From 8cc31da490a563c5926931d8582263612c994009 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Thu, 11 Apr 2019 18:04:58 +0000 Subject: [PATCH] Inspec bindings Signed-off-by: Modular Magician --- .../google_compute_subnetwork_iam_policy.md | 39 ++++++++++++ .../iam/property/iam_policy_audit_configs.rb | 46 +++++++++++++++ ..._policy_audit_configs_audit_log_configs.rb | 45 ++++++++++++++ .../iam/property/iam_policy_bindings.rb | 45 ++++++++++++++ .../google_compute_subnetwork_iam_policy.rb | 59 +++++++++++++++++++ 5 files changed, 234 insertions(+) create mode 100644 docs/resources/google_compute_subnetwork_iam_policy.md create mode 100644 libraries/google/iam/property/iam_policy_audit_configs.rb create mode 100644 libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb create mode 100644 libraries/google/iam/property/iam_policy_bindings.rb create mode 100644 libraries/google_compute_subnetwork_iam_policy.rb diff --git a/docs/resources/google_compute_subnetwork_iam_policy.md b/docs/resources/google_compute_subnetwork_iam_policy.md new file mode 100644 index 000000000..21b421837 --- /dev/null +++ b/docs/resources/google_compute_subnetwork_iam_policy.md @@ -0,0 +1,39 @@ +--- +title: About the google_compute_subnetwork_iam_policy resource +platform: gcp +--- + +## Syntax +A `google_compute_subnetwork_iam_policy` is used to test a Google Subnetwork Iam Policy resource + +## Examples +``` +describe google_compute_subnetwork_iam_policy(project: "project", region: "region", name: "name") do + it { should exist } +end + +describe google_compute_subnetwork_iam_policy(project: "project", region: "region", name: "name").bindings do |binding| + its('role') { should_not eq 'roles/owner' } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_subnetwork_iam_policy` resource: + + * `bindings`: Associates a list of members to a role. + + * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. + + * `members`: Specifies the identities requesting access for a Cloud Platform resource. + + * `audit_configs`: Specifies cloud audit logging configuration for this policy. + + * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. + + * `audit_log_configs`: The configuration for logging of each type of permission. + + + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/iam/property/iam_policy_audit_configs.rb b/libraries/google/iam/property/iam_policy_audit_configs.rb new file mode 100644 index 000000000..e960b9b1f --- /dev/null +++ b/libraries/google/iam/property/iam_policy_audit_configs.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: false + +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'google/iam/property/iam_policy_audit_configs_audit_log_configs' +module GoogleInSpec + module Iam + module Property + class IamPolicyAuditConfigs + attr_reader :service + + attr_reader :audit_log_configs + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @service = args['service'] + @audit_log_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsAuditLogConfigsArray.parse(args['auditLogConfigs'], to_s) + end + + def to_s + "#{@parent_identifier} IamPolicyAuditConfigs" + end + end + + class IamPolicyAuditConfigsArray + def self.parse(value, parent_identifier) + return if value.nil? + return IamPolicyAuditConfigs.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| IamPolicyAuditConfigs.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb b/libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb new file mode 100644 index 000000000..371e49b38 --- /dev/null +++ b/libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: false + +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +module GoogleInSpec + module Iam + module Property + class IamPolicyAuditConfigsAuditLogConfigs + attr_reader :log_type + + attr_reader :exempted_members + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @log_type = args['logType'] + @exempted_members = args['exemptedMembers'] + end + + def to_s + "#{@parent_identifier} IamPolicyAuditConfigsAuditLogConfigs" + end + end + + class IamPolicyAuditConfigsAuditLogConfigsArray + def self.parse(value, parent_identifier) + return if value.nil? + return IamPolicyAuditConfigsAuditLogConfigs.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| IamPolicyAuditConfigsAuditLogConfigs.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/iam/property/iam_policy_bindings.rb b/libraries/google/iam/property/iam_policy_bindings.rb new file mode 100644 index 000000000..c2dc42449 --- /dev/null +++ b/libraries/google/iam/property/iam_policy_bindings.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: false + +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +module GoogleInSpec + module Iam + module Property + class IamPolicyBindings + attr_reader :role + + attr_reader :members + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @role = args['role'] + @members = args['members'] + end + + def to_s + "#{@parent_identifier} IamPolicyBindings" + end + end + + class IamPolicyBindingsArray + def self.parse(value, parent_identifier) + return if value.nil? + return IamPolicyBindings.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| IamPolicyBindings.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google_compute_subnetwork_iam_policy.rb b/libraries/google_compute_subnetwork_iam_policy.rb new file mode 100644 index 000000000..cfdaf8443 --- /dev/null +++ b/libraries/google_compute_subnetwork_iam_policy.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/iam/property/iam_policy_audit_configs' +require 'google/iam/property/iam_policy_bindings' + +# A provider to manage Compute Engine IAM Policy resources. +class SubnetworkIamPolicy < GcpResourceBase + name 'google_compute_subnetwork_iam_policy' + desc 'Subnetwork Iam Policy' + supports platform: 'gcp' + + attr_reader :params + attr_reader :bindings + attr_reader :audit_configs + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url, resource_base_url, params) + parse unless @fetched.nil? + end + + def parse + @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s) + @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "Subnetwork IamPolicy #{@params[:name]}" + end + + private + + def product_url + 'https://www.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/getIamPolicy' + end +end