Merge branch 'main' into RESOURCE-36-sql-flags

.expeditor/verify.pipeline.yml

@@ -1,4 +1,3 @@
----
 expeditor:
   defaults:
     buildkite:
@@ -7,29 +6,13 @@ expeditor:
 
 steps:
 
-- label: lint-ruby-2.6
+- label: lint-ruby-3.0
   command:
     - RAKE_TASK=lint /workdir/.expeditor/buildkite/verify.sh
   expeditor:
     executor:
       docker:
-        image: ruby:2.6-stretch
-
-- label: run-tests-ruby-2.5
-  command:
-    - RAKE_TASK=default /workdir/.expeditor/buildkite/verify.sh
-  expeditor:
-    executor:
-      docker:
-        image: ruby:2.5-stretch
-
-- label: run-tests-ruby-2.6
-  command:
-    - RAKE_TASK=default /workdir/.expeditor/buildkite/verify.sh
-  expeditor:
-    executor:
-      docker:
-        image: ruby:2.6-stretch
+        image: ruby:3.0
 
 - label: run-tests-ruby-2.7
   command:

.rubocop.yml

@@ -17,6 +17,8 @@ HashSyntax:
   Enabled: true
 ClassLength:
   Max: 200
+  Exclude:
+  - 'libraries/google_compute_firewall.rb'
 LineLength:
   Enabled: false
 EmptyLinesAroundBlockBody:
@@ -88,4 +90,4 @@ Metrics/MethodLength:
 Style/AccessorGrouping:
   Enabled: false
 Style/GlobalStdStream:
-  Enabled: false
+  Enabled: false

CHANGELOG.md

@@ -1,10 +1,55 @@
 # Change Log
-<!-- latest_release 1.10.0 -->
+<!-- latest_release 1.10.9 -->
+## [v1.10.9](https://github.com/inspec/inspec-gcp/tree/v1.10.9) (2022-02-22)
+
+#### Merged Pull Requests
+- RESOURCE-67 imageFamilyViews [#373](https://github.com/inspec/inspec-gcp/pull/373) ([sa-progress](https://github.com/sa-progress))
+<!-- latest_release -->
+
+## [v1.10.8](https://github.com/inspec/inspec-gcp/tree/v1.10.8) (2022-02-22)
+
+#### Merged Pull Requests
+- soumyo/updated_readme_file [#333](https://github.com/inspec/inspec-gcp/pull/333) ([soumyo13](https://github.com/soumyo13))
+
+## [v1.10.7](https://github.com/inspec/inspec-gcp/tree/v1.10.7) (2022-02-22)
+
+#### Merged Pull Requests
+- RESOURCE-70 F/global operations [#362](https://github.com/inspec/inspec-gcp/pull/362) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.6](https://github.com/inspec/inspec-gcp/tree/v1.10.6) (2022-02-22)
+
+#### Merged Pull Requests
+- Firewall rules [#361](https://github.com/inspec/inspec-gcp/pull/361) ([ben-watt-es](https://github.com/ben-watt-es))
+
+## [v1.10.5](https://github.com/inspec/inspec-gcp/tree/v1.10.5) (2022-02-22)
+
+#### Merged Pull Requests
+- RESOURCE-64 F/license codes [#371](https://github.com/inspec/inspec-gcp/pull/371) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.4](https://github.com/inspec/inspec-gcp/tree/v1.10.4) (2022-02-22)
+
+#### Merged Pull Requests
+- RESOURCE-66 f/interconnect_location [#363](https://github.com/inspec/inspec-gcp/pull/363) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.3](https://github.com/inspec/inspec-gcp/tree/v1.10.3) (2022-02-22)
+
+#### Merged Pull Requests
+- RESOURCE-72 New resource disk types [#358](https://github.com/inspec/inspec-gcp/pull/358) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.2](https://github.com/inspec/inspec-gcp/tree/v1.10.2) (2022-02-21)
+
+#### Merged Pull Requests
+- RESOURCE-73 F/accelerator types [#357](https://github.com/inspec/inspec-gcp/pull/357) ([sa-progress](https://github.com/sa-progress))
+
+## [v1.10.1](https://github.com/inspec/inspec-gcp/tree/v1.10.1) (2022-02-21)
+
+#### Merged Pull Requests
+- RESOURCE-200 2.5 , 2.6 ruby version removed [#397](https://github.com/inspec/inspec-gcp/pull/397) ([sa-progress](https://github.com/sa-progress))
+
 ## [v1.10.0](https://github.com/inspec/inspec-gcp/tree/v1.10.0) (2021-12-06)
 
 #### Merged Pull Requests
 - Added Support for GKE ServerConfig resource pack [#370](https://github.com/inspec/inspec-gcp/pull/370) ([varunsharma5](https://github.com/varunsharma5))
-<!-- latest_release -->
 
