From 97c5bd282bc6fed36020eb3819a156ee3cec2f77 Mon Sep 17 00:00:00 2001 From: Samir Anand Date: Mon, 11 Dec 2023 11:02:46 +0530 Subject: [PATCH 1/7] Automatically generated by magic modules for service: orgpolicy and resource: Folders__policy. This commit includes the following changes: - Singular Resource - Plural Resource - Documentation updates - Terraform configuration - Integration tests Signed-off-by: Samir Anand --- .../google_orgpolicy_folder_policies.md | 31 ++++ .../google_orgpolicy_folder_policy.md | 137 ++++++++++++++++++ .../property/folderpolicy_alternate.rb | 39 +++++ .../property/folderpolicy_alternate_spec.rb | 47 ++++++ .../folderpolicy_alternate_spec_rules.rb | 56 +++++++ ...erpolicy_alternate_spec_rules_condition.rb | 43 ++++++ ...olderpolicy_alternate_spec_rules_values.rb | 37 +++++ .../property/folderpolicy_dry_run_spec.rb | 47 ++++++ .../folderpolicy_dry_run_spec_rules.rb | 56 +++++++ ...lderpolicy_dry_run_spec_rules_condition.rb | 43 ++++++ .../folderpolicy_dry_run_spec_rules_values.rb | 37 +++++ .../orgpolicy/property/folderpolicy_spec.rb | 47 ++++++ .../property/folderpolicy_spec_rules.rb | 56 +++++++ .../folderpolicy_spec_rules_condition.rb | 43 ++++++ .../folderpolicy_spec_rules_values.rb | 37 +++++ libraries/google_orgpolicy_folder_policies.rb | 85 +++++++++++ libraries/google_orgpolicy_folder_policy.rb | 68 +++++++++ .../google_orgpolicy_folder_policies.rb | 30 ++++ .../google_orgpolicy_folder_policy.rb | 36 +++++ 19 files changed, 975 insertions(+) create mode 100644 docs/resources/google_orgpolicy_folder_policies.md create mode 100644 docs/resources/google_orgpolicy_folder_policy.md create mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb create mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb create mode 100644 libraries/google_orgpolicy_folder_policies.rb create mode 100644 libraries/google_orgpolicy_folder_policy.rb create mode 100644 test/integration/verify/controls/google_orgpolicy_folder_policies.rb create mode 100644 test/integration/verify/controls/google_orgpolicy_folder_policy.rb diff --git a/docs/resources/google_orgpolicy_folder_policies.md b/docs/resources/google_orgpolicy_folder_policies.md new file mode 100644 index 000000000..f77732d3e --- /dev/null +++ b/docs/resources/google_orgpolicy_folder_policies.md @@ -0,0 +1,31 @@ +--- +title: About the google_orgpolicy_folder_policies resource +platform: gcp +--- + +## Syntax +A `google_orgpolicy_folder_policies` is used to test a Google FolderPolicy resource + +## Examples +``` + describe google_orgpolicy_folder_policies(parent: ' value_parent') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_orgpolicy_folder_policies` resource: + +See [google_orgpolicy_folder_policy.md](google_orgpolicy_folder_policy.md) for more detailed information + * `dry_run_specs`: an array of `google_orgpolicy_folder_policy` dry_run_spec + * `specs`: an array of `google_orgpolicy_folder_policy` spec + * `names`: an array of `google_orgpolicy_folder_policy` name + * `alternates`: an array of `google_orgpolicy_folder_policy` alternate + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [https://orgpolicy.googleapis.com/](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_orgpolicy_folder_policy.md b/docs/resources/google_orgpolicy_folder_policy.md new file mode 100644 index 000000000..aec0b753d --- /dev/null +++ b/docs/resources/google_orgpolicy_folder_policy.md @@ -0,0 +1,137 @@ +--- +title: About the google_orgpolicy_folder_policy resource +platform: gcp +--- + +## Syntax +A `google_orgpolicy_folder_policy` is used to test a Google FolderPolicy resource + +## Examples +``` +describe google_orgpolicy_folder_policy(name: ' value_name') do + it { should exist } + its('name') { should cmp 'value_name' } + +end + +describe google_orgpolicy_folder_policy(name: "does_not_exit") do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_orgpolicy_folder_policy` resource: + + + * `dry_run_spec`: Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources. + + * `update_time`: Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy. + + * `rules`: In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + + * `condition`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. + + * `title`: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + + * `location`: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `description`: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + + * `deny_all`: Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + + * `allow_all`: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + + * `enforce`: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints. + + * `values`: A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. + + * `denied_values`: List of values denied at this resource. + + * `allowed_values`: List of values allowed at this resource. + + * `etag`: An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset. + + * `reset`: Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. + + * `inherit_from_parent`: Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + + * `spec`: Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources. + + * `update_time`: Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy. + + * `rules`: In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + + * `condition`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. + + * `title`: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + + * `location`: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `description`: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + + * `deny_all`: Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + + * `allow_all`: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + + * `enforce`: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints. + + * `values`: A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. + + * `denied_values`: List of values denied at this resource. + + * `allowed_values`: List of values allowed at this resource. + + * `etag`: An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset. + + * `reset`: Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. + + * `inherit_from_parent`: Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + + * `name`: Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number. + + * `alternate`: Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch. + + * `launch`: Reference to the launch that will be used while audit logging and to control the launch. Should be set only in the alternate policy. + + * `spec`: Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources. + + * `update_time`: Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy. + + * `rules`: In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + + * `condition`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. + + * `title`: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + + * `location`: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `description`: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + + * `deny_all`: Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + + * `allow_all`: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + + * `enforce`: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints. + + * `values`: A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. + + * `denied_values`: List of values denied at this resource. + + * `allowed_values`: List of values allowed at this resource. + + * `etag`: An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset. + + * `reset`: Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. + + * `inherit_from_parent`: Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + + +## GCP Permissions + +Ensure the [https://orgpolicy.googleapis.com/](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate.rb new file mode 100644 index 000000000..45aa0ae27 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_alternate.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_alternate_spec' +require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyAlternate + attr_reader :launch + + attr_reader :spec + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @launch = args['launch'] + @spec = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpec.new(args['spec'], to_s) + end + + def to_s + "#{@parent_identifier} FolderPolicyAlternate" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb new file mode 100644 index 000000000..ffd15763b --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyAlternateSpec + attr_reader :update_time + + attr_reader :rules + + attr_reader :etag + + attr_reader :reset + + attr_reader :inherit_from_parent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @update_time = args['updateTime'] + @rules = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpecRulesArray.parse(args['rules'], to_s) + @etag = args['etag'] + @reset = args['reset'] + @inherit_from_parent = args['inheritFromParent'] + end + + def to_s + "#{@parent_identifier} FolderPolicyAlternateSpec" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb new file mode 100644 index 000000000..9feaf6cfe --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition' +require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules_values' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyAlternateSpecRules + attr_reader :condition + + attr_reader :deny_all + + attr_reader :allow_all + + attr_reader :enforce + + attr_reader :values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @condition = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpecRulesCondition.new(args['condition'], to_s) + @deny_all = args['denyAll'] + @allow_all = args['allowAll'] + @enforce = args['enforce'] + @values = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpecRulesValues.new(args['values'], to_s) + end + + def to_s + "#{@parent_identifier} FolderPolicyAlternateSpecRules" + end + end + + class FolderPolicyAlternateSpecRulesArray + def self.parse(value, parent_identifier) + return if value.nil? + return FolderPolicyAlternateSpecRules.