Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: inspec/inspec-gcp
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.5.0
Choose a base ref
...
head repository: inspec/inspec-gcp
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.6.0
Choose a head ref

Commits on Aug 17, 2018

  1. Merge pull request #43 from inspec/fix-deb-eol-tf-modules

    Resolve Debian 8 EOL issue, now pin all tf module versions explicitly.
    davymcaleer authored Aug 17, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    d29d247 View commit details

Commits on Aug 22, 2018

  1. Merge pull request #44 from inspec/version-bump-050

    Bump version to v0.5.0
    russellseymour authored Aug 22, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    3561fd7 View commit details

Commits on Aug 23, 2018

  1. Adding google_compute_network and google_compute_subnetwork resources.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 23, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    62246de View commit details
  2. Added google_compute_network(s) and google_compute_subnetwork(s) reso…

    …urces.
    
    - Includes docs, tests, tf updates etc.
    - README now includes above resources
    - Remove unnecessary lines google_compute_zones
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 23, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    b1c9ae1 View commit details
  3. Readability fix in google_compute_networks test.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 23, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    7b84f96 View commit details

Commits on Aug 24, 2018

  1. Minor Rubocop fixes.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 24, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    0db00de View commit details

Commits on Aug 29, 2018

  1. Merge pull request #45 from inspec/network-subnetwork

    Added google_compute_network(s) and google_compute_subnetwork(s) resources.
    russellseymour authored Aug 29, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    8d105fd View commit details
  2. Add google_compute_region(s) resources, tests etc. and updated README.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    5144754 View commit details
  3. Minor Rubocop fix.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    27f3fb8 View commit details
  4. Merge pull request #46 from inspec/add-regions

    Add google_compute_region(s) resources, tests etc. and updated README.
    russellseymour authored Aug 29, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    b91ff45 View commit details
  5. Updates for service account resources

    - Added google_service_accounts and google_service_account_key(s) resources
    - Refactored google_service_account to also use the fully-qualified name of the service account
    - Update tf to set the account ID field for service account to use display name string
    - Renamed generic_iam_service_account control to google_service_account for consistency
    - Improved documentation for google_project
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    e5a45ac View commit details
  6. Update method signature and display name for service account.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    82a7b9f View commit details
  7. Update README with new service account resources. Improve display nam…

    …e for service account and add email as a filterable parameter for service accounts.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    03cfdd0 View commit details
  8. Rubocoppppppppppppppppping.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    4cd60a1 View commit details
  9. Removing unnecessary methods from service account key resource.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    dc9b986 View commit details
  10. Minor documentation fixes in kms crypto keys and key rings. Added hel…

    …per to get rotation period in crypto key.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    34fbfe0 View commit details
  11. Minor fix for region instead of zone in first google_compute_region e…

    …xample.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Aug 29, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    bce1688 View commit details

Commits on Sep 3, 2018

  1. Added google_project_logging_audit_config resource.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 3, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    9b7ff0d View commit details
  2. Added google_logging_project_sinks resource and helper method to stor…

    …age buckets for versioning.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 3, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    9c6f889 View commit details

Commits on Sep 4, 2018

  1. Added google_project_metric(s), minor updates to sinks docs and tests.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 4, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    3137a29 View commit details
  2. Added helper method to determine if a network is legacy or not.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 4, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    9463d8b View commit details
  3. Add google_dns_managed_zones.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 4, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    d63c2dc View commit details

Commits on Sep 5, 2018

  1. Added google_dns_managed_zone, added helper method for rdp in firewal…

    …l rule and minor update to managed_zone docs.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 5, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    d53ecb0 View commit details
  2. Added property to subnetworks resource to track flow logs.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 5, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    887ce22 View commit details
  3. Merge pull request #47 from inspec/service-accounts

     Updates for service account and related resources
    russellseymour authored Sep 5, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    f6add3a View commit details
  4. Merge pull request #48 from inspec/minor-region-doc-fix