 ## [v1.9.0](https://github.com/inspec/inspec-gcp/tree/v1.9.0) (2021-11-23)
 

Gemfile

@@ -9,11 +9,10 @@ gem 'inifile'
 gem 'inspec-bin', '4.16.0'
 gem 'rubocop', '>= 0.77.0'
 
-if Gem.ruby_version.to_s.start_with?("2.5")
-  # 16.7.23 required ruby 2.6+
-  gem "chef-utils", "< 16.7.23" # TODO: remove when we drop ruby 2.5
-end
 
+if Gem.ruby_version < Gem::Version.new("3.0.0")
+  gem "io-event", "= 0.4.0"
+end
 group :development do
   gem 'github_changelog_generator'
   gem 'pry-coolline'

README.md

@@ -53,7 +53,7 @@ $ cat /Users/john/.config/gcloud/myproject-1-feb7993e8660.json
 
 And InSpec can be instructed to use it by setting this ENV variable prior to running `inspec exec`:
 ```bash
-$ export GOOGLE_APPLICATION_CREDENTIALS='/Users/john/.config/gcloud/myproject-1-feb7993e8660.json'
+$ export GOOGLE_APPLICATION_CREDENTIALS='/Users/sample_user/.config/gcloud/myproject-1-feb7993e8660.json'
 ```
 
 ### Enable the appropriate APIs that you want to use:
@@ -69,6 +69,8 @@ Since this is an InSpec resource pack, it only defines InSpec resources. It incl
 
 ```bash
 $ inspec init profile --platform gcp my-profile
+
+
 Create new profile at /Users/spaterson/my-profile
  * Create directory libraries
  * Create file README.md
@@ -80,7 +82,7 @@ Create new profile at /Users/spaterson/my-profile
 
 ```
 
-### Update `attributes.yml` to point to your project
+### Update `inputs.yml` to point to your project
 
 ```
 gcp_project_id: 'my-gcp-project'
@@ -90,7 +92,7 @@ gcp_project_id: 'my-gcp-project'
 
 ```
 $ cd my-profile/
-$ inspec exec . -t gcp:// --attrs attributes.yml
+$ inspec exec . -t gcp:// --input-file inputs.yml
 
 Profile: GCP InSpec Profile (my-profile)
 Version: 0.1.0
@@ -99,23 +101,34 @@ Target:  gcp://[email protected]
   ✔  gcp-single-region-1.0: Ensure single region has the correct properties.
      ✔  Region europe-west2 zone_names should include "europe-west2-a"
   ✔  gcp-regions-loop-1.0: Ensure regions have the correct properties in bulk.
-     ✔  Region asia-east1 should be up
-     ✔  Region asia-northeast1 should be up
-     ✔  Region asia-south1 should be up
-     ✔  Region asia-southeast1 should be up
-     ✔  Region australia-southeast1 should be up
-     ✔  Region europe-north1 should be up
-     ✔  Region europe-west1 should be up
-     ✔  Region europe-west2 should be up
-     ✔  Region europe-west3 should be up
-     ✔  Region europe-west4 should be up
-     ✔  Region northamerica-northeast1 should be up
-     ✔  Region southamerica-east1 should be up
-     ✔  Region us-central1 should be up
-     ✔  Region us-east1 should be up
-     ✔  Region us-east4 should be up
-     ✔  Region us-west1 should be up
-     ✔  Region us-west2 should be up
+     ✔  Region asia-east1 is expected to be up
+     ✔  Region asia-east2 is expected to be up
+     ✔  Region asia-northeast1 is expected to be up
+     ✔  Region asia-northeast2 is expected to be up
+     ✔  Region asia-northeast3 is expected to be up
+     ✔  Region asia-south1 is expected to be up
+     ✔  Region asia-south2 is expected to be up
+     ✔  Region asia-southeast1 is expected to be up
+     ✔  Region asia-southeast2 is expected to be up
+     ✔  Region australia-southeast1 is expected to be up
+     ✔  Region australia-southeast2 is expected to be up
+     ✔  Region europe-central2 is expected to be up
+     ✔  Region europe-north1 is expected to be up
+     ✔  Region europe-west1 is expected to be up
+     ✔  Region europe-west2 is expected to be up
+     ✔  Region europe-west3 is expected to be up
+     ✔  Region europe-west4 is expected to be up
+     ✔  Region europe-west6 is expected to be up
+     ✔  Region northamerica-northeast1 is expected to be up
+     ✔  Region northamerica-northeast2 is expected to be up
+     ✔  Region southamerica-east1 is expected to be up
+     ✔  Region us-central1 is expected to be up
+     ✔  Region us-east1 is expected to be up
+     ✔  Region us-east4 is expected to be up
+     ✔  Region us-west1 is expected to be up
+     ✔  Region us-west2 is expected to be up
+     ✔  Region us-west3 is expected to be up
+     ✔  Region us-west4 is expected to be up
 
 
 Profile: Google Cloud Platform Resource Pack (inspec-gcp)
@@ -125,7 +138,7 @@ Target:  gcp://[email protected]
      No tests executed.
 