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| FolderPolicyAlternateSpecRules.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb new file mode 100644 index 000000000..db80bf30b --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyAlternateSpecRulesCondition + attr_reader :title + + attr_reader :location + + attr_reader :expression + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @title = args['title'] + @location = args['location'] + @expression = args['expression'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} FolderPolicyAlternateSpecRulesCondition" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb new file mode 100644 index 000000000..063c32ec9 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyAlternateSpecRulesValues + attr_reader :denied_values + + attr_reader :allowed_values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @denied_values = args['deniedValues'] + @allowed_values = args['allowedValues'] + end + + def to_s + "#{@parent_identifier} FolderPolicyAlternateSpecRulesValues" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb new file mode 100644 index 000000000..b7fed447c --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyDryRunSpec + attr_reader :update_time + + attr_reader :rules + + attr_reader :etag + + attr_reader :reset + + attr_reader :inherit_from_parent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @update_time = args['updateTime'] + @rules = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpecRulesArray.parse(args['rules'], to_s) + @etag = args['etag'] + @reset = args['reset'] + @inherit_from_parent = args['inheritFromParent'] + end + + def to_s + "#{@parent_identifier} FolderPolicyDryRunSpec" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb new file mode 100644 index 000000000..47b6b58d8 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition' +require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyDryRunSpecRules + attr_reader :condition + + attr_reader :deny_all + + attr_reader :allow_all + + attr_reader :enforce + + attr_reader :values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @condition = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpecRulesCondition.new(args['condition'], to_s) + @deny_all = args['denyAll'] + @allow_all = args['allowAll'] + @enforce = args['enforce'] + @values = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpecRulesValues.new(args['values'], to_s) + end + + def to_s + "#{@parent_identifier} FolderPolicyDryRunSpecRules" + end + end + + class FolderPolicyDryRunSpecRulesArray + def self.parse(value, parent_identifier) + return if value.nil? + return FolderPolicyDryRunSpecRules.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| FolderPolicyDryRunSpecRules.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb new file mode 100644 index 000000000..30756d52d --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyDryRunSpecRulesCondition + attr_reader :title + + attr_reader :location + + attr_reader :expression + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @title = args['title'] + @location = args['location'] + @expression = args['expression'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} FolderPolicyDryRunSpecRulesCondition" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb new file mode 100644 index 000000000..b75e4584d --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicyDryRunSpecRulesValues + attr_reader :denied_values + + attr_reader :allowed_values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @denied_values = args['deniedValues'] + @allowed_values = args['allowedValues'] + end + + def to_s + "#{@parent_identifier} FolderPolicyDryRunSpecRulesValues" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec.rb b/libraries/google/orgpolicy/property/folderpolicy_spec.rb new file mode 100644 index 000000000..2908136ea --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicySpec + attr_reader :update_time + + attr_reader :rules + + attr_reader :etag + + attr_reader :reset + + attr_reader :inherit_from_parent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @update_time = args['updateTime'] + @rules = GoogleInSpec::Orgpolicy::Property::FolderPolicySpecRulesArray.parse(args['rules'], to_s) + @etag = args['etag'] + @reset = args['reset'] + @inherit_from_parent = args['inheritFromParent'] + end + + def to_s + "#{@parent_identifier} FolderPolicySpec" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb b/libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb new file mode 100644 index 000000000..35bc903f4 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderpolicy_spec_rules_condition' +require 'google/orgpolicy/property/folderpolicy_spec_rules_values' +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicySpecRules + attr_reader :condition + + attr_reader :deny_all + + attr_reader :allow_all + + attr_reader :enforce + + attr_reader :values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @condition = GoogleInSpec::Orgpolicy::Property::FolderPolicySpecRulesCondition.new(args['condition'], to_s) + @deny_all = args['denyAll'] + @allow_all = args['allowAll'] + @enforce = args['enforce'] + @values = GoogleInSpec::Orgpolicy::Property::FolderPolicySpecRulesValues.new(args['values'], to_s) + end + + def to_s + "#{@parent_identifier} FolderPolicySpecRules" + end + end + + class FolderPolicySpecRulesArray + def self.parse(value, parent_identifier) + return if value.nil? + return FolderPolicySpecRules.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| FolderPolicySpecRules.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb b/libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb new file mode 100644 index 000000000..e357d8395 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicySpecRulesCondition + attr_reader :title + + attr_reader :location + + attr_reader :expression + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @title = args['title'] + @location = args['location'] + @expression = args['expression'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} FolderPolicySpecRulesCondition" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb b/libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb new file mode 100644 index 000000000..748eab392 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderPolicySpecRulesValues + attr_reader :denied_values + + attr_reader :allowed_values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @denied_values = args['deniedValues'] + @allowed_values = args['allowedValues'] + end + + def to_s + "#{@parent_identifier} FolderPolicySpecRulesValues" + end + end + end + end +end diff --git a/libraries/google_orgpolicy_folder_policies.rb b/libraries/google_orgpolicy_folder_policies.rb new file mode 100644 index 000000000..6ac7427d5 --- /dev/null +++ b/libraries/google_orgpolicy_folder_policies.rb @@ -0,0 +1,85 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class OrgpolicyFolderPolicys < GcpResourceBase + name 'google_orgpolicy_folder_policies' + desc 'FolderPolicy plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:dry_run_specs, field: :dry_run_spec) + filter_table_config.add(:specs, field: :spec) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:alternates, field: :alternate) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('folderPolicies') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'dryRunSpec' => ->(obj) { [:dry_run_spec, GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpec.new(obj['dryRunSpec'], to_s)] }, + 'spec' => ->(obj) { [:spec, GoogleInSpec::Orgpolicy::Property::FolderPolicySpec.new(obj['spec'], to_s)] }, + 'name' => ->(obj) { [:name, obj['name']] }, + 'alternate' => ->(obj) { [:alternate, GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternate.new(obj['alternate'], to_s)] }, + } + end + + private + + def product_url(_ = nil) + 'https://orgpolicy.googleapis.com//v1/' + end + + def resource_base_url + 'v2/{{parent}}/policies' + end +end diff --git a/libraries/google_orgpolicy_folder_policy.rb b/libraries/google_orgpolicy_folder_policy.rb new file mode 100644 index 000000000..7f99d5c0f --- /dev/null +++ b/libraries/google_orgpolicy_folder_policy.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/orgpolicy/property/folderpolicy_alternate' +require 'google/orgpolicy/property/folderpolicy_alternate_spec' +require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules' +require 'google/orgpolicy/property/folderpolicy_dry_run_spec' +require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules' +require 'google/orgpolicy/property/folderpolicy_spec' +require 'google/orgpolicy/property/folderpolicy_spec_rules' + +# A provider to manage orgpolicy resources. +class OrgpolicyFolderPolicy < GcpResourceBase + name 'google_orgpolicy_folder_policy' + desc 'FolderPolicy' + supports platform: 'gcp' + + attr_reader :params + attr_reader :dry_run_spec + attr_reader :spec + attr_reader :name + attr_reader :alternate + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @dry_run_spec = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpec.new(@fetched['dryRunSpec'], to_s) + @spec = GoogleInSpec::Orgpolicy::Property::FolderPolicySpec.new(@fetched['spec'], to_s) + @name = @fetched['name'] + @alternate = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternate.new(@fetched['alternate'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "FolderPolicy #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://orgpolicy.googleapis.com//v1/' + end + + def resource_base_url + 'v2/{{name}}' + end +end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_policies.rb b/test/integration/verify/controls/google_orgpolicy_folder_policies.rb new file mode 100644 index 000000000..aec3e49da --- /dev/null +++ b/test/integration/verify/controls/google_orgpolicy_folder_policies.rb @@ -0,0 +1,30 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_orgpolicy_folder_policies resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + folder_policy = input('folder_policy', value: { + "name": "value_name", + "parent": "value_parent" +}, description: 'folder_policy description') +control 'google_orgpolicy_folder_policies-1.0' do + impact 1.0 + title 'google_orgpolicy_folder_policies resource test' + + describe google_orgpolicy_folder_policies(parent: folder_policy['parent']) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_policy.rb b/test/integration/verify/controls/google_orgpolicy_folder_policy.rb new file mode 100644 index 000000000..41cbff553 --- /dev/null +++ b/test/integration/verify/controls/google_orgpolicy_folder_policy.rb @@ -0,0 +1,36 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_orgpolicy_folder_policy resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + folder_policy = input('folder_policy', value: { + "name": "value_name", + "parent": "value_parent" +}, description: 'folder_policy description') +control 'google_orgpolicy_folder_policy-1.0' do + impact 1.0 + title 'google_orgpolicy_folder_policy resource test' + + describe google_orgpolicy_folder_policy(name: folder_policy['name']) do + it { should exist } + its('name') { should cmp folder_policy['name'] } + + end + + describe google_orgpolicy_folder_policy(name: "does_not_exit") do + it { should_not exist } + end +end From fda6228d6ed9501ce9a266ada21ae5e84141d4c6 Mon Sep 17 00:00:00 2001 From: Samir <85890442+sa-progress@users.noreply.github.com> Date: Wed, 15 May 2024 17:57:20 +0530 Subject: [PATCH 2/7] Automatically generated by magic modules for service: orgpolicy_v2 and resource: Folders__constraint. This commit includes the following changes: - Singular Resource - Plural Resource - Documentation updates - Terraform configuration - Integration tests Signed-off-by: Samir <85890442+sa-progress@users.noreply.github.com> --- .../google_orgpolicy_folder_constraint.md | 66 +++++++++++++++ .../google_orgpolicy_folder_constraints.md | 29 +++++++ .../property/folderconstraint_constraints.rb | 62 ++++++++++++++ ...t_constraints_google_managed_constraint.rb | 43 ++++++++++ ...rconstraint_constraints_list_constraint.rb | 37 +++++++++ .../google_orgpolicy_folder_constraint.rb | 58 +++++++++++++ .../google_orgpolicy_folder_constraints.rb | 81 +++++++++++++++++++ .../google_orgpolicy_folder_constraint.rb | 34 ++++++++ .../google_orgpolicy_folder_constraints.rb | 29 +++++++ 9 files changed, 439 insertions(+) create mode 100644 docs/resources/google_orgpolicy_folder_constraint.md create mode 100644 docs/resources/google_orgpolicy_folder_constraints.md create mode 100644 libraries/google/orgpolicy/property/folderconstraint_constraints.rb create mode 100644 libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb create mode 100644 libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb create mode 100644 libraries/google_orgpolicy_folder_constraint.rb create mode 100644 libraries/google_orgpolicy_folder_constraints.rb create mode 100644 test/integration/verify/controls/google_orgpolicy_folder_constraint.rb create mode 100644 test/integration/verify/controls/google_orgpolicy_folder_constraints.rb diff --git a/docs/resources/google_orgpolicy_folder_constraint.md b/docs/resources/google_orgpolicy_folder_constraint.md new file mode 100644 index 000000000..5eb22648f --- /dev/null +++ b/docs/resources/google_orgpolicy_folder_constraint.md @@ -0,0 +1,66 @@ +--- +title: About the google_orgpolicy_folder_constraint resource +platform: gcp +--- + +## Syntax +A `google_orgpolicy_folder_constraint` is used to test a Google FolderConstraint resource + +## Examples +``` +describe google_orgpolicy_folder_constraint() do + it { should exist } + +end + +describe google_orgpolicy_folder_constraint() do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_orgpolicy_folder_constraint` resource: + + + * `next_page_token`: Page token used to retrieve the next page. This is currently not used. + + * `constraints`: The collection of constraints that are available on the targeted resource. + + * `display_name`: The human readable name. Mutable. + + * `google_managed_constraint`: A Google managed constraint. This represents a subset of fields missing from Constraint proto that are required to describe CustomConstraint + + * `action_type`: Allow or deny type. + Possible values: + * ACTION_TYPE_UNSPECIFIED + * ALLOW + * DENY + + * `resource_types`: The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`. + + * `condition`: Org policy condition/expression. For example: `resource.instanceName.matches("[production|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters. + + * `method_types`: All the operations being applied for this constraint. + + * `description`: Detailed description of what this constraint controls as well as how and where it is enforced. Mutable. + + * `constraint_default`: The evaluation behavior of this constraint in the absence of a policy. + Possible values: + * CONSTRAINT_DEFAULT_UNSPECIFIED + * ALLOW + * DENY + + * `supports_dry_run`: Shows if dry run is supported for this constraint or not. + + * `name`: Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, "/projects/123/constraints/compute.disableSerialPortAccess". + + * `list_constraint`: A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy. + + * `supports_under`: Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"under:folders/123"` would match any resource under the 'folders/123' folder. + + * `supports_in`: Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would match any value in the 'Python' group. + + +## GCP Permissions + +Ensure the [https://orgpolicy.googleapis.com/](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_orgpolicy_folder_constraints.md b/docs/resources/google_orgpolicy_folder_constraints.md new file mode 100644 index 000000000..8d5ff93af --- /dev/null +++ b/docs/resources/google_orgpolicy_folder_constraints.md @@ -0,0 +1,29 @@ +--- +title: About the google_orgpolicy_folder_constraints resource +platform: gcp +--- + +## Syntax +A `google_orgpolicy_folder_constraints` is used to test a Google FolderConstraint resource + +## Examples +``` + describe google_orgpolicy_folder_constraints(parent: ' value_parent') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_orgpolicy_folder_constraints` resource: + +See [google_orgpolicy_folder_constraint.md](google_orgpolicy_folder_constraint.md) for more detailed information + * `next_page_tokens`: an array of `google_orgpolicy_folder_constraint` next_page_token + * `constraints`: an array of `google_orgpolicy_folder_constraint` constraints + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [https://orgpolicy.googleapis.com/](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/orgpolicy/property/folderconstraint_constraints.rb b/libraries/google/orgpolicy/property/folderconstraint_constraints.rb new file mode 100644 index 000000000..7235787cc --- /dev/null +++ b/libraries/google/orgpolicy/property/folderconstraint_constraints.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint' +require 'google/orgpolicy/property/folderconstraint_constraints_list_constraint' +module GoogleInSpec + module Orgpolicy + module Property + class FolderConstraintConstraints + attr_reader :display_name + + attr_reader :google_managed_constraint + + attr_reader :description + + attr_reader :constraint_default + + attr_reader :supports_dry_run + + attr_reader :name + + attr_reader :list_constraint + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @display_name = args['displayName'] + @google_managed_constraint = GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsGoogleManagedConstraint.new(args['googleManagedConstraint'], to_s) + @description = args['description'] + @constraint_default = args['constraintDefault'] + @supports_dry_run = args['supportsDryRun'] + @name = args['name'] + @list_constraint = GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsListConstraint.new(args['listConstraint'], to_s) + end + + def to_s + "#{@parent_identifier} FolderConstraintConstraints" + end + end + + class FolderConstraintConstraintsArray + def self.parse(value, parent_identifier) + return if value.nil? + return FolderConstraintConstraints.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| FolderConstraintConstraints.