google_project_metric.erb | 12 ++++++++++++ .../google_project_metric_attributes.erb | 2 ++ .../google_project_metrics.erb | 15 +++++++++++++++ .../inspec/tests/integration/build/gcp-mm.tf | 14 ++++++++++++++ .../integration/configuration/mm-attributes.yml | 6 ++++++ .../inspec/custom_functions/dns_managed_zones.erb | 2 +- .../custom_functions/google_compute_zone.erb | 2 +- .../inspec/custom_functions/google_project.erb | 4 ++++ .../custom_functions/google_project_metrics.erb | 1 + 16 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 templates/inspec/examples/google_project_metric/google_project_metric.erb create mode 100644 templates/inspec/examples/google_project_metric/google_project_metric_attributes.erb create mode 100644 templates/inspec/examples/google_project_metric/google_project_metrics.erb create mode 100644 third_party/inspec/custom_functions/google_project_metrics.erb diff --git a/products/logging/api.yaml b/products/logging/api.yaml index e7634199de95..1ad1dd07ca5c 100644 --- a/products/logging/api.yaml +++ b/products/logging/api.yaml @@ -135,6 +135,12 @@ objects: A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota. + - !ruby/object:Api::Type::String + name: type + output: true + description: | + The metric type, including its DNS name prefix. The type is not URL-encoded. + All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. - !ruby/object:Api::Type::KeyValuePairs name: labelExtractors description: | diff --git a/products/logging/inspec.yaml b/products/logging/inspec.yaml index 2552f66fe9ca..0f25f64c3dc8 100644 --- a/products/logging/inspec.yaml +++ b/products/logging/inspec.yaml @@ -14,7 +14,14 @@ --- !ruby/object:Provider::Inspec::Config overrides: !ruby/object:Overrides::ResourceOverrides Metric: !ruby/object:Overrides::Inspec::ResourceOverride - exclude: true + resource_name: google_project_metric + plural_custom_logic: third_party/inspec/custom_functions/google_project_metrics.erb + plural_custom_attr_readers: ['metric_type'] + properties: + name: !ruby/object:Overrides::Inspec::PropertyOverride + override_name: metric_name + filter: !ruby/object:Overrides::Inspec::PropertyOverride + override_name: metric_filter OrganizationLogSink: !ruby/object:Overrides::Inspec::ResourceOverride # Creating a log sink requires organization level privileges privileged: true diff --git a/products/resourcemanager/inspec.yaml b/products/resourcemanager/inspec.yaml index 542cbe9cb0d5..14f853095a05 100644 --- a/products/resourcemanager/inspec.yaml +++ b/products/resourcemanager/inspec.yaml @@ -27,6 +27,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides name: project_id name: !ruby/object:Overrides::Inspec::PropertyOverride override_name: project_name + number: !ruby/object:Overrides::Inspec::PropertyOverride + override_name: project_number iam_policy: !ruby/object:Api::Resource::IamPolicy exclude: false method_name_separator: ':' diff --git a/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_job.erb b/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_job.erb index 87e0af2d0c18..5b73eb3fb4d0 100644 --- a/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_job.erb +++ b/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_job.erb @@ -6,7 +6,6 @@ describe google_cloud_scheduler_job(project: <%= doc_generation ? "#{gcp_project its('description') { should cmp <%= doc_generation ? "'#{scheduler_job['description']}'" : "scheduler_job['description']" -%> } its('schedule') { should cmp <%= doc_generation ? "'#{scheduler_job['schedule']}'" : "scheduler_job['schedule']" -%> } its('time_zone') { should cmp <%= doc_generation ? "'#{scheduler_job['time_zone']}'" : "scheduler_job['time_zone']" -%> } - its('attempt_deadline') { should cmp <%= doc_generation ? "'#{scheduler_job['attempt_deadline']}'" : "scheduler_job['attempt_deadline']" -%> } its('http_target.http_method') { should cmp <%= doc_generation ? "'#{scheduler_job['http_method']}'" : "scheduler_job['http_method']" -%> } its('http_target.uri') { should cmp <%= doc_generation ? "'#{scheduler_job['http_target_uri']}'" : "scheduler_job['http_target_uri']" -%> } end \ No newline at end of file diff --git a/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_jobs.erb b/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_jobs.erb index 6d561a8b3e86..4406cf0a2311 100644 --- a/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_jobs.erb +++ b/templates/inspec/examples/google_cloud_scheduler_job/google_cloud_scheduler_jobs.erb @@ -7,7 +7,6 @@ google_cloud_scheduler_jobs(project: <%= doc_generation ? "#{gcp_project_id}" : its('description') { should cmp <%= doc_generation ? "'#{scheduler_job['description']}'" : "scheduler_job['description']" -%> } its('schedule') { should cmp <%= doc_generation ? "'#{scheduler_job['schedule']}'" : "scheduler_job['schedule']" -%> } its('time_zone') { should cmp <%= doc_generation ? "'#{scheduler_job['time_zone']}'" : "scheduler_job['time_zone']" -%> } - its('attempt_deadline') { should cmp <%= doc_generation ? "'#{scheduler_job['attempt_deadline']}'" : "scheduler_job['attempt_deadline']" -%> } its('http_target.http_method') { should cmp <%= doc_generation ? "'#{scheduler_job['http_method']}'" : "scheduler_job['http_method']" -%> } its('http_target.uri') { should cmp <%= doc_generation ? "'#{scheduler_job['http_target_uri']}'" : "scheduler_job['http_target_uri']" -%> } end diff --git a/templates/inspec/examples/google_compute_zone/google_compute_zone.erb b/templates/inspec/examples/google_compute_zone/google_compute_zone.erb index 067453b2fbfa..d9c1b73625d7 100644 --- a/templates/inspec/examples/google_compute_zone/google_compute_zone.erb +++ b/templates/inspec/examples/google_compute_zone/google_compute_zone.erb @@ -1,5 +1,5 @@ <% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%> -describe google_compute_zone(project: <%= gcp_project_id -%>, "us-central1-a") do +describe google_compute_zone(project: <%= gcp_project_id -%>, name: "us-central1-a") do it { should exist } it { should be_up } end \ No newline at end of file diff --git a/templates/inspec/examples/google_compute_zone/google_compute_zones.erb b/templates/inspec/examples/google_compute_zone/google_compute_zones.erb index e53b5e4aca74..3b0b0b5695bb 100644 --- a/templates/inspec/examples/google_compute_zone/google_compute_zones.erb +++ b/templates/inspec/examples/google_compute_zone/google_compute_zones.erb @@ -1,6 +1,6 @@ <% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%> google_compute_zones(project: <%= gcp_project_id -%>).zone_names.each do |zone_name| - describe google_compute_zones(project: <%= gcp_project_id -%>, name: zone_name) do + describe google_compute_zone(project: <%= gcp_project_id -%>, name: zone_name) do it { should exist } it { should be_up } end diff --git a/templates/inspec/examples/google_project_metric/google_project_metric.erb b/templates/inspec/examples/google_project_metric/google_project_metric.erb new file mode 100644 index 000000000000..24569fcfbc0e --- /dev/null +++ b/templates/inspec/examples/google_project_metric/google_project_metric.erb @@ -0,0 +1,12 @@ +<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%> +<% logging_metric = grab_attributes['logging_metric'] -%> +describe google_project_metric(project: <%= gcp_project_id -%>, name: <%= doc_generation ? "'#{logging_metric['name']}'" : "logging_metric['name']" -%>) do + it { should exist } + its('filter') { should cmp <%= doc_generation ? "'#{logging_metric['filter']}'" : "logging_metric['filter']" -%> } + its('metric_descriptor.metric_kind') { should cmp <%= doc_generation ? "'#{logging_metric['metric_kind']}'" : "logging_metric['metric_kind']" -%> } + its('metric_descriptor.value_type') { should cmp <%= doc_generation ? "'#{logging_metric['value_type']}'" : "logging_metric['value_type']" -%> } +end + +describe google_project_metric(project: <%= gcp_project_id -%>, name: 'nonexistent') do + it { should_not exist } +end \ No newline at end of file diff --git a/templates/inspec/examples/google_project_metric/google_project_metric_attributes.erb b/templates/inspec/examples/google_project_metric/google_project_metric_attributes.erb new file mode 100644 index 000000000000..22313211290d --- /dev/null +++ b/templates/inspec/examples/google_project_metric/google_project_metric_attributes.erb @@ -0,0 +1,2 @@ +gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.') +logging_metric = attribute('logging_metric', default: <%= JSON.pretty_generate(grab_attributes['logging_metric']) -%>, description: 'Logging metric definition') \ No newline at end of file diff --git a/templates/inspec/examples/google_project_metric/google_project_metrics.erb b/templates/inspec/examples/google_project_metric/google_project_metrics.erb new file mode 100644 index 000000000000..e00776c14c05 --- /dev/null +++ b/templates/inspec/examples/google_project_metric/google_project_metrics.erb @@ -0,0 +1,15 @@ +<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%> +<% logging_metric = grab_attributes['logging_metric'] -%> +describe google_project_metrics(project: <%= gcp_project_id -%>) do + it { should exist } + its('metric_filters') { should include <%= doc_generation ? "'#{logging_metric['filter']}'" : "logging_metric['filter']" -%> } + its('metric_names') { should include <%= doc_generation ? "'#{logging_metric['name']}'" : "logging_metric['name']" -%> } +end + +describe.one do + google_project_metrics(project: <%= gcp_project_id -%>).metric_types.each do |metric_type| + describe metric_type do + it { should match <%= doc_generation ? "'#{logging_metric['name']}'" : "logging_metric['name']" -%> } + end + end +end \ No newline at end of file diff --git a/templates/inspec/tests/integration/build/gcp-mm.tf b/templates/inspec/tests/integration/build/gcp-mm.tf index cb838230d0c0..71b8372227eb 100644 --- a/templates/inspec/tests/integration/build/gcp-mm.tf +++ b/templates/inspec/tests/integration/build/gcp-mm.tf @@ -1173,3 +1173,17 @@ resource "google_dns_managed_zone" "example-zone" { } } } + +variable "logging_metric" { + type = any +} + +resource "google_logging_metric" "logging_metric" { + project = var.gcp_project_id + name = var.logging_metric["name"] + filter = var.logging_metric["filter"] + metric_descriptor { + metric_kind = var.logging_metric["metric_kind"] + value_type = var.logging_metric["value_type"] + } +} diff --git a/templates/inspec/tests/integration/configuration/mm-attributes.yml b/templates/inspec/tests/integration/configuration/mm-attributes.yml index b846b44d6cf9..df62851c4eae 100644 --- a/templates/inspec/tests/integration/configuration/mm-attributes.yml +++ b/templates/inspec/tests/integration/configuration/mm-attributes.yml @@ -427,3 +427,9 @@ dns_managed_zone: name: example-zone description: example description dnssec_config_state: 'on' + +logging_metric: + name: some/metric + filter: 'resource.type=gae_app AND severity>=ERROR' + metric_kind: DELTA + value_type: INT64 diff --git a/third_party/inspec/custom_functions/dns_managed_zones.erb b/third_party/inspec/custom_functions/dns_managed_zones.erb index 95bbccc8994b..fc6496ee73a8 100644 --- a/third_party/inspec/custom_functions/dns_managed_zones.erb +++ b/third_party/inspec/custom_functions/dns_managed_zones.erb @@ -1 +1 @@ -hash_with_symbols[:dnssec_config_state] = hash['dnssecConfig']&.['state']&.downcase == 'on' \ No newline at end of file +hash_with_symbols[:dnssec_config_state] = hash.dig('dnssecConfig', 'state')&.downcase == 'on' \ No newline at end of file diff --git a/third_party/inspec/custom_functions/google_compute_zone.erb b/third_party/inspec/custom_functions/google_compute_zone.erb index f9194161ff33..c3fe941bb129 100644 --- a/third_party/inspec/custom_functions/google_compute_zone.erb +++ b/third_party/inspec/custom_functions/google_compute_zone.erb @@ -1,6 +1,6 @@ # helper method for retrieving a region name def region_name - @region&.split('/').last + @region&.split('/')&.last end def up? diff --git a/third_party/inspec/custom_functions/google_project.erb b/third_party/inspec/custom_functions/google_project.erb index a078cbea2ff4..b7dd1aa53b72 100644 --- a/third_party/inspec/custom_functions/google_project.erb +++ b/third_party/inspec/custom_functions/google_project.erb @@ -2,6 +2,10 @@ def project_name @name end +def project_number + @number&.to_i +end + def label_value_by_key(label_key) return nil if @labels.nil? || !@labels.has_key(label_key) @labels[label_key] diff --git a/third_party/inspec/custom_functions/google_project_metrics.erb b/third_party/inspec/custom_functions/google_project_metrics.erb new file mode 100644 index 000000000000..6e1f165c9e7f --- /dev/null +++ b/third_party/inspec/custom_functions/google_project_metrics.erb @@ -0,0 +1 @@ +hash_with_symbols[:metric_type] = hash.dig('metricDescriptor', 'type') \ No newline at end of file