Merge branch 'RESOURCE-313-gcp-replace-attribute-calls-with-input-cal…

…ls-in-integration-tests_1' of github.com:inspec/inspec-gcp into RESOURCE-313-gcp-replace-attribute-calls-with-input-calls-in-integration-tests_1

CHANGELOG.md

@@ -1,11 +1,36 @@
 # Change Log
 
-<!-- latest_release 1.10.23 -->
+<!-- latest_release 1.10.28 -->
+## [v1.10.28](https://github.com/inspec/inspec-gcp/tree/v1.10.28) (2022-06-15)
+
+#### Merged Pull Requests
+- RESOURCE-325-soc2-section-cc6-6-gcp [#411](https://github.com/inspec/inspec-gcp/pull/411) ([sa-progress](https://github.com/sa-progress))
+<!-- latest_release -->
+
+## [v1.10.27](https://github.com/inspec/inspec-gcp/tree/v1.10.27) (2022-05-19)
+
+#### Merged Pull Requests
+- Do not raise an error when calling resource_id if @connection is nil [#416](https://github.com/inspec/inspec-gcp/pull/416) ([rbclark](https://github.com/rbclark))
+
+## [v1.10.26](https://github.com/inspec/inspec-gcp/tree/v1.10.26) (2022-05-10)
+
+#### Merged Pull Requests
+- RESOURCE-356 add-superclass-resource-id-method-for-gcp [#414](https://github.com/inspec/inspec-gcp/pull/414) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.25](https://github.com/inspec/inspec-gcp/tree/v1.10.25) (2022-05-06)
+
+#### Merged Pull Requests
+-  RESOURCE-37-sql  added for sql operations [#412](https://github.com/inspec/inspec-gcp/pull/412) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.24](https://github.com/inspec/inspec-gcp/tree/v1.10.24) (2022-04-22)
+
+#### Merged Pull Requests
+- RESOURCE-68 compute-global-public-delegated-prefixes [#413](https://github.com/inspec/inspec-gcp/pull/413) ([sa-progress](https://github.com/sa-progress))
+
 ## [v1.10.23](https://github.com/inspec/inspec-gcp/tree/v1.10.23) (2022-03-14)
 
 #### Merged Pull Requests
 - RESOURCE-55 region health check services [#401](https://github.com/inspec/inspec-gcp/pull/401) ([sa-progress](https://github.com/sa-progress))
-<!-- latest_release -->
 
 ## [v1.10.21](https://github.com/inspec/inspec-gcp/tree/v1.10.21) (2022-03-14)
 

VERSION

@@ -1 +1 @@
-1.10.23
+1.10.28

docs/resources/google_compute_public_delegated_prefix.md

@@ -0,0 +1,46 @@
+---
+title: About the google_compute_public_delegated_prefix resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_public_delegated_prefix` is used to test a Google PublicDelegatedPrefix resource
+
+## Examples
+```
+describe google_compute_public_delegated_prefix(project: 'chef-gcp-inspec', region: 'us-east1-b', name: 'test') do
+  it { should exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_public_delegated_prefix` resource:
+
+
+  * `creation_timestamp`: Creation timestamp in RFC3339 text format.This field is deprecated.
+
+  * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+  * `id`: The unique identifier for the resource.
+
+  * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+  * `ip_cidr_range`: The IPv4 address range, in CIDR format, represented by this public delegated prefix.
+
+  * `parent_prefix`: The value of requestId if you provided it in the request. Not present otherwise.
+
+  * `is_live_migration`: If true, the prefix will be live migrated.
+
+  * `fingerprint`: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a new PublicDelegatedPrefix. An up-to-date fingerprint must be provided in order to update the PublicDelegatedPrefix, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a PublicDelegatedPrefix. A base64-encoded string.
+
+  * `status`: The status of the public delegated prefix, which can be one of following values: * INITIALIZING The public delegated prefix is being initialized and addresses cannot be created yet. * READY_TO_ANNOUNCE The public delegated prefix is a live migration prefix and is active. * ANNOUNCED The public delegated prefix is active. * DELETING The public delegated prefix is being deprovsioned.
+  Possible values:
+    * INITIALIZING
+    * READY_TO_ANNOUNCE
+    * ANNOUNCED
+    * DELETING
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.