 Profile Summary: 2 successful controls, 0 control failures, 0 controls skipped
-Test Summary: 18 successful, 0 failures, 0 skipped
+Test Summary:  29 successful, 0 failures, 0 skipped
 ```
 
 The generated `inspec.yml` file automatically points to the InSpec GCP resource pack:
@@ -134,7 +147,11 @@ The generated `inspec.yml` file automatically points to the InSpec GCP resource
 name: my-profile
 title: My GCP InSpec Profile
 version: 0.1.0
-inspec_version: '>= 4.6.9'
+inspec_version: '>= 4'
+inputs:
+  - name: gcp_project_id
+    required: true
+    description: 'The GCP project identifier.'
 depends:
   - name: inspec-gcp
     url: https://github.com/inspec/inspec-gcp/archive/x.tar.gz
@@ -150,6 +167,7 @@ The following resources are available in the InSpec GCP Profile
 
 | InSpec GCP Supported Resources| [https://www.inspec.io/docs/reference/resources/#gcp-resources](https://www.inspec.io/docs/reference/resources/#gcp-resources) |
 |:---|:---|
+| Singular Resource | Plural Resource |
 | [google_bigquery_dataset](docs/resources/google_bigquery_dataset.md) |  [google_bigquery_datasets](docs/resources/google_bigquery_datasets.md) |
 | [google_bigquery_table](docs/resources/google_bigquery_table.md) |  [google_bigquery_tables](docs/resources/google_bigquery_tables.md) |
 | [google_cloudbuild_trigger](docs/resources/google_cloudbuild_trigger.md) |  [google_cloudbuild_triggers](docs/resources/google_cloudbuild_triggers.md) |

VERSION

@@ -1 +1 @@
-1.10.0
+1.10.9

docs/resources/google_compute_accelerator_type.md

@@ -0,0 +1,50 @@
+---
+title: About the google_compute_accelerator_type resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_accelerator_type` is used to test a Google AcceleratorType resource
+
+## Examples
+```
+describe google_compute_accelerator_type(project: 'chef-gcp-inspec', zone: 'us-east1-b', name: 'accelerator_id') do
+  it { should exist }
+  it { should be_up }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_accelerator_type` resource:
+
+
+  * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+  * `deprecated`: The deprecation status associated with this accelerator type.
+
+    * `state`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it.
+
+    * `deprecated`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it.
+
+    * `obsolete`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it.
+
+    * `replacement`: The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.
+
+    * `state`: The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.
+    Possible values:
+      * DEPRECATED
+      * OBSOLETE
+      * DELETED
+
+  * `description`: An optional textual description of the resource.
+
+  * `id`: The unique identifier for the resource.
+
+  * `name`: Name of the resource.
+
+  * `zone`: The name of the zone where the accelerator type resides.
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.

docs/resources/google_compute_accelerator_types.md

@@ -0,0 +1,34 @@
+---
+title: About the google_compute_accelerator_types resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_accelerator_types` is used to test a Google AcceleratorType resource
+
+## Examples
+```
+describe google_compute_accelerator_types(project: 'chef-gcp-inspec', zone: 'us-east1-b') do
+it { should exist }
+it { should be_up }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_accelerator_types` resource:
+
+See [google_compute_accelerator_type.md](google_compute_accelerator_type.md) for more detailed information
+  * `creation_timestamps`: an array of `google_compute_accelerator_type` creation_timestamp
+  * `deprecateds`: an array of `google_compute_accelerator_type` deprecated
+  * `descriptions`: an array of `google_compute_accelerator_type` description
+  * `ids`: an array of `google_compute_accelerator_type` id
+  * `names`: an array of `google_compute_accelerator_type` name
+  * `zones`: an array of `google_compute_accelerator_type` zone
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.

docs/resources/google_compute_disk_type.md

@@ -0,0 +1,54 @@
+---
+title: About the google_compute_disk_type resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_disk_type` is used to test a Google DiskType resource
+
+## Examples
+```
+describe google_compute_disk_type(project: 'chef-gcp-inspec', zone: 'us-east1-b', name: 'disk_type_name') do
+  it { should exist }
+  it { should be_up }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_disk_type` resource:
+
+
+  * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+  * `default_disk_size_gb`: Server-defined default disk size in GB.
+
+  * `deprecated`: The deprecation status associated with this disk type.
+
+    * `deleted`: An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to DELETED.
+
+    * `deprecated`: An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to DEPRECATED.
+
+    * `obsolete`: An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to OBSOLETE.
+
+    * `replacement`: The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.
+
+    * `state`: The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.
+    Possible values:
+      * DEPRECATED
+      * OBSOLETE
+      * DELETED
+
+  * `description`: An optional description of this resource.
+
+  * `id`: The unique identifier for the resource.
+
+  * `name`: Name of the resource.
+
+  * `valid_disk_size`: An optional textual description of the valid disk size, such as "10GB-10TB".
+
+  * `zone`: A reference to the zone where the disk type resides.
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.