diff --git a/docs/resources/google_compute_router.md b/docs/resources/google_compute_router.md new file mode 100644 index 000000000..53fc149f7 --- /dev/null +++ b/docs/resources/google_compute_router.md @@ -0,0 +1,50 @@ +--- +title: About the google_compute_router resource +platform: gcp +--- + +## Syntax +A `google_compute_router` is used to test a Google Router resource + +## Examples +``` +describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-router') do + it { should exist } + its('bgp.asn') { should eq '64514' } + its('bgp.advertise_mode') { should eq 'CUSTOM' } + its('bgp.advertised_groups') { should include 'ALL_SUBNETS' } + its('bgp.advertised_ip_ranges.count') { should eq 2 } + its('bgp.advertised_ip_ranges.first.range') { should eq '1.2.3.4' } + its('bgp.advertised_ip_ranges.last.range') { should eq '1.2.3.4' } + its('network') { should match /\/gcp-inspec-network$/ } + end + +describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_router` resource: + + * `id`: The unique identifier for the resource. + + * `creation_timestamp`: Creation timestamp in RFC3339 text format. + + * `name`: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + + * `description`: An optional description of this resource. + + * `network`: A reference to the network to which this router belongs. + + * `bgp`: BGP information specific to this router. + + * `asn`: Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN. + + * `advertiseMode`: User-specified flag to indicate which mode to use for advertisement. Valid values of this enum field are: DEFAULT, CUSTOM + + * `advertisedGroups`: User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups. This enum field has the one valid value: ALL_SUBNETS + + * `advertisedIpRanges`: User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges. + + * `region`: Region where the router resides. diff --git a/docs/resources/google_compute_routers.md b/docs/resources/google_compute_routers.md new file mode 100644 index 000000000..7827645f5 --- /dev/null +++ b/docs/resources/google_compute_routers.md @@ -0,0 +1,30 @@ +--- +title: About the google_compute_routers resource +platform: gcp +--- + +## Syntax +A `google_compute_routers` is used to test a Google Router resource + +## Examples +``` +describe google_compute_routers(project: 'chef-gcp-inspec', region: 'europe-west2') do + its('names') { should include 'inspec-gcp-router' } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_routers` resource: + +See [google_compute_router.md](google_compute_router.md) for more detailed information + * `ids`: an array of `google_compute_router` id + * `creation_timestamps`: an array of `google_compute_router` creation_timestamp + * `names`: an array of `google_compute_router` name + * `descriptions`: an array of `google_compute_router` description + * `networks`: an array of `google_compute_router` network + * `bgps`: an array of `google_compute_router` bgp + * `regions`: an array of `google_compute_router` region + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. diff --git a/libraries/google/compute/property/router_advertised_ip_ranges.rb b/libraries/google/compute/property/router_advertised_ip_ranges.rb new file mode 100644 index 000000000..45313e693 --- /dev/null +++ b/libraries/google/compute/property/router_advertised_ip_ranges.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RouterAdvertisedipranges + attr_reader :range + + attr_reader :description + + def initialize(args = nil) + return if args.nil? + @range = args['range'] + @description = args['description'] + end + end + + class RouterAdvertisediprangesArray + def self.parse(value) + return if value.nil? + return RouterAdvertisedipranges.new(value) unless value.is_a?(::Array) + value.map { |v| RouterAdvertisedipranges.new(v) } + end + end + end + end +end diff --git a/libraries/google/compute/property/router_bgp.rb b/libraries/google/compute/property/router_bgp.rb new file mode 100644 index 000000000..54a34ab73 --- /dev/null +++ b/libraries/google/compute/property/router_bgp.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/compute/property/router_advertised_ip_ranges' +module GoogleInSpec + module Compute + module Property + class RouterBgp + attr_reader :asn + + attr_reader :advertise_mode + + attr_reader :advertised_groups + + attr_reader :advertised_ip_ranges + + def initialize(args = nil) + return if args.nil? + @asn = args['asn'] + @advertise_mode = args['advertiseMode'] + @advertised_groups = args['advertisedGroups'] + @advertised_ip_ranges = GoogleInSpec::Compute::Property::RouterAdvertisediprangesArray.parse(args['advertisedIpRanges']) + end + end + end + end +end diff --git a/libraries/google_compute_router.rb b/libraries/google_compute_router.rb new file mode 100644 index 000000000..6b5d91ab2 --- /dev/null +++ b/libraries/google_compute_router.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/compute/property/router_advertised_ip_ranges' +require 'google/compute/property/router_bgp' + +# A provider to manage Google Compute Engine resources. +class Router < GcpResourceBase + name 'google_compute_router' + desc 'Router' + supports platform: 'gcp' + + attr_reader :id + attr_reader :creation_timestamp + attr_reader :name + attr_reader :description + attr_reader :network + attr_reader :bgp + attr_reader :region + def base + 'https://www.googleapis.com/compute/v1/' + end + + def url + 'projects/{{project}}/regions/{{region}}/routers/{{name}}' + end + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @fetched = @connection.fetch(base, url, params) + parse unless @fetched.nil? + end + + def parse + @id = @fetched['id'] + @creation_timestamp = parse_time_string(@fetched['creationTimestamp']) + @name = @fetched['name'] + @description = @fetched['description'] + @network = @fetched['network'] + @bgp = GoogleInSpec::Compute::Property::RouterBgp.new(@fetched['bgp']) + @region = @fetched['region'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end +end diff --git a/libraries/google_compute_routers.rb b/libraries/google_compute_routers.rb new file mode 100644 index 000000000..4254b22cc --- /dev/null +++ b/libraries/google_compute_routers.rb @@ -0,0 +1,94 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class Routers < GcpResourceBase + name 'google_compute_routers' + desc 'Router plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:ids, field: :id) + filter_table_config.add(:creation_timestamps, field: :creation_timestamp) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:networks, field: :network) + filter_table_config.add(:bgps, field: :bgp) + filter_table_config.add(:regions, field: :region) + + filter_table_config.connect(self, :table) + + def base + 'https://www.googleapis.com/compute/v1/' + end + + def url + 'projects/{{project}}/regions/{{region}}/routers' + end + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('items') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(base, url, @params) + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'id' => ->(obj) { return :id, obj['id'] }, + 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) }, + 'name' => ->(obj) { return :name, obj['name'] }, + 'description' => ->(obj) { return :description, obj['description'] }, + 'network' => ->(obj) { return :network, obj['network'] }, + 'bgp' => ->(obj) { return :bgp, GoogleInSpec::Compute::Property::RouterBgp.new(obj['bgp']) }, + 'region' => ->(obj) { return :region, obj['region'] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 5d8fb1a5a..3ffe8793c 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -82,6 +82,10 @@ variable "route" { type = "map" } +variable "router" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" @@ -337,4 +341,21 @@ resource "google_compute_route" "gcp-inspec-route" { # automatically create subnetworks, we need to create a dependency so # the route is not created before the subnetwork depends_on = ["google_compute_subnetwork.inspec-gcp-subnetwork"] +} + +resource "google_compute_router" "gcp-inspec-router" { + project = "${var.gcp_project_id}" + name = "${var.router["name"]}" + network = "${google_compute_network.inspec-gcp-network.name}" + bgp { + asn = "${var.router["bgp_asn"]}" + advertise_mode = "${var.router["bgp_advertise_mode"]}" + advertised_groups = ["${var.router["bgp_advertised_group"]}"] + advertised_ip_ranges { + range = "${var.router["bgp_advertised_ip_range1"]}" + } + advertised_ip_ranges { + range = "${var.router["bgp_advertised_ip_range2"]}" + } + } } \ No newline at end of file diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 374183d97..699205ecf 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -126,3 +126,11 @@ route: dest_range: 15.0.0.0/24 next_hop_ip: 10.2.0.1 priority: 100 + +router: + name: inspec-gcp-router + bgp_asn: 64514 + bgp_advertise_mode: CUSTOM + bgp_advertised_group: "ALL_SUBNETS" + bgp_advertised_ip_range1: "1.2.3.4" + bgp_advertised_ip_range2: "6.7.0.0/16" diff --git a/test/integration/verify/controls/google_compute_router.rb b/test/integration/verify/controls/google_compute_router.rb new file mode 100644 index 000000000..0f9eeb9dc --- /dev/null +++ b/test/integration/verify/controls/google_compute_router.rb @@ -0,0 +1,46 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_router resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') +router = attribute('router', default: { + "name": "inspec-gcp-router", + "bgp_asn": 64514, + "bgp_advertise_mode": "CUSTOM", + "bgp_advertised_group": "ALL_SUBNETS", + "bgp_advertised_ip_range1": "1.2.3.4", + "bgp_advertised_ip_range2": "6.7.0.0/16" +}, description: 'Compute router description') +gcp_network_name = attribute(:gcp_network_name, default: 'gcp_network_name', description: 'GCP network name') +control 'google_compute_router-1.0' do + impact 1.0 + title 'google_compute_router resource test' + + describe google_compute_router(project: gcp_project_id, region: gcp_location, name: router['name']) do + it { should exist } + its('bgp.asn') { should eq router['bgp_asn'] } + its('bgp.advertise_mode') { should eq router['bgp_advertise_mode'] } + its('bgp.advertised_groups') { should include router['bgp_advertised_group'] } + its('bgp.advertised_ip_ranges.count') { should eq 2 } + its('bgp.advertised_ip_ranges.first.range') { should eq router['bgp_advertised_ip_range1'] } + its('bgp.advertised_ip_ranges.last.range') { should eq router['bgp_advertised_ip_range2'] } + its('network') { should match /\/#{gcp_network_name}$/ } + end + + describe google_compute_router(project: gcp_project_id, region: gcp_location, name: 'nonexistent') do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_compute_routers.rb b/test/integration/verify/controls/google_compute_routers.rb new file mode 100644 index 000000000..6c5347046 --- /dev/null +++ b/test/integration/verify/controls/google_compute_routers.rb @@ -0,0 +1,35 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_routers resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') +router = attribute('router', default: { + "name": "inspec-gcp-router", + "bgp_asn": 64514, + "bgp_advertise_mode": "CUSTOM", + "bgp_advertised_group": "ALL_SUBNETS", + "bgp_advertised_ip_range1": "1.2.3.4", + "bgp_advertised_ip_range2": "6.7.0.0/16" +}, description: 'Compute router description') +gcp_network_name = attribute(:gcp_network_name, default: 'gcp_network_name', description: 'GCP network name') +control 'google_compute_routers-1.0' do + impact 1.0 + title 'google_compute_routers resource test' + + describe google_compute_routers(project: gcp_project_id, region: gcp_location) do + its('names') { should include router['name'] } + end +end