docs/resources/google_compute_public_delegated_prefixes.md

@@ -0,0 +1,36 @@
+---
+title: About the google_compute_public_delegated_prefixes resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_public_delegated_prefixes` is used to test a Google PublicDelegatedPrefix resource
+
+## Examples
+```
+describe google_compute_public_delegated_prefixes(project: 'chef-gcp-inspec', region: 'us-east1-b') do
+  it { should exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_public_delegated_prefixes` resource:
+
+See [google_compute_public_delegated_prefix.md](google_compute_public_delegated_prefix.md) for more detailed information
+  * `creation_timestamps`: an array of `google_compute_public_delegated_prefix` creation_timestamp
+  * `descriptions`: an array of `google_compute_public_delegated_prefix` description
+  * `ids`: an array of `google_compute_public_delegated_prefix` id
+  * `names`: an array of `google_compute_public_delegated_prefix` name
+  * `ip_cidr_ranges`: an array of `google_compute_public_delegated_prefix` ip_cidr_range
+  * `parent_prefixes`: an array of `google_compute_public_delegated_prefix` parent_prefix
+  * `is_live_migrations`: an array of `google_compute_public_delegated_prefix` is_live_migration
+  * `fingerprints`: an array of `google_compute_public_delegated_prefix` fingerprint
+  * `statuses`: an array of `google_compute_public_delegated_prefix` status
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.

docs/resources/google_sql_operation.md

@@ -0,0 +1,77 @@
+---
+title: About the google_sql_operation resource
+platform: gcp
+---
+
+## Syntax
+A `google_sql_operation` is used to test a Google Operation resource
+
+## Examples
+```
+describe google_sql_operation(project: 'chef-gcp-inspec', operation: 'e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5') do
+  it { should exist }
+  its('name') { should eq 'e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5' }
+  its('status') { should eq 'DONE' }
+  its('operation_type') { should eq 'CREATE' }
+end
+
+describe google_sql_operation(project: 'chef-gcp-inspec', operation: 'nonexistant') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_sql_operation` resource:
+
+
+  * `user`: The email address of the user who initiated this operation.
+
+  * `name`: An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation.
+
+  * `status`: An Operation resource. For successful operations that return an Operation resource, only the fields relevant to the operation are populated in the resource.
+  Possible values:
+    * PENDING
+    * RUNNING
+    * DONE
+    * SQL_OPERATION_STATUS_UNSPECIFIED
+
+  * `operation_type`: An Operation resource. For successful operations that return an Operation resource, only the fields relevant to the operation are populated in the resource.
+  Possible values:
+    * SQL_OPERATION_TYPE_UNSPECIFIED
+    * IMPORT
+    * EXPORT
+    * CREATE
+    * UPDATE
+    * DELETE
+    * RESTART
+    * BACKUP_VOLUME
+    * DELETE_VOLUME
+    * RESTORE_VOLUME
+    * INJECT_USER
+    * CLONE
+    * STOP_REPLICA
+    * START_REPLICA
+    * START_REPLICA
+    * CREATE_REPLICA
+    * CREATE_USER
+    * DELETE_USER
+    * UPDATE_USER
+    * CREATE_DATABASE
+    * DELETE_DATABASE
+    * CREATE_REPLICA
+    * UPDATE_DATABASE
+    * FAILOVER
+    * DELETE_BACKUP
+    * RECREATE_REPLICA
+    * TRUNCATE_LOG
+    * DEMOTE_MASTER
+    * MAINTENANCE
+    * RESCHEDULE_MAINTENANCE
+    * START_EXTERNAL_SYNC
+
+  * `instance`: The name of the Cloud SQL instance. This does not include the project ID.
+
+
+## GCP Permissions
+
+Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project.