    Minor fix for region instead of zone in first google_compute_region e…
    russellseymour authored Sep 5, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    00a7ca3 View commit details
  5. Merge pull request #50 from inspec/network-updates-2

    Networking related updates
    russellseymour authored Sep 5, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    6b8eeae View commit details
  6. Merge pull request #49 from inspec/project-audit-logging

    Project audit logging
    russellseymour authored Sep 5, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    f2d536d View commit details
  7. Added helper method for block ssh keys.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 5, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    881aad8 View commit details
  8. Added google_compute_project_info resource. Updated helper in instance.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 5, 2018

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    9559c1d View commit details
  9. Added helper for serial ports to instance.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 5, 2018
    Copy the full SHA
    aea7dc8 View commit details
  10. Add csek helper method.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 5, 2018
    Copy the full SHA
    5cfacf2 View commit details

Commits on Sep 6, 2018

  1. Added google_storage_bucket_objects plural resource.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 6, 2018
    Copy the full SHA
    d67cc8e View commit details
  2. Added helper method for bucket logging.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 6, 2018
    Copy the full SHA
    fd3942b View commit details
  3. Rework google_storage_default_object_acl to avoid Not Found exceptions.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 6, 2018
    Copy the full SHA
    b4c5964 View commit details
  4. Update tf template with cloud sql resources.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 6, 2018
    Copy the full SHA
    d3c2249 View commit details
  5. Added google_sql_database_instance(s) resources, docs, tests, tf. Upd…

    …ated docs in zones.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 6, 2018
    Copy the full SHA
    88d43aa View commit details

Commits on Sep 7, 2018

  1. Added property to database instances and helper methods to instance r…

    …esource.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 7, 2018
    Copy the full SHA
    fb9086c View commit details
  2. Added google_sql_users resource and updates to sql instances.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 7, 2018
    Copy the full SHA
    b759f9e View commit details
  3. Added helper methods to container clusters and node pool resources.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 7, 2018
    Copy the full SHA
    9dfff87 View commit details

Commits on Sep 10, 2018

  1. Updates for kubernetes resources.

    - Several helpers added to cluster(s) and node pool resources.
    
    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 10, 2018
    Copy the full SHA
    ab1ebf8 View commit details
  2. Ignore Layout/EmptyLineAfterGuardClause.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 10, 2018
    Copy the full SHA
    a84d3e1 View commit details

Commits on Sep 11, 2018

  1. Merge pull request #51 from inspec/vm-updates

    VM Updates
    russellseymour authored Sep 11, 2018
    Copy the full SHA
    79350a4 View commit details
  2. Merge pull request #53 from inspec/cloud-sql

    Cloud SQL resources
    russellseymour authored Sep 11, 2018
    Copy the full SHA
    2c16726 View commit details
  3. Adding ' ' as per PR feedback.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 11, 2018
    Copy the full SHA
    6c59c5f View commit details
  4. Merge pull request #54 from inspec/kube-updates

    Kubernetes resource updates
    russellseymour authored Sep 11, 2018
    Copy the full SHA
    ab2bab0 View commit details
  5. Merge pull request #52 from inspec/storage-updates

    Storage updates
    russellseymour authored Sep 11, 2018
    Copy the full SHA
    f58c106 View commit details
  6. Added resource doc links from recent PRs.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 11, 2018
    Copy the full SHA
    ed42473 View commit details
  7. Merge pull request #55 from inspec/update-readme

    Added resource doc links from recent PRs.
    russellseymour authored Sep 11, 2018
    Copy the full SHA
    189d457 View commit details
  8. Updates to controls affected by service account name change.