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb b/libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb new file mode 100644 index 000000000..31bfe8e91 --- /dev/null +++ b/libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderConstraintConstraintsGoogleManagedConstraint + attr_reader :action_type + + attr_reader :resource_types + + attr_reader :condition + + attr_reader :method_types + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @action_type = args['actionType'] + @resource_types = args['resourceTypes'] + @condition = args['condition'] + @method_types = args['methodTypes'] + end + + def to_s + "#{@parent_identifier} FolderConstraintConstraintsGoogleManagedConstraint" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb b/libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb new file mode 100644 index 000000000..625a8040a --- /dev/null +++ b/libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class FolderConstraintConstraintsListConstraint + attr_reader :supports_under + + attr_reader :supports_in + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @supports_under = args['supportsUnder'] + @supports_in = args['supportsIn'] + end + + def to_s + "#{@parent_identifier} FolderConstraintConstraintsListConstraint" + end + end + end + end +end diff --git a/libraries/google_orgpolicy_folder_constraint.rb b/libraries/google_orgpolicy_folder_constraint.rb new file mode 100644 index 000000000..ea3e474d1 --- /dev/null +++ b/libraries/google_orgpolicy_folder_constraint.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/orgpolicy/property/folderconstraint_constraints' + +# A provider to manage orgpolicy resources. +class OrgpolicyFolderConstraint < GcpResourceBase + name 'google_orgpolicy_folder_constraint' + desc 'FolderConstraint' + supports platform: 'gcp' + + attr_reader :params + attr_reader :next_page_token + attr_reader :constraints + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @next_page_token = @fetched['nextPageToken'] + @constraints = GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsArray.parse(@fetched['constraints'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "FolderConstraint #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://orgpolicy.googleapis.com/v2/' + end + + def resource_base_url + '{{+parent}}/constraints/{{name}}' + end +end diff --git a/libraries/google_orgpolicy_folder_constraints.rb b/libraries/google_orgpolicy_folder_constraints.rb new file mode 100644 index 000000000..ffac0f06c --- /dev/null +++ b/libraries/google_orgpolicy_folder_constraints.rb @@ -0,0 +1,81 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class OrgpolicyFolderConstraints < GcpResourceBase + name 'google_orgpolicy_folder_constraints' + desc 'FolderConstraint plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:next_page_tokens, field: :next_page_token) + filter_table_config.add(:constraints, field: :constraints) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('folderConstraints') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'nextPageToken' => ->(obj) { [:next_page_token, obj['nextPageToken']] }, + 'constraints' => ->(obj) { [:constraints, GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsArray.parse(obj['constraints'], to_s)] }, + } + end + + private + + def product_url(_ = nil) + 'https://orgpolicy.googleapis.com/v2/' + end + + def resource_base_url + '{{+parent}}/constraints' + end +end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_constraint.rb b/test/integration/verify/controls/google_orgpolicy_folder_constraint.rb new file mode 100644 index 000000000..0f19f328d --- /dev/null +++ b/test/integration/verify/controls/google_orgpolicy_folder_constraint.rb @@ -0,0 +1,34 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_orgpolicy_folder_constraint resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + folder_constraint = input('folder_constraint', value: { + "parent": "value_parent" +}, description: 'folder_constraint description') +control 'google_orgpolicy_folder_constraint-1.0' do + impact 1.0 + title 'google_orgpolicy_folder_constraint resource test' + + describe google_orgpolicy_folder_constraint() do + it { should exist } + + end + + describe google_orgpolicy_folder_constraint() do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb b/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb new file mode 100644 index 000000000..84598bf76 --- /dev/null +++ b/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb @@ -0,0 +1,29 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_orgpolicy_folder_constraints resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + folder_constraint = input('folder_constraint', value: { + "parent": "value_parent" +}, description: 'folder_constraint description') +control 'google_orgpolicy_folder_constraints-1.0' do + impact 1.0 + title 'google_orgpolicy_folder_constraints resource test' + + describe google_orgpolicy_folder_constraints(parent: folder_constraint['parent']) do + it { should exist } + end +end From 234136a43cc2ed2de702ba3a374de5081bdfbdc5 Mon Sep 17 00:00:00 2001 From: balasubramanian-s Date: Tue, 11 Jun 2024 17:07:47 +0530 Subject: [PATCH 3/7] remove singular resources& redundant properties Signed-off-by: balasubramanian-s --- README.md | 2 + .../google_orgpolicy_folder_constraint.md | 66 ------------------- .../google_orgpolicy_folder_constraints.md | 29 ++++++-- .../property/folderconstraint_constraints.rb | 62 ----------------- ...t_constraints_google_managed_constraint.rb | 43 ------------ ...rconstraint_constraints_list_constraint.rb | 37 ----------- .../google_orgpolicy_folder_constraint.rb | 58 ---------------- .../google_orgpolicy_folder_constraints.rb | 22 +++++-- .../google_orgpolicy_folder_constraint.rb | 34 ---------- .../google_orgpolicy_folder_constraints.rb | 16 ++++- 10 files changed, 56 insertions(+), 313 deletions(-) delete mode 100644 docs/resources/google_orgpolicy_folder_constraint.md delete mode 100644 libraries/google/orgpolicy/property/folderconstraint_constraints.rb delete mode 100644 libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb delete mode 100644 libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb delete mode 100644 libraries/google_orgpolicy_folder_constraint.rb delete mode 100644 test/integration/verify/controls/google_orgpolicy_folder_constraint.rb diff --git a/README.md b/README.md index 1aabe26c9..863ab3d7c 100644 --- a/README.md +++ b/README.md @@ -316,6 +316,8 @@ The following resources are available in the InSpec GCP Profile | [google_memcache_instance](docs/resources/google_memcache_instance.md) | [google_memcache_instances](docs/resources/google_memcache_instances.md) | | [google_ml_engine_model](docs/resources/google_ml_engine_model.md) | [google_ml_engine_models](docs/resources/google_ml_engine_models.md) | | [google_organization](docs/resources/google_organization.md) | [google_organizations](docs/resources/google_organizations.md) | +| No Singular Resource | [google_orgpolicy_folder_constraints](docs/resources/google_orgpolicy_folder_constraints.md) | +| No Singular Resource | [google_orgpolicy_organization_constraints](docs/resources/google_orgpolicy_project_constraints.md) | | [google_orgpolicy_organization_policy](docs/resources/google_orgpolicy_organization_policy.md) | [google_orgpolicy_organization_policies](docs/resources/google_orgpolicy_organization_policies.md) | | No Singular Resource | [google_orgpolicy_project_constraints](docs/resources/google_orgpolicy_project_constraints.md) | | [google_organization_iam_binding](docs/resources/google_organization_iam_binding.md) | No Plural Resource | diff --git a/docs/resources/google_orgpolicy_folder_constraint.md b/docs/resources/google_orgpolicy_folder_constraint.md deleted file mode 100644 index 5eb22648f..000000000 --- a/docs/resources/google_orgpolicy_folder_constraint.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: About the google_orgpolicy_folder_constraint resource -platform: gcp ---- - -## Syntax -A `google_orgpolicy_folder_constraint` is used to test a Google FolderConstraint resource - -## Examples -``` -describe google_orgpolicy_folder_constraint() do - it { should exist } - -end - -describe google_orgpolicy_folder_constraint() do - it { should_not exist } -end -``` - -## Properties -Properties that can be accessed from the `google_orgpolicy_folder_constraint` resource: - - - * `next_page_token`: Page token used to retrieve the next page. This is currently not used. - - * `constraints`: The collection of constraints that are available on the targeted resource. - - * `display_name`: The human readable name. Mutable. - - * `google_managed_constraint`: A Google managed constraint. This represents a subset of fields missing from Constraint proto that are required to describe CustomConstraint - - * `action_type`: Allow or deny type. - Possible values: - * ACTION_TYPE_UNSPECIFIED - * ALLOW - * DENY - - * `resource_types`: The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`. - - * `condition`: Org policy condition/expression. For example: `resource.instanceName.matches("[production|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters. - - * `method_types`: All the operations being applied for this constraint. - - * `description`: Detailed description of what this constraint controls as well as how and where it is enforced. Mutable. - - * `constraint_default`: The evaluation behavior of this constraint in the absence of a policy. - Possible values: - * CONSTRAINT_DEFAULT_UNSPECIFIED - * ALLOW - * DENY - - * `supports_dry_run`: Shows if dry run is supported for this constraint or not. - - * `name`: Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, "/projects/123/constraints/compute.disableSerialPortAccess". - - * `list_constraint`: A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy. - - * `supports_under`: Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"under:folders/123"` would match any resource under the 'folders/123' folder. - - * `supports_in`: Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would match any value in the 'Python' group. - - -## GCP Permissions - -Ensure the [https://orgpolicy.googleapis.com/](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_orgpolicy_folder_constraints.md b/docs/resources/google_orgpolicy_folder_constraints.md index 8d5ff93af..0d0d272b7 100644 --- a/docs/resources/google_orgpolicy_folder_constraints.md +++ b/docs/resources/google_orgpolicy_folder_constraints.md @@ -8,17 +8,38 @@ A `google_orgpolicy_folder_constraints` is used to test a Google FolderConstrain ## Examples ``` - describe google_orgpolicy_folder_constraints(parent: ' value_parent') do + describe google_orgpolicy_folder_constraints(parent: ' value_parent') do it { should exist } + its('names') { should include 'value_name'} + its('display_names') { should include 'value_displayName'} + its('descriptions') { should include 'value_description'} + its('constraint_defaults') { should include 'value_constraint_default'} + its('list_constraints') { should include 'value_list_constraint'} end ``` ## Properties Properties that can be accessed from the `google_orgpolicy_folder_constraints` resource: -See [google_orgpolicy_folder_constraint.md](google_orgpolicy_folder_constraint.md) for more detailed information - * `next_page_tokens`: an array of `google_orgpolicy_folder_constraint` next_page_token - * `constraints`: an array of `google_orgpolicy_folder_constraint` constraints + * `display_names`: The human readable name. Mutable. + + * `descriptions`: Detailed description of what this constraint controls as well as how and where it is enforced. Mutable. + + * `constraint_defaults`: The evaluation behavior of this constraint in the absence of a policy. + Possible values: + * CONSTRAINT_DEFAULT_UNSPECIFIED + * ALLOW + * DENY + + * `supports_dry_runs`: Shows if dry run is supported for this constraint or not. + + * `names`: Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, "/projects/123/constraints/compute.disableSerialPortAccess". + + * `list_constraints`: A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy. + + * `supports_under`: Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"under:folders/123"` would match any resource under the 'folders/123' folder. + + * `supports_in`: Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would match any value in the 'Python' group. ## Filter Criteria This resource supports all of the above properties as filter criteria, which can be used diff --git a/libraries/google/orgpolicy/property/folderconstraint_constraints.rb b/libraries/google/orgpolicy/property/folderconstraint_constraints.rb deleted file mode 100644 index 7235787cc..000000000 --- a/libraries/google/orgpolicy/property/folderconstraint_constraints.rb +++ /dev/null @@ -1,62 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint' -require 'google/orgpolicy/property/folderconstraint_constraints_list_constraint' -module GoogleInSpec - module Orgpolicy - module Property - class FolderConstraintConstraints - attr_reader :display_name - - attr_reader :google_managed_constraint - - attr_reader :description - - attr_reader :constraint_default - - attr_reader :supports_dry_run - - attr_reader :name - - attr_reader :list_constraint - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @display_name = args['displayName'] - @google_managed_constraint = GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsGoogleManagedConstraint.new(args['googleManagedConstraint'], to_s) - @description = args['description'] - @constraint_default = args['constraintDefault'] - @supports_dry_run = args['supportsDryRun'] - @name = args['name'] - @list_constraint = GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsListConstraint.new(args['listConstraint'], to_s) - end - - def to_s - "#{@parent_identifier} FolderConstraintConstraints" - end - end - - class FolderConstraintConstraintsArray - def self.parse(value, parent_identifier) - return if value.nil? - return FolderConstraintConstraints.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| FolderConstraintConstraints.new(v, parent_identifier) } - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb b/libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb deleted file mode 100644 index 31bfe8e91..000000000 --- a/libraries/google/orgpolicy/property/folderconstraint_constraints_google_managed_constraint.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderConstraintConstraintsGoogleManagedConstraint - attr_reader :action_type - - attr_reader :resource_types - - attr_reader :condition - - attr_reader :method_types - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @action_type = args['actionType'] - @resource_types = args['resourceTypes'] - @condition = args['condition'] - @method_types = args['methodTypes'] - end - - def to_s - "#{@parent_identifier} FolderConstraintConstraintsGoogleManagedConstraint" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb b/libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb deleted file mode 100644 index 625a8040a..000000000 --- a/libraries/google/orgpolicy/property/folderconstraint_constraints_list_constraint.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderConstraintConstraintsListConstraint - attr_reader :supports_under - - attr_reader :supports_in - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @supports_under = args['supportsUnder'] - @supports_in = args['supportsIn'] - end - - def to_s - "#{@parent_identifier} FolderConstraintConstraintsListConstraint" - end - end - end - end -end diff --git a/libraries/google_orgpolicy_folder_constraint.rb b/libraries/google_orgpolicy_folder_constraint.rb deleted file mode 100644 index ea3e474d1..000000000 --- a/libraries/google_orgpolicy_folder_constraint.rb +++ /dev/null @@ -1,58 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'gcp_backend' -require 'google/orgpolicy/property/folderconstraint_constraints' - -# A provider to manage orgpolicy resources. -class OrgpolicyFolderConstraint < GcpResourceBase - name 'google_orgpolicy_folder_constraint' - desc 'FolderConstraint' - supports platform: 'gcp' - - attr_reader :params - attr_reader :next_page_token - attr_reader :constraints - - def initialize(params) - super(params.merge({ use_http_transport: true })) - @params = params - @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') - parse unless @fetched.nil? - end - - def parse - @next_page_token = @fetched['nextPageToken'] - @constraints = GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsArray.parse(@fetched['constraints'], to_s) - end - - def exists? - !@fetched.nil? - end - - def to_s - "FolderConstraint #{@params[:name]}" - end - - private - - def product_url(_ = nil) - 'https://orgpolicy.googleapis.com/v2/' - end - - def resource_base_url - '{{+parent}}/constraints/{{name}}' - end -end diff --git a/libraries/google_orgpolicy_folder_constraints.rb b/libraries/google_orgpolicy_folder_constraints.rb index ffac0f06c..844751ec4 100644 --- a/libraries/google_orgpolicy_folder_constraints.rb +++ b/libraries/google_orgpolicy_folder_constraints.rb @@ -14,6 +14,7 @@ # # ---------------------------------------------------------------------------- require 'gcp_backend' +require 'google/orgpolicy/property/list_constraint' class OrgpolicyFolderConstraints < GcpResourceBase name 'google_orgpolicy_folder_constraints' desc 'FolderConstraint plural resource' @@ -23,15 +24,18 @@ class OrgpolicyFolderConstraints < GcpResourceBase filter_table_config = FilterTable.create - filter_table_config.add(:next_page_tokens, field: :next_page_token) - filter_table_config.add(:constraints, field: :constraints) - + filter_table_config.add(:names, field: :name) + filter_table_config.add(:display_names, field: :displayName) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:constraint_defaults, field: :constraintDefault) + filter_table_config.add(:list_constraints, field: :listConstraint) + filter_table_config.add(:supports_dry_runs, field: :supportsDryRun) filter_table_config.connect(self, :table) def initialize(params = {}) super(params.merge({ use_http_transport: true })) @params = params - @table = fetch_wrapped_resource('folderConstraints') + @table = fetch_wrapped_resource('constraints') end def fetch_wrapped_resource(wrap_path) @@ -64,8 +68,12 @@ def transform(key, value) def transformers { - 'nextPageToken' => ->(obj) { [:next_page_token, obj['nextPageToken']] }, - 'constraints' => ->(obj) { [:constraints, GoogleInSpec::Orgpolicy::Property::FolderConstraintConstraintsArray.parse(obj['constraints'], to_s)] }, + 'name' => ->(obj) { [:name, obj['name']] }, + 'displayName' => ->(obj) { [:displayName, obj['displayName']] }, + 'description' => ->(obj) { [:description, obj['description']] }, + 'constraintDefault' => ->(obj) { [:constraintDefault, obj['constraintDefault']] }, + 'supportsDryRun' => ->(obj) { [:supportsDryRun, obj['supportsDryRun']] }, + 'listConstraint' => ->(obj) { [:listConstraint, GoogleInSpec::Orgpolicy::Property::ListConstraint.new(obj['listConstraint'], to_s)] }, } end @@ -76,6 +84,6 @@ def product_url(_ = nil) end def resource_base_url - '{{+parent}}/constraints' + '{{parent}}/constraints' end end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_constraint.rb b/test/integration/verify/controls/google_orgpolicy_folder_constraint.rb