docs/resources/google_sql_operations.md

@@ -0,0 +1,36 @@
+---
+title: About the google_sql_operations resource
+platform: gcp
+---
+
+## Syntax
+A `google_sql_operations` is used to test a Google Operation resource
+
+## Examples
+```
+
+describe google_sql_operations(project: 'chef-gcp-inspec', instance: 'my-database') do
+  it { should exist }
+  its('names') { should include 'e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5' }
+  its('statuses') { should include 'DONE' }
+  its('operation_types') { should include 'CREATE' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_sql_operations` resource:
+
+See [google_sql_operation.md](google_sql_operation.md) for more detailed information
+  * `users`: an array of `google_sql_operation` user
+  * `names`: an array of `google_sql_operation` name
+  * `statuses`: an array of `google_sql_operation` status
+  * `operation_types`: an array of `google_sql_operation` operation_type
+  * `instances`: an array of `google_sql_operation` instance
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project.

inspec.yml

@@ -4,7 +4,7 @@ maintainer: [email protected],[email protected]
 summary: This resource pack provides compliance resources_old_ignore for Google Cloud Platform
 copyright: [email protected],[email protected]
 copyright_email: [email protected],[email protected]
-version: 1.10.23
+version: 1.10.28
 license: Apache-2.0
 inspec_version: '>= 4.7.3' 
 supports:

libraries/gcp_backend.rb

@@ -29,6 +29,10 @@ def failed_resource?
     @failed_resource
   end
 
+  def resource_id
+    @connection&.resource_id
+  end
+
   # Intercept GCP exceptions
   def catch_gcp_errors
     yield
@@ -248,9 +252,19 @@ def return_if_object(response)
     result = JSON.parse(response.body)
     raise_if_errors result, %w{error errors}, 'message'
     raise "Bad response: #{response}" unless response.is_a?(Net::HTTPOK)
+    fetch_id result
     result
   end
 
+  def fetch_id(result)
+    @resource_id = if result.key?('id')
+                     result['id']
+                   else
+                     result['name']
+                   end
+  end
+  attr_reader :resource_id
+
   def raise_if_errors(response, err_path, msg_field)
     errors = self.class.navigate(response, err_path)
     raise_error(errors, msg_field) unless errors.nil?

libraries/google_compute_firewall.rb

@@ -123,6 +123,86 @@ def denied_rdp?
     port_protocol_denied('3389')
   end
 
+  def allowed_dns?
+    port_protocol_allowed('53') || port_protocol_allowed('53', 'udp')
+  end
+
+  def allowed_cifs?
+    port_protocol_allowed('445', 'udp')
+  end
+
+  def allowed_ftp?
+    port_protocol_allowed('20') || port_protocol_allowed('21')
+  end
+
+  def allowed_hdfs_name_node_service?
+    port_protocol_allowed('8020')
+  end
+
+  def allowed_name_node_webui_service?
+    port_protocol_allowed('50070') || port_protocol_allowed('50470')
+  end
+
+  def allowed_kibana?
+    port_protocol_allowed('5601')
+  end
+
+  def allowed_mysql?
+    port_protocol_allowed('4333') || port_protocol_allowed('3306')
+  end
+
+  def allowed_net_bios?
+    port_protocol_allowed('137', 'udp') || port_protocol_allowed('138', 'udp')
+  end
+
+  def allowed_oracle?
+    port_protocol_allowed('1521')
+  end
+
+  def allowed_postgre_sql?
+    port_protocol_allowed('5432')
+  end
+
+  def allowed_rpc?
+    port_protocol_allowed('135')
+  end
+
+  def allowed_sql_server?
+    port_protocol_allowed('1434') || port_protocol_allowed('1433')
+  end
+
+  def allowed_smtp?
+    port_protocol_allowed('25')
+  end
+
+  def allowed_windows_smb?
+    port_protocol_allowed('445')
+  end
+
+  def allowed_vnc_server?
+    port_protocol_allowed('5900')
+  end
+
+  def allowed_vnc_client?
+    port_protocol_allowed('5500')
+  end
+
+  def allowed_telnet?
+    port_protocol_allowed('23')
+  end
+
+  def allowed_oracle_auto_data_warehouse?
+    port_protocol_allowed('1522')
+  end
+
+  def allowed_salt_master?
+    port_protocol_allowed('4505') || port_protocol_allowed('4506')
+  end
+
+  def allowed_docker?
+    port_protocol_allowed('2375') || port_protocol_allowed('2376')
+  end
+
   def allow_port_protocol?(port, protocol)
     port_protocol_allowed(port, protocol)
   end