    Signed-off-by: Stuart Paterson <spaterson@chef.io>
    Stuart Paterson committed Sep 11, 2018
    Copy the full SHA
    be7af7b View commit details
Showing with 3,686 additions and 72 deletions.
  1. +2 −0 .rubocop.yml
  2. +35 −0 CHANGELOG.md
  3. +11 −4 Dockerfile
  4. +62 −13 README.md
  5. +16 −1 docs/resources/google_compute_instance.md
  6. +77 −0 docs/resources/google_compute_network.md
  7. +72 −0 docs/resources/google_compute_networks.md
  8. +49 −0 docs/resources/google_compute_project_info.md
  9. +77 −0 docs/resources/google_compute_region.md
  10. +77 −0 docs/resources/google_compute_regions.md
  11. +81 −0 docs/resources/google_compute_subnetwork.md
  12. +81 −0 docs/resources/google_compute_subnetworks.md
  13. +1 −1 docs/resources/google_compute_zones.md
  14. +3 −2 docs/resources/google_container_clusters.md
  15. +56 −0 docs/resources/google_dns_managed_zone.md
  16. +72 −0 docs/resources/google_dns_managed_zones.md
  17. +1 −1 docs/resources/google_kms_crypto_keys.md
  18. +1 −1 docs/resources/google_kms_key_rings.md
  19. +77 −0 docs/resources/google_logging_project_sinks.md
  20. +7 −1 docs/resources/google_project.md
  21. +78 −0 docs/resources/google_project_alert_policies.md
  22. +49 −0 docs/resources/google_project_alert_policy.md
  23. +50 −0 docs/resources/google_project_alert_policy_condition.md
  24. +51 −0 docs/resources/google_project_logging_audit_config.md
  25. +49 −0 docs/resources/google_project_metric.md
  26. +71 −0 docs/resources/google_project_metrics.md
  27. +6 −6 docs/resources/google_projects.md
  28. +4 −4 docs/resources/google_service_account.md
  29. +44 −0 docs/resources/google_service_account_key.md
  30. +64 −0 docs/resources/google_service_account_keys.md
  31. +84 −0 docs/resources/google_service_accounts.md
  32. +69 −0 docs/resources/google_sql_database_instance.md
  33. +89 −0 docs/resources/google_sql_database_instances.md
  34. +69 −0 docs/resources/google_sql_users.md
  35. +75 −0 docs/resources/google_storage_bucket_objects.md
  36. +61 −0 docs/resources/google_user.md
  37. +78 −0 docs/resources/google_users.md
  38. +1 −1 inspec.yml
  39. +4 −0 libraries/google_compute_firewall.rb
  40. +60 −0 libraries/google_compute_instance.rb
  41. +48 −0 libraries/google_compute_network.rb
  42. +46 −0 libraries/google_compute_networks.rb
  43. +47 −0 libraries/google_compute_project_info.rb
  44. +46 −0 libraries/google_compute_region.rb
  45. +46 −0 libraries/google_compute_regions.rb
  46. +39 −0 libraries/google_compute_subnetwork.rb
  47. +54 −0 libraries/google_compute_subnetworks.rb
  48. +0 −2 libraries/google_compute_zones.rb
  49. +79 −2 libraries/google_container_cluster.rb
  50. +3 −1 libraries/google_container_clusters.rb
  51. +28 −1 libraries/google_container_node_pool.rb
  52. +55 −0 libraries/google_dns_managed_zone.rb
  53. +55 −0 libraries/google_dns_managed_zones.rb
  54. +11 −0 libraries/google_kms_crypto_key.rb
  55. +48 −0 libraries/google_logging_project_sinks.rb
  56. +6 −1 libraries/google_project.rb
  57. +52 −0 libraries/google_project_alert_policies.rb
  58. +40 −0 libraries/google_project_alert_policy.rb
  59. +65 −0 libraries/google_project_alert_policy_condition.rb
