From b5bb1e81317579c0284bf99628474540a8e7676a Mon Sep 17 00:00:00 2001 From: Walter Dolce Date: Thu, 21 Feb 2019 11:59:14 +0000 Subject: [PATCH] Add disabled control for GCP organization resource --- .../verify/controls/google_organizations.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 test/integration/verify/controls/google_organizations.rb diff --git a/test/integration/verify/controls/google_organizations.rb b/test/integration/verify/controls/google_organizations.rb new file mode 100644 index 000000000..9b167fcd1 --- /dev/null +++ b/test/integration/verify/controls/google_organizations.rb @@ -0,0 +1,19 @@ +title 'Test GCP Organizations' + +gcp_organization_id = attribute(:gcp_organization_id, default: '', description: 'The GCP organization identifier.') +gcp_organization_display_name = attribute(:gcp_organization_display_name, default: '', description: 'The GCP organization display name.') +gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.') + +control 'gcp-organizations-loop-1.0' do + + only_if { gcp_enable_privileged_resources.to_i == 1 } + impact 1.0 + title 'Ensure organizations have the correct properties in bulk.' + + describe google_organizations do + it { should exist } + its('names'){ should include "organizations/#{gcp_organization_id}" } + its('display_names'){ should include gcp_organization_display_name } + its('lifecycle_state'){ should include 'ACTIVE' } + end +end \ No newline at end of file