deleted file mode 100644 index 0f19f328d..000000000 --- a/test/integration/verify/controls/google_orgpolicy_folder_constraint.rb +++ /dev/null @@ -1,34 +0,0 @@ -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- - -title 'Test GCP google_orgpolicy_folder_constraint resource.' - -gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') - - folder_constraint = input('folder_constraint', value: { - "parent": "value_parent" -}, description: 'folder_constraint description') -control 'google_orgpolicy_folder_constraint-1.0' do - impact 1.0 - title 'google_orgpolicy_folder_constraint resource test' - - describe google_orgpolicy_folder_constraint() do - it { should exist } - - end - - describe google_orgpolicy_folder_constraint() do - it { should_not exist } - end -end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb b/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb index 84598bf76..6628b4c25 100644 --- a/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb +++ b/test/integration/verify/controls/google_orgpolicy_folder_constraints.rb @@ -17,13 +17,25 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') folder_constraint = input('folder_constraint', value: { - "parent": "value_parent" + "parent": "organizations/827482578277", + "name": "organizations/827482578277/constraints/ainotebooks.accessMode", + "displayName": "Disable Create Default Service Account (Cloud Build)", + "description": "This boolean constraint, when enforced, prevents the legacy Cloud Build service account from being created.", + "constraintDefault": "DENY", + "listConstraint": { + "supportsUnder": true + } }, description: 'folder_constraint description') control 'google_orgpolicy_folder_constraints-1.0' do impact 1.0 title 'google_orgpolicy_folder_constraints resource test' - describe google_orgpolicy_folder_constraints(parent: folder_constraint['parent']) do + describe google_orgpolicy_folder_constraints(parent: folder_constraint['parent']) do it { should exist } + its('names') { should include folder_constraint['name']} + its('display_names') { should include folder_constraint['displayName']} + its('descriptions') { should include folder_constraint['description']} + its('constraint_defaults') { should include folder_constraint['constraintDefault']} + its('list_constraints.first.supports_under') { should be true } end end From ea559c4d5564eda859ea1cdf17f2646bd45642df Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Tue, 11 Jun 2024 12:01:18 +0000 Subject: [PATCH 4/7] Bump version to 1.11.115 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5173998a7..f8eb63f34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,16 @@ # Change Log - + +## [v1.11.115](https://github.com/inspec/inspec-gcp/tree/v1.11.115) (2024-06-11) + +#### Merged Pull Requests +- CHEF-7347-V3-MAGIC-MODULE-orgpolicy_v2-Folders__constraint - Resource Implementation [#626](https://github.com/inspec/inspec-gcp/pull/626) ([sa-progress](https://github.com/sa-progress)) + + ## [v1.11.114](https://github.com/inspec/inspec-gcp/tree/v1.11.114) (2024-06-05) #### Merged Pull Requests - CHEF-7352-MAGIC-MODULE-orgpolicy-Projects__policy - Resource Implementation [#554](https://github.com/inspec/inspec-gcp/pull/554) ([sa-progress](https://github.com/sa-progress)) - ## [v1.11.113](https://github.com/inspec/inspec-gcp/tree/v1.11.113) (2024-05-30) diff --git a/VERSION b/VERSION index bd5b64b27..f97b7e0f0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.114 \ No newline at end of file +1.11.115 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index efb9e88af..fd7c242d9 100644 --- a/inspec.yml +++ b/inspec.yml @@ -4,7 +4,7 @@ maintainer: spaterson@chef.io,russell.seymour@turtlesystems.co.uk summary: This resource pack provides compliance resources_old_ignore for Google Cloud Platform copyright: spaterson@chef.io,russell.seymour@turtlesystems.co.uk copyright_email: spaterson@chef.io,russell.seymour@turtlesystems.co.uk -version: 1.11.114 +version: 1.11.115 license: Apache-2.0 inspec_version: '>= 4.7.3' supports: From d2c5fc719d906378d27eece6fd032e53df0130d7 Mon Sep 17 00:00:00 2001 From: balasubramanian-s Date: Tue, 11 Jun 2024 17:44:08 +0530 Subject: [PATCH 5/7] update atrributes Signed-off-by: balasubramanian-s --- README.md | 1 + .../google_orgpolicy_folder_policies.md | 2 +- .../google_orgpolicy_folder_policy.md | 4 +- .../google_orgpolicy_organization_policies.md | 2 +- .../property/folderpolicy_alternate.rb | 39 ------------- .../property/folderpolicy_alternate_spec.rb | 47 ---------------- .../folderpolicy_alternate_spec_rules.rb | 56 ------------------- ...erpolicy_alternate_spec_rules_condition.rb | 43 -------------- ...olderpolicy_alternate_spec_rules_values.rb | 37 ------------ .../property/folderpolicy_dry_run_spec.rb | 47 ---------------- .../folderpolicy_dry_run_spec_rules.rb | 56 ------------------- ...lderpolicy_dry_run_spec_rules_condition.rb | 43 -------------- .../folderpolicy_dry_run_spec_rules_values.rb | 37 ------------ .../orgpolicy/property/folderpolicy_spec.rb | 47 ---------------- .../property/folderpolicy_spec_rules.rb | 56 ------------------- .../folderpolicy_spec_rules_condition.rb | 43 -------------- .../folderpolicy_spec_rules_values.rb | 37 ------------ libraries/google_orgpolicy_folder_policies.rb | 12 ++-- libraries/google_orgpolicy_folder_policy.rb | 24 ++++---- .../google_orgpolicy_folder_policies.rb | 6 +- .../google_orgpolicy_folder_policy.rb | 11 ++-- 21 files changed, 31 insertions(+), 619 deletions(-) delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb delete mode 100644 libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb diff --git a/README.md b/README.md index 1aabe26c9..5dfd7a209 100644 --- a/README.md +++ b/README.md @@ -316,6 +316,7 @@ The following resources are available in the InSpec GCP Profile | [google_memcache_instance](docs/resources/google_memcache_instance.md) | [google_memcache_instances](docs/resources/google_memcache_instances.md) | | [google_ml_engine_model](docs/resources/google_ml_engine_model.md) | [google_ml_engine_models](docs/resources/google_ml_engine_models.md) | | [google_organization](docs/resources/google_organization.md) | [google_organizations](docs/resources/google_organizations.md) | +| [google_orgpolicy_folder_policy](docs/resources/google_orgpolicy_folder_policy.md) | [google_orgpolicy_folder_policies](docs/resources/google_orgpolicy_folder_policies.md) | | [google_orgpolicy_organization_policy](docs/resources/google_orgpolicy_organization_policy.md) | [google_orgpolicy_organization_policies](docs/resources/google_orgpolicy_organization_policies.md) | | No Singular Resource | [google_orgpolicy_project_constraints](docs/resources/google_orgpolicy_project_constraints.md) | | [google_organization_iam_binding](docs/resources/google_organization_iam_binding.md) | No Plural Resource | diff --git a/docs/resources/google_orgpolicy_folder_policies.md b/docs/resources/google_orgpolicy_folder_policies.md index f77732d3e..a43e7b362 100644 --- a/docs/resources/google_orgpolicy_folder_policies.md +++ b/docs/resources/google_orgpolicy_folder_policies.md @@ -8,7 +8,7 @@ A `google_orgpolicy_folder_policies` is used to test a Google FolderPolicy resou ## Examples ``` - describe google_orgpolicy_folder_policies(parent: ' value_parent') do + describe google_orgpolicy_folder_policies(parent: ' value_parent') do it { should exist } end ``` diff --git a/docs/resources/google_orgpolicy_folder_policy.md b/docs/resources/google_orgpolicy_folder_policy.md index aec0b753d..dc78dfa58 100644 --- a/docs/resources/google_orgpolicy_folder_policy.md +++ b/docs/resources/google_orgpolicy_folder_policy.md @@ -8,13 +8,13 @@ A `google_orgpolicy_folder_policy` is used to test a Google FolderPolicy resourc ## Examples ``` -describe google_orgpolicy_folder_policy(name: ' value_name') do +describe google_orgpolicy_folder_policy(parent: 'value_parent', name: ' value_name') do it { should exist } its('name') { should cmp 'value_name' } end -describe google_orgpolicy_folder_policy(name: "does_not_exit") do +describe google_orgpolicy_folder_policy(parent: 'value_parent', name: ' value_name') do it { should_not exist } end ``` diff --git a/docs/resources/google_orgpolicy_organization_policies.md b/docs/resources/google_orgpolicy_organization_policies.md index 0b586511f..6218249b1 100644 --- a/docs/resources/google_orgpolicy_organization_policies.md +++ b/docs/resources/google_orgpolicy_organization_policies.md @@ -8,7 +8,7 @@ A `google_orgpolicy_organization_policies` is used to test a Google Organization ## Examples ``` - describe google_orgpolicy_organization_policies(parent: ' value_parent') do + describe google_orgpolicy_organization_policies(parent: ' value_parent') do it { should exist } end ``` diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate.rb deleted file mode 100644 index 45aa0ae27..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_alternate.rb +++ /dev/null @@ -1,39 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_alternate_spec' -require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyAlternate - attr_reader :launch - - attr_reader :spec - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @launch = args['launch'] - @spec = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpec.new(args['spec'], to_s) - end - - def to_s - "#{@parent_identifier} FolderPolicyAlternate" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb deleted file mode 100644 index ffd15763b..