  60. +53 −0 libraries/google_project_logging_audit_config.rb
  61. +35 −0 libraries/google_project_metric.rb
  62. +49 −0 libraries/google_project_metrics.rb
  63. +17 −11 libraries/google_service_account.rb
  64. +34 −0 libraries/google_service_account_key.rb
  65. +44 −0 libraries/google_service_account_keys.rb
  66. +50 −0 libraries/google_service_accounts.rb
  67. +52 −0 libraries/google_sql_database_instance.rb
  68. +46 −0 libraries/google_sql_database_instances.rb
  69. +42 −0 libraries/google_sql_users.rb
  70. +11 −0 libraries/google_storage_bucket.rb
  71. +48 −0 libraries/google_storage_bucket_objects.rb
  72. +8 −2 libraries/google_storage_default_object_acl.rb
  73. +9 −2 libraries/google_storage_object_acl.rb
  74. +45 −0 libraries/google_user.rb
  75. +50 −0 libraries/google_users.rb
  76. +62 −2 test/integration/build/gcp.tf
  77. +9 −0 test/integration/configuration/gcp_inspec_config.rb
  78. +23 −0 test/integration/verify/controls/google_compute_network.rb
  79. +17 −0 test/integration/verify/controls/google_compute_networks.rb
  80. +14 −0 test/integration/verify/controls/google_compute_project_info.rb
  81. +16 −0 test/integration/verify/controls/google_compute_region.rb
  82. +16 −0 test/integration/verify/controls/google_compute_region_zones_loop.rb
  83. +20 −0 test/integration/verify/controls/google_compute_regions.rb
  84. +15 −0 test/integration/verify/controls/google_compute_regions_loop.rb
  85. +25 −0 test/integration/verify/controls/google_compute_subnetwork.rb
  86. +20 −0 test/integration/verify/controls/google_compute_subnetworks.rb
  87. +19 −0 test/integration/verify/controls/google_logging_project_sinks.rb
  88. +14 −0 test/integration/verify/controls/google_project_logging_audit_config.rb
  89. +3 −3 test/integration/verify/controls/{generic_iam_service_account.rb → google_service_account.rb}
  90. +20 −0 test/integration/verify/controls/google_service_account_key.rb
  91. +18 −0 test/integration/verify/controls/google_service_account_keys.rb
  92. +18 −0 test/integration/verify/controls/google_service_accounts.rb
  93. +17 −0 test/integration/verify/controls/google_sql_database_instance.rb
  94. +17 −0 test/integration/verify/controls/google_sql_database_instances.rb
  95. +16 −0 test/integration/verify/controls/google_sql_users.rb
  96. +3 −2 test/integration/verify/controls/google_storage_bucket_acl.rb
  97. +4 −3 test/integration/verify/controls/google_storage_bucket_iam_binding.rb
  98. +18 −0 test/integration/verify/controls/google_storage_bucket_objects.rb
  99. +3 −2 test/integration/verify/controls/google_storage_default_object_acl.rb
  100. +3 −2 test/integration/verify/controls/google_storage_object_acl.rb
  101. +1 −1 test/integration/verify/inspec.yml
2 changes: 2 additions & 0 deletions .rubocop.yml
Original file line number Diff line number Diff line change
@@ -44,6 +44,8 @@ Style/PercentLiteralDelimiters:
'%x': ()
Layout/AlignHash:
Enabled: false
Layout/EmptyLineAfterGuardClause:
Enabled: false
Naming/PredicateName:
Enabled: false
Style/ClassAndModuleChildren:
35 changes: 35 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,40 @@
# Change Log

## [v0.6.0](https://github.com/inspec/inspec-gcp/tree/v0.6.0) (2018-10-18)
[Full Changelog](https://github.com/inspec/inspec-gcp/compare/v0.5.0...v0.6.0)

**Closed issues:**

- google\_project resource works with project ID/number instead of name as seen in the docs [\#39](https://github.com/inspec/inspec-gcp/issues/39)
- Improved firewall rule handling [\#27](https://github.com/inspec/inspec-gcp/issues/27)
- Enhancement: Support Fuzzy Match with Instance Group Name [\#23](https://github.com/inspec/inspec-gcp/issues/23)
- google\_compute\_instance\_group doesn't respond to exists? or exist? [\#22](https://github.com/inspec/inspec-gcp/issues/22)
- google\_compute\_instance\_group: location symbol doesn't exist [\#21](https://github.com/inspec/inspec-gcp/issues/21)
- Node Pool fails requiring cluster\_id [\#20](https://github.com/inspec/inspec-gcp/issues/20)
- google\_container\_node\_pool.rb example bug [\#19](https://github.com/inspec/inspec-gcp/issues/19)
- found the documentation [\#17](https://github.com/inspec/inspec-gcp/issues/17)

**Merged pull requests:**

- Improve google\_project\#to\_s output [\#62](https://github.com/inspec/inspec-gcp/pull/62) ([adrienthebo](https://github.com/adrienthebo))
- Add service account auth instructions and example [\#60](https://github.com/inspec/inspec-gcp/pull/60) ([alexpop](https://github.com/alexpop))
- Adding google\_user\(s\) and project alert policy resources [\#59](https://github.com/inspec/inspec-gcp/pull/59) ([skpaterson](https://github.com/skpaterson))
- Added support for metadata and label content based compliance [\#58](https://github.com/inspec/inspec-gcp/pull/58) ([pleonovitch](https://github.com/pleonovitch))
- Updated Dockerfile with more layers and terraform [\#57](https://github.com/inspec/inspec-gcp/pull/57) ([jjasghar](https://github.com/jjasghar))
- Updates to controls affected by service account name change. [\#56](https://github.com/inspec/inspec-gcp/pull/56) ([skpaterson](https://github.com/skpaterson))
- Added resource doc links from recent PRs. [\#55](https://github.com/inspec/inspec-gcp/pull/55) ([skpaterson](https://github.com/skpaterson))
- Kubernetes resource updates [\#54](https://github.com/inspec/inspec-gcp/pull/54) ([skpaterson](https://github.com/skpaterson))
- Cloud SQL resources [\#53](https://github.com/inspec/inspec-gcp/pull/53) ([skpaterson](https://github.com/skpaterson))
- Storage updates [\#52](https://github.com/inspec/inspec-gcp/pull/52) ([skpaterson](https://github.com/skpaterson))
- VM Updates [\#51](https://github.com/inspec/inspec-gcp/pull/51) ([skpaterson](https://github.com/skpaterson))
- Networking related updates [\#50](https://github.com/inspec/inspec-gcp/pull/50) ([skpaterson](https://github.com/skpaterson))
- Project audit logging [\#49](https://github.com/inspec/inspec-gcp/pull/49) ([skpaterson](https://github.com/skpaterson))
- Minor fix for region instead of zone in first google\_compute\_region e… [\#48](https://github.com/inspec/inspec-gcp/pull/48) ([skpaterson](https://github.com/skpaterson))
- Updates for service account and related resources [\#47](https://github.com/inspec/inspec-gcp/pull/47) ([skpaterson](https://github.com/skpaterson))
- Add google\_compute\_region\(s\) resources, tests etc. and updated README. [\#46](https://github.com/inspec/inspec-gcp/pull/46) ([skpaterson](https://github.com/skpaterson))
- Added google\_compute\_network\(s\) and google\_compute\_subnetwork\(s\) resources. [\#45](https://github.com/inspec/inspec-gcp/pull/45) ([skpaterson](https://github.com/skpaterson))
- Bump version to v0.5.0 [\#44](https://github.com/inspec/inspec-gcp/pull/44) ([skpaterson](https://github.com/skpaterson))

## [v0.5.0](https://github.com/inspec/inspec-gcp/tree/v0.5.0) (2018-08-21)
[Full Changelog](https://github.com/inspec/inspec-gcp/compare/v0.4.0...v0.5.0)

15 changes: 11 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
FROM ruby:2.5
MAINTAINER Chef Software, Inc. <docker@chef.io>

ARG TF_VERSION=0.11.8

COPY Gemfile .
RUN bundle install && gem list && apt-get update && apt-get install unzip
ADD https://releases.hashicorp.com/terraform/0.11.5/terraform_0.11.5_linux_amd64.zip?_ga=2.134313713.1219822892.1522329583-243569858.1522329583 .
RUN unzip terraform_0.11.5_linux_amd64.zip && mv terraform /usr/local/bin/ && mkdir /inspec
RUN bundle install
RUN gem list && apt-get update
RUN apt-get install unzip
ADD https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip .
RUN unzip terraform_${TF_VERSION}_linux_amd64.zip && mv terraform /usr/local/bin/ && mkdir /inspec
RUN rm terraform_${TF_VERSION}_linux_amd64.zip
RUN apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /inspec

75 changes: 62 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
@@ -6,28 +6,53 @@ This implementation was inspired on the ideas by [Martez Reed](https://github.co

## Prerequisites

1. *Install and configure the Google cloud SDK*
### Install and configure the Google cloud SDK*

Download the [SDK](https://cloud.google.com/sdk/docs/) and run the installation:
```
./google-cloud-sdk/install.sh
```

2. Create credentials file via:
### Create credentials file via:
```bash
$ gcloud auth application-default login
```
If successful, this should be similar to:
```bash
$ cat ~/.config/gcloud/application_default_credentials.json
$ cat ~/.config/gcloud/application_default_credentials.json
{
"client_id": "764086051850-6qr4p6gpi6hn50asdr.apps.googleusercontent.com",
"client_secret": "d-fasdfasdfasdfaweroi23jknrmfs;f8sh",
"refresh_token": "1/asdfjlklwna;ldkna'dfmk-lCkju3-yQmjr20xVZonrfkE48L",
"type": "authorized_user"
}
```
3. Enable the appropriate APIs that you want to use:

While InSpec can use user accounts for authentication, [Google Cloud documentation](https://cloud.google.com/docs/authentication/) recommends using service accounts.

The json credential file for a service account looks like this:
```bash
$ cat /Users/john/.config/gcloud/myproject-1-feb7993e8660.json
{
"type": "service_account",
"project_id": "myproject-1",
"private_key_id": "eb45b2fc0c33ea9b6fa212aaa08b1ed814bf8660",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADAN3662...fke9n6LAf268E/4EWhIzg==\n-----END PRIVATE KEY-----\n",
"client_email": "auto-testing@myproject-1.iam.gserviceaccount.com",
"client_id": "112144174133171863632",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/auto-testing%40myproject-1.iam.gserviceaccount.com"
}
```

And InSpec can be instructed to use it by setting this ENV variable prior to running `inspec exec`:
```bash
$ export GOOGLE_APPLICATION_CREDENTIALS='/Users/john/.config/gcloud/myproject-1-feb7993e8660.json'
```

