-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
For gcp inspec google_dataproc_cluster resource: Expose attributes around scheduled deletion #230
Comments
I can absolutely add this via Magic Modules. I have a large amount of changes in the pipeline, so this will likely need to happen after that. |
@slevenick that is excellent news, thanks. @sukchomb looking at this again, I see that the GCP API support is already there. Are you using an out of date GCP API? Until @slevenick has completed his magic module work, in the short term you could always create an InSpec command to call the gcloud command above - https://www.inspec.io/docs/reference/resources/command/ Cheers |
@lhasadreams the 'lifecycleConfig' section is exposed in the gcloud command And when I use the inspec command resource, I get Resource component versions I have installed are: Please advise what further steps I need to take to get the command resource working. Cheers, Sukhjit |
Hi Sukhjit, Create a new inspec.yml something like this: and then the control could be something like this (change to the command that you would like to run): You would then execute this in a shell on your local or remote machine with the gcloud credentials set. You could then use Ruby to parse the json retuned to make the tests that you require. Cheers, |
@slevenick How are you getting on with the gcp inspec resources for Dataproc? |
It's going to be blocked on this PR: #226 After those changes go through it should only take a day or two to add |
@slevenick Any update on #226 please? |
Detailed Description
At the present time we cannot perform any compliance checks in this area.
These attributes are also not exposed using the solid or beta API calls
gcloud dataproc clusters describe --region=us-central1
gcloud beta dataproc clusters describe --region=us-central1
Context
Having these attributes available to test will strengthen the security posture of the Platform.
Possible Implementation
The text was updated successfully, but these errors were encountered: