Add instance group manager and resource record set resources

.rubocop.yml

@@ -1,5 +1,6 @@
 ---
 AllCops:
+  TargetRubyVersion: 2.4
   Exclude:
   - Gemfile
   - Rakefile

docs/resources/google_compute_disk.md

@@ -26,6 +26,10 @@ describe.one do
     end
   end
 end
+
+describe google_compute_disk(project: 'chef-gcp-inspec', name: 'nonexistent', zone: 'zone') do
+  it { should_not exist }
+end
 ```
 
 ## Properties
@@ -65,6 +69,8 @@ Properties that can be accessed from the `google_compute_disk` resource:
 
     * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
 
+    * `kmsKeyName`: The name of the encryption key that is stored in Google Cloud KMS.
+
   * `source_image_id`: The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.
 
   * `disk_encryption_key`: Encrypts the disk using a customer-supplied encryption key.  After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine).  Customer-supplied encryption keys do not protect access to metadata of the disk.  If you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later.
@@ -73,12 +79,16 @@ Properties that can be accessed from the `google_compute_disk` resource:
 
     * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
 
+    * `kmsKeyName`: The name of the encryption key that is stored in Google Cloud KMS.
+
   * `source_snapshot`: The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values:  * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` * `projects/project/global/snapshots/snapshot` * `global/snapshots/snapshot`
 
   * `source_snapshot_encryption_key`: The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.
 
     * `rawKey`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
 
+    * `kmsKeyName`: The name of the encryption key that is stored in Google Cloud KMS.
+
     * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
 
   * `source_snapshot_id`: The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used.

docs/resources/google_compute_instance_group_manager.md

@@ -0,0 +1,74 @@
+---
+title: About the InstanceGroupManager resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_compute_instance_group_manager` is used to test a Google InstanceGroupManager resource
+
+## Examples
+```
+describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-gcp-igm') do
+  it { should exist }
+
+  its('base_instance_name') { should eq 'igm' }
+  its('named_ports.count') { should cmp 1 }
+  its('named_ports.first.name') { should eq 'port' }
+  its('named_ports.first.port') { should eq '80' }
+  its('instance_template') { should match 'gcp-managed-group-name' }
+end
+
+describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_instance_group_manager` resource:
+
+  * `base_instance_name`: The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035.
+
+  * `creation_timestamp`: The creation timestamp for this managed instance group in RFC3339 text format.
+
+  * `current_actions`: The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions.
+
+    * `abandoning`: The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.
+
+    * `creating`: The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully.  If you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated.
+
+    * `creatingWithoutRetries`: The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly.
+
+    * `deleting`: The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.
+
+    * `none`: The number of instances in the managed instance group that are running and have no scheduled actions.
+
+    * `recreating`: The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.
+
+    * `refreshing`: The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.
+
+    * `restarting`: The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.
+
+  * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+  * `id`: A unique identifier for this resource
+
+  * `instance_group`: The instance group being managed
+
+  * `instance_template`: The instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group.
+
+  * `name`: The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035.
+
+  * `named_ports`: Named ports configured for the Instance Groups complementary to this Instance Group Manager.
+
+    * `name`: The name for this named port. The name must be 1-63 characters long, and comply with RFC1035.
+
+    * `port`: The port number, which can be a value between 1 and 65535.
+
+  * `region`: The region this managed instance group resides (for regional resources).
+
+  * `target_pools`: TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.
+
+  * `target_size`: The target number of running instances for this managed instance group. Deleting or abandoning instances reduces this number. Resizing the group changes this number.
+
+  * `zone`: The zone the managed instance group resides.

docs/resources/google_compute_instance_group_managers.md

@@ -0,0 +1,38 @@
+---
+title: About the InstanceGroupManager resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_compute_instance_group_managers` is used to test a Google InstanceGroupManager resource
+
+## Examples
+```
+describe google_compute_instance_group_managers(project: 'chef-gcp-inspec', zone: 'zone') do
+  its('base_instance_names') { should include 'igm' }
+end
+
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_instance_group_managers` resource:
+
+See [google_compute_instance_group_manager.md](google_compute_instance_group_manager.md) for more detailed information
+  * `base_instance_names`: an array of `google_compute_instance_group_manager` base_instance_name
+  * `creation_timestamps`: an array of `google_compute_instance_group_manager` creation_timestamp
+  * `current_actions`: an array of `google_compute_instance_group_manager` current_actions
+  * `descriptions`: an array of `google_compute_instance_group_manager` description
+  * `ids`: an array of `google_compute_instance_group_manager` id
+  * `instance_groups`: an array of `google_compute_instance_group_manager` instance_group
+  * `instance_templates`: an array of `google_compute_instance_group_manager` instance_template
+  * `names`: an array of `google_compute_instance_group_manager` name
+  * `named_ports`: an array of `google_compute_instance_group_manager` named_ports
+  * `regions`: an array of `google_compute_instance_group_manager` region
+  * `target_pools`: an array of `google_compute_instance_group_manager` target_pools
+  * `target_sizes`: an array of `google_compute_instance_group_manager` target_size
+  * `zones`: an array of `google_compute_instance_group_manager` zone
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.

docs/resources/google_compute_ssl_policy.md

@@ -16,6 +16,10 @@ describe google_compute_ssl_policy(project: 'chef-gcp-inspec', name: 'inspec-gcp
   its('custom_features') { should include 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' }
   its('custom_features') { should include 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' }
 end
+
+describe google_compute_ssl_policy(project: 'chef-gcp-inspec', name: 'nonexistent') do
+  it { should_not exist }
+end
 ```
 
 ## Properties

docs/resources/google_dns_resource_record_set.md

@@ -0,0 +1,32 @@
+---
+title: About the ResourceRecordSet resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_dns_resource_record_set` is used to test a Google ResourceRecordSet resource
+
+## Examples
+```
+describe google_dns_resource_record_set(project: 'chef-gcp-inspec', name: 'backend.my.domain.com.', type: 'A', managed_zone: 'inspec-gcp-managed-zone') do
+  it { should exist }
+  its('type') { should eq 'A' }
+  its('ttl') { should eq '300' }
+  its('target') { should include '8.8.8.8' }
+  its('target') { should include '8.8.4.4' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_dns_resource_record_set` resource:
+
+  * `name`: For example, www.example.com.
+
+  * `type`: One of valid DNS resource types.
+
+  * `ttl`: Number of seconds that this ResourceRecordSet can be cached by resolvers.
+
+  * `target`: As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)
+
+  * `managed_zone`: Identifies the managed zone addressed by this request. Can be the managed zone name or id.

docs/resources/google_dns_resource_record_sets.md

@@ -0,0 +1,33 @@
+---
+title: About the ResourceRecordSet resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_dns_resource_record_sets` is used to test a Google ResourceRecordSet resource
+
+## Examples
+```
+describe google_dns_resource_record_sets(project: 'chef-gcp-inspec', name: 'backend.my.domain.com.', managed_zone: 'inspec-gcp-managed-zone') do
+  its('count') { should eq 3 }
+  its('types') { should include 'A' }
+  its('ttls') { should include '300' }
+  its('targets.flatten') { should include '8.8.8.8' }
+  its('targets.flatten') { should include '8.8.4.4' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_dns_resource_record_sets` resource:
+
+See [google_dns_resource_record_set.md](google_dns_resource_record_set.md) for more detailed information
+  * `names`: an array of `google_dns_resource_record_set` name
+  * `types`: an array of `google_dns_resource_record_set` type
+  * `ttls`: an array of `google_dns_resource_record_set` ttl
+  * `targets`: an array of `google_dns_resource_record_set` target
+  * `managed_zones`: an array of `google_dns_resource_record_set` managed_zone
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.

docs/resources/google_pubsub_subscription.md

@@ -0,0 +1,32 @@
+---
+title: About the Subscription resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_pubsub_subscription` is used to test a Google Subscription resource
+
+## Examples
+```
+describe google_pubsub_subscription(project: 'chef-gcp-inspec', name: 'inspec-gcp-subscription') do
+  it { should exist }
+end
+
+describe google_pubsub_subscription(project: 'chef-gcp-inspec', name: 'nonexistent') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_subscription` resource:
+
+  * `name`: Name of the subscription.
+
+  * `topic`: A reference to a Topic resource.
+
+  * `push_config`: If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.
+
+    * `pushEndpoint`: A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
+
+  * `ack_deadline_seconds`: This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis).  For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes). If this parameter is 0, a default value of 10 seconds is used.  For push delivery, this value is also used to set the request timeout for the call to the push endpoint.  If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message.

docs/resources/google_pubsub_subscriptions.md

@@ -0,0 +1,36 @@
+---
+title: About the Subscription resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_pubsub_subscriptions` is used to test a Google Subscription resource
+
+## Examples
+```
+describe google_pubsub_subscriptions(project: 'chef-gcp-inspec') do
+  it { should exist }
+  its('count') { should eq 1 }
+end
+
+google_pubsub_subscriptions(project: 'chef-gcp-inspec').names.each do |subscription_name|
+  describe google_pubsub_subscription(project: 'chef-gcp-inspec', name: subscription_name) do
+    it { should exist }
+  end
+end
+
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_subscriptions` resource:
+
+See [google_pubsub_subscription.md](google_pubsub_subscription.md) for more detailed information
+  * `names`: an array of `google_pubsub_subscription` name
+  * `topics`: an array of `google_pubsub_subscription` topic
+  * `push_configs`: an array of `google_pubsub_subscription` push_config
+  * `ack_deadline_seconds`: an array of `google_pubsub_subscription` ack_deadline_seconds
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.

docs/resources/google_pubsub_topic.md

@@ -0,0 +1,24 @@
+---
+title: About the Topic resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_pubsub_topic` is used to test a Google Topic resource
+
+## Examples
+```
+describe google_pubsub_topic(project: 'chef-gcp-inspec', name: 'inspec-gcp-topic') do
+  it { should exist }
+end
+
+describe google_pubsub_topic(project: 'chef-gcp-inspec', name: 'nonexistent') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_topic` resource:
+
+  * `name`: Name of the topic.

docs/resources/google_pubsub_topics.md

@@ -0,0 +1,34 @@
+---
+title: About the Topic resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_pubsub_topics` is used to test a Google Topic resource
+
+## Examples
+```
+describe google_pubsub_topics(project: 'chef-gcp-inspec') do
+  it { should exist }
+  its('names') { should include 'inspec-gcp-topic' }
+  its('count') { should eq 1 }
+end
+
+google_pubsub_topics(project: 'chef-gcp-inspec').names.each do |topic_name|
+  describe google_pubsub_topic(project: 'chef-gcp-inspec', name: topic_name) do
+    its('name') { should eq 'inspec-gcp-topic' }
+  end
+end
+
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_topics` resource:
+
+See [google_pubsub_topic.md](google_pubsub_topic.md) for more detailed information
+  * `names`: an array of `google_pubsub_topic` name
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.

libraries/gcp_backend.rb

@@ -44,6 +44,10 @@ def create_resource_methods(object)
     dm = GcpResourceDynamicMethods.new
     dm.create_methods(self, object)
   end
+
+  def name_from_self_link(property)
+    property&.split('/')&.last
+  end
 end
 # end
 
@@ -193,7 +197,11 @@ def initialize
   def fetch_auth
     unless @service_account_file.nil?
       return Network::Authorization.new.for!(
-        ['https://www.googleapis.com/auth/compute.readonly'],
+        [
+          'https://www.googleapis.com/auth/compute.readonly',
+          'https://www.googleapis.com/auth/pubsub',
+          'https://www.googleapis.com/auth/ndev.clouddns.readonly',
+        ],
       ).from_service_account_json!(
         @service_account_file,
       )