### Enable the appropriate APIs that you want to use:

- [Enable Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/)
- [Enable Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com)
@@ -75,12 +100,21 @@ The following resources are available in the InSpec GCP Profile
- [google_compute_instance_group](docs/resources/google_compute_instance_group.md)
- [google_compute_instance_groups](docs/resources/google_compute_instance_groups.md)
- [google_compute_instances](docs/resources/google_compute_instances.md)
- [google_compute_network](docs/resources/google_compute_network.md)
- [google_compute_networks](docs/resources/google_compute_networks.md)
- [google_compute_project_info](docs/resources/google_compute_project_info.md)
- [google_compute_region](docs/resources/google_compute_region.md)
- [google_compute_regions](docs/resources/google_compute_regions.md)
- [google_compute_subnetwork](docs/resources/google_compute_subnetwork.md)
- [google_compute_subnetworks](docs/resources/google_compute_subnetworks.md)
- [google_compute_zone](docs/resources/google_compute_zone.md)
- [google_compute_zones](docs/resources/google_compute_zones.md)
- [google_container_cluster](docs/resources/google_container_cluster.md)
- [google_container_clusters](docs/resources/google_container_clusters.md)
- [google_container_node_pool](docs/resources/google_container_node_pool.md)
- [google_container_node_pools](docs/resources/google_container_node_pools.md)
- [google_dns_managed_zone](docs/resources/google_dns_managed_zone.md)
- [google_dns_managed_zones](docs/resources/google_dns_managed_zones.md)
- [google_kms_crypto_key](docs/resources/google_kms_crypto_key.md)
- [google_kms_crypto_key_iam_binding](docs/resources/google_kms_crypto_key_iam_binding.md)
- [google_kms_crypto_key_iam_bindings](docs/resources/google_kms_crypto_key_iam_bindings.md)
@@ -91,21 +125,36 @@ The following resources are available in the InSpec GCP Profile
- [google_kms_key_rings](docs/resources/google_kms_key_rings.md)
- [google_logging_project_exclusion](docs/resources/google_logging_project_exclusion.md)
- [google_logging_project_sink](docs/resources/google_logging_project_sink.md)
- [google_logging_project_sinks](docs/resources/google_logging_project_sinks.md)
- [google_project](docs/resources/google_project.md)
- [google_project_alert_policies](docs/resources/google_project_alert_policies.md)
- [google_project_alert_policy](docs/resources/google_project_alert_policy.md)
- [google_project_alert_policy_condition](docs/resources/google_project_alert_policy_condition.md)
- [google_project_iam_binding](docs/resources/google_project_iam_binding.md)
- [google_project_iam_bindings](docs/resources/google_project_iam_bindings.md)
- [google_project_iam_custom_role](docs/resources/google_project_iam_custom_role.md)
- [google_project_logging_audit_config](docs/resources/google_project_logging_audit_config.md)
- [google_project_metric](docs/resources/google_project_metric.md)
- [google_project_metrics](docs/resources/google_project_metrics.md)
- [google_projects](docs/resources/google_projects.md)
- [google_service_account](docs/resources/google_service_account.md)
- [google_service_account_key](docs/resources/google_service_account_key.md)
- [google_service_account_keys](docs/resources/google_service_account_keys.md)
- [google_service_accounts](docs/resources/google_service_accounts.md)
- [google_sql_database_instance](docs/resources/google_sql_database_instance.md)
- [google_sql_database_instances](docs/resources/google_sql_database_instances.md)
- [google_sql_users](docs/resources/google_sql_users.md)
- [google_storage_bucket](docs/resources/google_storage_bucket.md)
- [google_storage_bucket_acl](docs/resources/google_storage_bucket_acl.md)
- [google_storage_bucket_iam_binding](docs/resources/google_storage_bucket_iam_binding.md)
- [google_storage_bucket_iam_bindings](docs/resources/google_storage_bucket_iam_bindings.md)
- [google_storage_bucket_object](docs/resources/google_storage_bucket_object.md)
- [google_storage_bucket_objects](docs/resources/google_storage_bucket_objects.md)
- [google_storage_buckets](docs/resources/google_storage_buckets.md)
- [google_storage_default_object_acl](docs/resources/google_storage_default_object_acl.md)
- [google_storage_object_acl](docs/resources/google_storage_object_acl.md)
- [google_user](docs/resources/google_user.md)
- [google_users](docs/resources/google_users.md)
## Examples
@@ -135,7 +184,7 @@ This example assumes there are sufficient privileges to list all GCP projects.

### Check that a particular label exists on all VMs across all projects and zones

This check ensures that VMs have label `must_be_there` for each project:
This check ensures that VMs have label `must_be_there` for each project:
```
title 'Loop over all GCP projects and ensure all VMs have a particular label'
@@ -194,31 +243,31 @@ $ bundle exec rake test:integration
Alternatively, finer grained rake tasks are also available. Executing these in order is the same as the above command:
* Initialize local workspace (terraform init)
``` bash
$ bundle exec rake test:init_workspace
$ bundle exec rake test:init_workspace
```
* Plan integration tests - ensures variables are set for Inspec and Terraform, runs "terraform plan"
``` bash
$ bundle exec rake test:plan_integration_tests
$ bundle exec rake test:plan_integration_tests
```
* Set up integration tests - actually creates the resources in GCP (terraform apply)
``` bash
$ bundle exec rake test:setup_integration_tests
$ bundle exec rake test:setup_integration_tests
```
* Run integration tests - runs the tests (inspec exec)
``` bash
$ bundle exec rake test:run_integration_tests
$ bundle exec rake test:run_integration_tests
```
* Clean up integration tests - removes GCP resources (terraform destroy)
``` bash
$ bundle exec rake test:cleanup_integration_tests
$ bundle exec rake test:cleanup_integration_tests
```

## Further Reading

* [Introduction to InSpec GCP](https://lollyrock.com/articles/inspec-cloud-gcp-setup/)
* [InSpec GCP Deep Dive](https://blog.chef.io/2018/06/19/inspec-gcp-deep-dive/)

## FAQ
## FAQ

### Failure running "inspec exec" on my GCP profile

@@ -264,4 +313,4 @@ The InSpec GCP resources are community supported. For bugs and features, please

## Kudos

This implementation is inspired by [inspec-azure](https://github.com/chef/inspec-azure) and [inspec-gcp](https://github.com/martezr/inspec-gcp)
This implementation is inspired by [inspec-azure](https://github.com/chef/inspec-azure) and [inspec-gcp](https://github.com/martezr/inspec-gcp)
17 changes: 16 additions & 1 deletion docs/resources/google_compute_instance.md
Original file line number Diff line number Diff line change
@@ -81,11 +81,26 @@ The following examples show how to use this InSpec audit resource.
its('labels_keys') { should include 'my_favourite_label' }
end

### Test that a particular compute instance label value is matching regexp
describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm').label_value_by_key('business-area') do
it { should match '^(marketing|research)$' }
end

### Test that a particular compute instance metadata key is present
describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm') do
its('metadata_keys') { should include 'patching-type' }
end

### Test that a particular compute instance metadata value is matching regexp
describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm').metadata_value_by_key('patching-window') do
it { should match '^\d{1}-\d{2}$' }
end

<br>

## Properties

* `cpu_platform`, `creation_timestamp`, `deletion_protection`, `disks`, `id`, `kind`, `label_fingerprint`, `machine_type`, `metadata`, `name`, `network_interfaces`, `scheduling`, `start_restricted`, `status`, `tags`, `zone`, `labels_keys`, `labels_values`
* `cpu_platform`, `creation_timestamp`, `deletion_protection`, `disks`, `id`, `kind`, `label_fingerprint`, `machine_type`, `metadata`, `name`, `network_interfaces`, `scheduling`, `start_restricted`, `status`, `tags`, `zone`, `labels_keys`, `labels_values`, `label_value_by_key`, `metadata_keys`, `metadata_values`, `metadata_value_by_key`

<br>

77 changes: 77 additions & 0 deletions docs/resources/google_compute_network.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
---
title: About the google_compute_network Resource
platform: gcp
---

# google\_compute\_network

Use the `google_compute_network` InSpec audit resource to test properties of a single GCP compute network.

<br>

## Syntax

A `google_compute_network` resource block declares the tests for a single GCP zone by project and name.

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
it { should exist }
its('name') { should eq 'gcp-inspec-network' }
end

<br>

## Examples

The following examples show how to use this InSpec audit resource.

### Test that a GCP compute network exists

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
it { should exist }
end

### Test when a GCP compute network was created

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
end

### Test for an expected network identifier

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
its('id') { should eq 12345567789 }
end


### Test whether a single attached subnetwork name is correct

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
its ('subnetworks.count') { should eq 1 }
its ('subnetworks.first') { should match "subnetwork-name"}
end

### Test whether the network is configured to automatically create subnetworks or not

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
its ('auto_create_subnetworks'){ should be false }
end


### Check the network routing configuration routing mode

describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
its ('routing_config.routing_mode') { should eq "REGIONAL" }
end

<br>

## Properties

* `auto_create_subnetworks`, `creation_timestamp`, `creation_timestamp_date`, `id`, `kind`, `name`, `routing_config`, `subnetworks`

<br>


## GCP Permissions

Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
Loading