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyAlternateSpec - attr_reader :update_time - - attr_reader :rules - - attr_reader :etag - - attr_reader :reset - - attr_reader :inherit_from_parent - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @update_time = args['updateTime'] - @rules = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpecRulesArray.parse(args['rules'], to_s) - @etag = args['etag'] - @reset = args['reset'] - @inherit_from_parent = args['inheritFromParent'] - end - - def to_s - "#{@parent_identifier} FolderPolicyAlternateSpec" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb deleted file mode 100644 index 9feaf6cfe..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules.rb +++ /dev/null @@ -1,56 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition' -require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules_values' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyAlternateSpecRules - attr_reader :condition - - attr_reader :deny_all - - attr_reader :allow_all - - attr_reader :enforce - - attr_reader :values - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @condition = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpecRulesCondition.new(args['condition'], to_s) - @deny_all = args['denyAll'] - @allow_all = args['allowAll'] - @enforce = args['enforce'] - @values = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternateSpecRulesValues.new(args['values'], to_s) - end - - def to_s - "#{@parent_identifier} FolderPolicyAlternateSpecRules" - end - end - - class FolderPolicyAlternateSpecRulesArray - def self.parse(value, parent_identifier) - return if value.nil? - return FolderPolicyAlternateSpecRules.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| FolderPolicyAlternateSpecRules.new(v, parent_identifier) } - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb deleted file mode 100644 index db80bf30b..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_condition.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyAlternateSpecRulesCondition - attr_reader :title - - attr_reader :location - - attr_reader :expression - - attr_reader :description - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @title = args['title'] - @location = args['location'] - @expression = args['expression'] - @description = args['description'] - end - - def to_s - "#{@parent_identifier} FolderPolicyAlternateSpecRulesCondition" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb b/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb deleted file mode 100644 index 063c32ec9..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_alternate_spec_rules_values.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyAlternateSpecRulesValues - attr_reader :denied_values - - attr_reader :allowed_values - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @denied_values = args['deniedValues'] - @allowed_values = args['allowedValues'] - end - - def to_s - "#{@parent_identifier} FolderPolicyAlternateSpecRulesValues" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb deleted file mode 100644 index b7fed447c..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyDryRunSpec - attr_reader :update_time - - attr_reader :rules - - attr_reader :etag - - attr_reader :reset - - attr_reader :inherit_from_parent - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @update_time = args['updateTime'] - @rules = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpecRulesArray.parse(args['rules'], to_s) - @etag = args['etag'] - @reset = args['reset'] - @inherit_from_parent = args['inheritFromParent'] - end - - def to_s - "#{@parent_identifier} FolderPolicyDryRunSpec" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb deleted file mode 100644 index 47b6b58d8..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules.rb +++ /dev/null @@ -1,56 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition' -require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyDryRunSpecRules - attr_reader :condition - - attr_reader :deny_all - - attr_reader :allow_all - - attr_reader :enforce - - attr_reader :values - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @condition = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpecRulesCondition.new(args['condition'], to_s) - @deny_all = args['denyAll'] - @allow_all = args['allowAll'] - @enforce = args['enforce'] - @values = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpecRulesValues.new(args['values'], to_s) - end - - def to_s - "#{@parent_identifier} FolderPolicyDryRunSpecRules" - end - end - - class FolderPolicyDryRunSpecRulesArray - def self.parse(value, parent_identifier) - return if value.nil? - return FolderPolicyDryRunSpecRules.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| FolderPolicyDryRunSpecRules.new(v, parent_identifier) } - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb deleted file mode 100644 index 30756d52d..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_condition.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyDryRunSpecRulesCondition - attr_reader :title - - attr_reader :location - - attr_reader :expression - - attr_reader :description - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @title = args['title'] - @location = args['location'] - @expression = args['expression'] - @description = args['description'] - end - - def to_s - "#{@parent_identifier} FolderPolicyDryRunSpecRulesCondition" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb b/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb deleted file mode 100644 index b75e4584d..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_dry_run_spec_rules_values.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicyDryRunSpecRulesValues - attr_reader :denied_values - - attr_reader :allowed_values - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @denied_values = args['deniedValues'] - @allowed_values = args['allowedValues'] - end - - def to_s - "#{@parent_identifier} FolderPolicyDryRunSpecRulesValues" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec.rb b/libraries/google/orgpolicy/property/folderpolicy_spec.rb deleted file mode 100644 index 2908136ea..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_spec_rules' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicySpec - attr_reader :update_time - - attr_reader :rules - - attr_reader :etag - - attr_reader :reset - - attr_reader :inherit_from_parent - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @update_time = args['updateTime'] - @rules = GoogleInSpec::Orgpolicy::Property::FolderPolicySpecRulesArray.parse(args['rules'], to_s) - @etag = args['etag'] - @reset = args['reset'] - @inherit_from_parent = args['inheritFromParent'] - end - - def to_s - "#{@parent_identifier} FolderPolicySpec" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb b/libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb deleted file mode 100644 index 35bc903f4..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_spec_rules.rb +++ /dev/null @@ -1,56 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/orgpolicy/property/folderpolicy_spec_rules_condition' -require 'google/orgpolicy/property/folderpolicy_spec_rules_values' -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicySpecRules - attr_reader :condition - - attr_reader :deny_all - - attr_reader :allow_all - - attr_reader :enforce - - attr_reader :values - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @condition = GoogleInSpec::Orgpolicy::Property::FolderPolicySpecRulesCondition.new(args['condition'], to_s) - @deny_all = args['denyAll'] - @allow_all = args['allowAll'] - @enforce = args['enforce'] - @values = GoogleInSpec::Orgpolicy::Property::FolderPolicySpecRulesValues.new(args['values'], to_s) - end - - def to_s - "#{@parent_identifier} FolderPolicySpecRules" - end - end - - class FolderPolicySpecRulesArray - def self.parse(value, parent_identifier) - return if value.nil? - return FolderPolicySpecRules.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| FolderPolicySpecRules.new(v, parent_identifier) } - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb b/libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb deleted file mode 100644 index e357d8395..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_spec_rules_condition.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicySpecRulesCondition - attr_reader :title - - attr_reader :location - - attr_reader :expression - - attr_reader :description - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @title = args['title'] - @location = args['location'] - @expression = args['expression'] - @description = args['description'] - end - - def to_s - "#{@parent_identifier} FolderPolicySpecRulesCondition" - end - end - end - end -end diff --git a/libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb b/libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb deleted file mode 100644 index 748eab392..000000000 --- a/libraries/google/orgpolicy/property/folderpolicy_spec_rules_values.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module Orgpolicy - module Property - class FolderPolicySpecRulesValues - attr_reader :denied_values - - attr_reader :allowed_values - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @denied_values = args['deniedValues'] - @allowed_values = args['allowedValues'] - end - - def to_s - "#{@parent_identifier} FolderPolicySpecRulesValues" - end - end - end - end -end diff --git a/libraries/google_orgpolicy_folder_policies.rb b/libraries/google_orgpolicy_folder_policies.rb index 6ac7427d5..6580dde8f 100644 --- a/libraries/google_orgpolicy_folder_policies.rb +++ b/libraries/google_orgpolicy_folder_policies.rb @@ -33,7 +33,7 @@ class OrgpolicyFolderPolicys < GcpResourceBase def initialize(params = {}) super(params.merge({ use_http_transport: true })) @params = params - @table = fetch_wrapped_resource('folderPolicies') + @table = fetch_wrapped_resource('policies') end def fetch_wrapped_resource(wrap_path) @@ -66,20 +66,20 @@ def transform(key, value) def transformers { - 'dryRunSpec' => ->(obj) { [:dry_run_spec, GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpec.new(obj['dryRunSpec'], to_s)] }, - 'spec' => ->(obj) { [:spec, GoogleInSpec::Orgpolicy::Property::FolderPolicySpec.new(obj['spec'], to_s)] }, + 'dryRunSpec' => ->(obj) { [:dry_run_spec, GoogleInSpec::Orgpolicy::Property::PolicyDryRunSpec.new(obj['dryRunSpec'], to_s)] }, + 'spec' => ->(obj) { [:spec, GoogleInSpec::Orgpolicy::Property::PolicySpec.new(obj['spec'], to_s)] }, 'name' => ->(obj) { [:name, obj['name']] }, - 'alternate' => ->(obj) { [:alternate, GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternate.new(obj['alternate'], to_s)] }, + 'alternate' => ->(obj) { [:alternate, GoogleInSpec::Orgpolicy::Property::PolicyAlternate.new(obj['alternate'], to_s)] }, } end private def product_url(_ = nil) - 'https://orgpolicy.googleapis.com//v1/' + 'https://orgpolicy.googleapis.com/v2/' end def resource_base_url - 'v2/{{parent}}/policies' + '{{parent}}/policies' end end diff --git a/libraries/google_orgpolicy_folder_policy.rb b/libraries/google_orgpolicy_folder_policy.rb index 7f99d5c0f..6aa33a243 100644 --- a/libraries/google_orgpolicy_folder_policy.rb +++ b/libraries/google_orgpolicy_folder_policy.rb @@ -14,13 +14,13 @@ # # ---------------------------------------------------------------------------- require 'gcp_backend' -require 'google/orgpolicy/property/folderpolicy_alternate' -require 'google/orgpolicy/property/folderpolicy_alternate_spec' -require 'google/orgpolicy/property/folderpolicy_alternate_spec_rules' -require 'google/orgpolicy/property/folderpolicy_dry_run_spec' -require 'google/orgpolicy/property/folderpolicy_dry_run_spec_rules' -require 'google/orgpolicy/property/folderpolicy_spec' -require 'google/orgpolicy/property/folderpolicy_spec_rules' +require 'google/orgpolicy/property/policy_alternate' +require 'google/orgpolicy/property/policy_alternate_spec' +require 'google/orgpolicy/property/policy_alternate_spec_rules' +require 'google/orgpolicy/property/policy_dry_run_spec' +require 'google/orgpolicy/property/policy_dry_run_spec_rules' +require 'google/orgpolicy/property/policy_spec' +require 'google/orgpolicy/property/policy_spec_rules' # A provider to manage orgpolicy resources. class OrgpolicyFolderPolicy < GcpResourceBase @@ -42,10 +42,10 @@ def initialize(params) end def parse - @dry_run_spec = GoogleInSpec::Orgpolicy::Property::FolderPolicyDryRunSpec.new(@fetched['dryRunSpec'], to_s) - @spec = GoogleInSpec::Orgpolicy::Property::FolderPolicySpec.new(@fetched['spec'], to_s) + @dry_run_spec = GoogleInSpec::Orgpolicy::Property::PolicyDryRunSpec.new(@fetched['dryRunSpec'], to_s) + @spec = GoogleInSpec::Orgpolicy::Property::PolicySpec.new(@fetched['spec'], to_s) @name = @fetched['name'] - @alternate = GoogleInSpec::Orgpolicy::Property::FolderPolicyAlternate.new(@fetched['alternate'], to_s) + @alternate = GoogleInSpec::Orgpolicy::Property::PolicyAlternate.new(@fetched['alternate'], to_s) end def exists? @@ -59,10 +59,10 @@ def to_s private def product_url(_ = nil) - 'https://orgpolicy.googleapis.com//v1/' + 'https://orgpolicy.googleapis.com/v2/' end def resource_base_url - 'v2/{{name}}' + '{{parent}}/policies/{{name}}' end end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_policies.rb b/test/integration/verify/controls/google_orgpolicy_folder_policies.rb index aec3e49da..90491e77c 100644 --- a/test/integration/verify/controls/google_orgpolicy_folder_policies.rb +++ b/test/integration/verify/controls/google_orgpolicy_folder_policies.rb @@ -17,14 +17,14 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') folder_policy = input('folder_policy', value: { - "name": "value_name", - "parent": "value_parent" + "name": "dataproc.enforceComputeDefaultServiceAccountCheck", + "parent": "organizations/827482578277" }, description: 'folder_policy description') control 'google_orgpolicy_folder_policies-1.0' do impact 1.0 title 'google_orgpolicy_folder_policies resource test' - describe google_orgpolicy_folder_policies(parent: folder_policy['parent']) do + describe google_orgpolicy_folder_policies(parent: folder_policy['parent']) do it { should exist } end end diff --git a/test/integration/verify/controls/google_orgpolicy_folder_policy.rb b/test/integration/verify/controls/google_orgpolicy_folder_policy.rb index 41cbff553..14fe42883 100644 --- a/test/integration/verify/controls/google_orgpolicy_folder_policy.rb +++ b/test/integration/verify/controls/google_orgpolicy_folder_policy.rb @@ -17,20 +17,19 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') folder_policy = input('folder_policy', value: { - "name": "value_name", - "parent": "value_parent" + "name": "dataproc.enforceComputeDefaultServiceAccountCheck", + "parent": "organizations/827482578277" }, description: 'folder_policy description') control 'google_orgpolicy_folder_policy-1.0' do impact 1.0 title 'google_orgpolicy_folder_policy resource test' - describe google_orgpolicy_folder_policy(name: folder_policy['name']) do + describe google_orgpolicy_folder_policy(parent: folder_policy['parent'], name: folder_policy['name']) do it { should exist } - its('name') { should cmp folder_policy['name'] } - + its('name') { should cmp organization_policy['name'] } end - describe google_orgpolicy_folder_policy(name: "does_not_exit") do + describe google_orgpolicy_folder_policy(parent: folder_policy['parent'], name: "does_not_exit") do it { should_not exist } end end From d09aa7439b5cc476b0ba6514a027d084ec2e3b7c Mon Sep 17 00:00:00 2001 From: balasubramanian-s Date: Tue, 11 Jun 2024 17:51:32 +0530 Subject: [PATCH 6/7] fix readme Signed-off-by: balasubramanian-s --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7c2f5baa5..5a6ea4022 100644 --- a/README.md +++ b/README.md @@ -318,9 +318,10 @@ The following resources are available in the InSpec GCP Profile | [google_organization](docs/resources/google_organization.md) | [google_organizations](docs/resources/google_organizations.md) | | No Singular Resource | [google_orgpolicy_folder_constraints](docs/resources/google_orgpolicy_folder_constraints.md) | | No Singular Resource | [google_orgpolicy_organization_constraints](docs/resources/google_orgpolicy_project_constraints.md) | +| No Singular Resource | [google_orgpolicy_project_constraints](docs/resources/google_orgpolicy_project_constraints.md) | | [google_orgpolicy_folder_policy](docs/resources/google_orgpolicy_folder_policy.md) | [google_orgpolicy_folder_policies](docs/resources/google_orgpolicy_folder_policies.md) | | [google_orgpolicy_organization_policy](docs/resources/google_orgpolicy_organization_policy.md) | [google_orgpolicy_organization_policies](docs/resources/google_orgpolicy_organization_policies.md) | -| No Singular Resource | [google_orgpolicy_project_constraints](docs/resources/google_orgpolicy_project_constraints.md) | +| [google_orgpolicy_project_policy](docs/resources/google_orgpolicy_project_policy.md) | [google_orgpolicy_project_policies](docs/resources/google_orgpolicy_project_policies.md) | | [google_organization_iam_binding](docs/resources/google_organization_iam_binding.md) | No Plural Resource | | [google_organization_iam_policy](docs/resources/google_organization_iam_policy.md) | No Plural Resource | | [google_organization_policy](docs/resources/google_organization_policy.md) | No Plural Resource | From 0ed78646be75e16721e728ef8effe1965683bb5a Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Mon, 17 Jun 2024 12:07:22 +0000 Subject: [PATCH 7/7] Bump version to 1.11.116 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8eb63f34..7bef7f1ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,16 @@ # Change Log - + +## [v1.11.116](https://github.com/inspec/inspec-gcp/tree/v1.11.116) (2024-06-17) + +#### Merged Pull Requests +- CHEF-7348-ORG-MAGIC-MODULE-orgpolicy-Folders__policy - Resource Implementation [#556](https://github.com/inspec/inspec-gcp/pull/556) ([sa-progress](https://github.com/sa-progress)) + + ## [v1.11.115](https://github.com/inspec/inspec-gcp/tree/v1.11.115) (2024-06-11) #### Merged Pull Requests - CHEF-7347-V3-MAGIC-MODULE-orgpolicy_v2-Folders__constraint - Resource Implementation [#626](https://github.com/inspec/inspec-gcp/pull/626) ([sa-progress](https://github.com/sa-progress)) - ## [v1.11.114](https://github.com/inspec/inspec-gcp/tree/v1.11.114) (2024-06-05) diff --git a/VERSION b/VERSION index f97b7e0f0..a66c16495 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.115 \ No newline at end of file +1.11.116 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index fd7c242d9..e8a2e798b 100644 --- a/inspec.yml +++ b/inspec.yml @@ -4,7 +4,7 @@ maintainer: spaterson@chef.io,russell.seymour@turtlesystems.co.uk summary: This resource pack provides compliance resources_old_ignore for Google Cloud Platform copyright: spaterson@chef.io,russell.seymour@turtlesystems.co.uk copyright_email: spaterson@chef.io,russell.seymour@turtlesystems.co.uk -version: 1.11.115 +version: 1.11.116 license: Apache-2.0 inspec_version: '>= 4.7.3' supports: