From 785cf40dff949900f630409ca02ceb154eed3a5b Mon Sep 17 00:00:00 2001 From: Stuart Paterson Date: Mon, 4 Mar 2019 14:41:05 +0000 Subject: [PATCH] Ensure region selection works as expected. Update integration test and available resources documentation. Change MM container cluster region to default to gcp_location. Fixes #114. Signed-off-by: Stuart Paterson --- README.md | 168 +++++++++--------- test/integration/build/gcp-mm.tf | 2 +- .../configuration/mm-attributes.yml | 1 - 3 files changed, 85 insertions(+), 86 deletions(-) diff --git a/README.md b/README.md index 74fc56674..ec9dcb627 100644 --- a/README.md +++ b/README.md @@ -143,88 +143,72 @@ supports: The following resources are available in the InSpec GCP Profile -- [google_compute_address](docs/resources/google_compute_address.md) -- [google_compute_disk](docs/resources/google_compute_disk.md) -- [google_compute_disks](docs/resources/google_compute_disks.md) -- [google_compute_firewall](docs/resources/google_compute_firewall.md) -- [google_compute_firewalls](docs/resources/google_compute_firewalls.md) -- [google_compute_forwarding_rule](docs/resources/google_compute_forwarding_rule.md) -- [google_compute_forwarding_rules](docs/resources/google_compute_forwarding_rules.md) -- [google_compute_image](docs/resources/google_compute_image.md) -- [google_compute_instance](docs/resources/google_compute_instance.md) -- [google_compute_instance_group](docs/resources/google_compute_instance_group.md) -- [google_compute_instance_group_manager](docs/resources/google_compute_instance_group_manager.md) -- [google_compute_instance_group_managers](docs/resources/google_compute_instance_group_managers.md) -- [google_compute_instance_groups](docs/resources/google_compute_instance_groups.md) -- [google_compute_instances](docs/resources/google_compute_instances.md) -- [google_compute_network](docs/resources/google_compute_network.md) -- [google_compute_networks](docs/resources/google_compute_networks.md) -- [google_compute_project_info](docs/resources/google_compute_project_info.md) -- [google_compute_region](docs/resources/google_compute_region.md) -- [google_compute_region_instance_group_manager](docs/resources/google_compute_region_instance_group_manager.md) -- [google_compute_region_instance_group_managers](docs/resources/google_compute_region_instance_group_managers.md) -- [google_compute_regions](docs/resources/google_compute_regions.md) -- [google_compute_ssl_policies](docs/resources/google_compute_ssl_policies.md) -- [google_compute_ssl_policy](docs/resources/google_compute_ssl_policy.md) -- [google_compute_subnetwork](docs/resources/google_compute_subnetwork.md) -- [google_compute_subnetworks](docs/resources/google_compute_subnetworks.md) -- [google_compute_vpn_tunnel](docs/resources/google_compute_vpn_tunnel.md) -- [google_compute_vpn_tunnels](docs/resources/google_compute_vpn_tunnels.md) -- [google_compute_zone](docs/resources/google_compute_zone.md) -- [google_compute_zones](docs/resources/google_compute_zones.md) -- [google_container_cluster](docs/resources/google_container_cluster.md) -- [google_container_clusters](docs/resources/google_container_clusters.md) -- [google_container_node_pool](docs/resources/google_container_node_pool.md) -- [google_container_node_pools](docs/resources/google_container_node_pools.md) -- [google_dns_managed_zone](docs/resources/google_dns_managed_zone.md) -- [google_dns_managed_zones](docs/resources/google_dns_managed_zones.md) -- [google_dns_resource_record_set](docs/resources/google_dns_resource_record_set.md) -- [google_dns_resource_record_sets](docs/resources/google_dns_resource_record_sets.md) -- [google_kms_crypto_key](docs/resources/google_kms_crypto_key.md) -- [google_kms_crypto_key_iam_binding](docs/resources/google_kms_crypto_key_iam_binding.md) -- [google_kms_crypto_key_iam_bindings](docs/resources/google_kms_crypto_key_iam_bindings.md) -- [google_kms_crypto_keys](docs/resources/google_kms_crypto_keys.md) -- [google_kms_key_ring](docs/resources/google_kms_key_ring.md) -- [google_kms_key_ring_iam_binding](docs/resources/google_kms_key_ring_iam_binding.md) -- [google_kms_key_ring_iam_bindings](docs/resources/google_kms_key_ring_iam_bindings.md) -- [google_kms_key_rings](docs/resources/google_kms_key_rings.md) -- [google_logging_project_exclusion](docs/resources/google_logging_project_exclusion.md) -- [google_logging_project_sink](docs/resources/google_logging_project_sink.md) -- [google_logging_project_sinks](docs/resources/google_logging_project_sinks.md) -- [google_project](docs/resources/google_project.md) -- [google_project_alert_policies](docs/resources/google_project_alert_policies.md) -- [google_project_alert_policy](docs/resources/google_project_alert_policy.md) -- [google_project_alert_policy_condition](docs/resources/google_project_alert_policy_condition.md) -- [google_project_iam_binding](docs/resources/google_project_iam_binding.md) -- [google_project_iam_bindings](docs/resources/google_project_iam_bindings.md) -- [google_project_iam_custom_role](docs/resources/google_project_iam_custom_role.md) -- [google_project_logging_audit_config](docs/resources/google_project_logging_audit_config.md) -- [google_project_metric](docs/resources/google_project_metric.md) -- [google_project_metrics](docs/resources/google_project_metrics.md) -- [google_projects](docs/resources/google_projects.md) -- [google_pubsub_subscription](docs/resources/google_pubsub_subscription.md) -- [google_pubsub_subscriptions](docs/resources/google_pubsub_subscriptions.md) -- [google_pubsub_topic](docs/resources/google_pubsub_topic.md) -- [google_pubsub_topics](docs/resources/google_pubsub_topics.md) -- [google_service_account](docs/resources/google_service_account.md) -- [google_service_account_key](docs/resources/google_service_account_key.md) -- [google_service_account_keys](docs/resources/google_service_account_keys.md) -- [google_service_accounts](docs/resources/google_service_accounts.md) -- [google_sql_database_instance](docs/resources/google_sql_database_instance.md) -- [google_sql_database_instances](docs/resources/google_sql_database_instances.md) -- [google_sql_users](docs/resources/google_sql_users.md) -- [google_storage_bucket](docs/resources/google_storage_bucket.md) -- [google_storage_bucket_acl](docs/resources/google_storage_bucket_acl.md) -- [google_storage_bucket_iam_binding](docs/resources/google_storage_bucket_iam_binding.md) -- [google_storage_bucket_iam_bindings](docs/resources/google_storage_bucket_iam_bindings.md) -- [google_storage_bucket_object](docs/resources/google_storage_bucket_object.md) -- [google_storage_bucket_objects](docs/resources/google_storage_bucket_objects.md) -- [google_storage_buckets](docs/resources/google_storage_buckets.md) -- [google_storage_default_object_acl](docs/resources/google_storage_default_object_acl.md) -- [google_storage_object_acl](docs/resources/google_storage_object_acl.md) -- [google_user](docs/resources/google_user.md) -- [google_users](docs/resources/google_users.md) - +| InSpec GCP Supported Resources| [https://www.inspec.io/docs/reference/resources/#gcp-resources](https://www.inspec.io/docs/reference/resources/#gcp-resources) | +|:---|:---| +| [google_bigquery_dataset](docs/resources/google_bigquery_dataset.md) | [google_bigquery_datasets](docs/resources/google_bigquery_datasets.md) | +| [google_bigquery_table](docs/resources/google_bigquery_table.md) | [google_bigquery_tables](docs/resources/google_bigquery_tables.md) | +| [google_cloudbuild_trigger](docs/resources/google_cloudbuild_trigger.md) | [google_cloudbuild_triggers](docs/resources/google_cloudbuild_triggers.md) | +| [google_compute_address](docs/resources/google_compute_address.md) | [google_compute_autoscaler](docs/resources/google_compute_autoscaler.md) | +| [google_compute_autoscalers](docs/resources/google_compute_autoscalers.md) | [google_compute_backend_service](docs/resources/google_compute_backend_service.md) | +| [google_compute_backend_services](docs/resources/google_compute_backend_services.md) | [google_compute_disk](docs/resources/google_compute_disk.md) | +| [google_compute_disks](docs/resources/google_compute_disks.md) | [google_compute_firewall](docs/resources/google_compute_firewall.md) | +| [google_compute_firewalls](docs/resources/google_compute_firewalls.md) | [google_compute_forwarding_rule](docs/resources/google_compute_forwarding_rule.md) | +| [google_compute_forwarding_rules](docs/resources/google_compute_forwarding_rules.md) | [google_compute_global_address](docs/resources/google_compute_global_address.md) | +| [google_compute_global_addresses](docs/resources/google_compute_global_addresses.md) | [google_compute_global_forwarding_rule](docs/resources/google_compute_global_forwarding_rule.md) | +| [google_compute_global_forwarding_rules](docs/resources/google_compute_global_forwarding_rules.md) | [google_compute_health_check](docs/resources/google_compute_health_check.md) | +| [google_compute_health_checks](docs/resources/google_compute_health_checks.md) | [google_compute_http_health_check](docs/resources/google_compute_http_health_check.md) | +| [google_compute_http_health_checks](docs/resources/google_compute_http_health_checks.md) | [google_compute_https_health_check](docs/resources/google_compute_https_health_check.md) | +| [google_compute_https_health_checks](docs/resources/google_compute_https_health_checks.md) | [google_compute_image](docs/resources/google_compute_image.md) | +| [google_compute_instance](docs/resources/google_compute_instance.md) | [google_compute_instance_group](docs/resources/google_compute_instance_group.md) | +| [google_compute_instance_group_manager](docs/resources/google_compute_instance_group_manager.md) | [google_compute_instance_group_managers](docs/resources/google_compute_instance_group_managers.md) | +| [google_compute_instance_groups](docs/resources/google_compute_instance_groups.md) | [google_compute_instance_template](docs/resources/google_compute_instance_template.md) | +| [google_compute_instance_templates](docs/resources/google_compute_instance_templates.md) | [google_compute_instances](docs/resources/google_compute_instances.md) | +| [google_compute_network](docs/resources/google_compute_network.md) | [google_compute_networks](docs/resources/google_compute_networks.md) | +| [google_compute_project_info](docs/resources/google_compute_project_info.md) | [google_compute_region](docs/resources/google_compute_region.md) | +| [google_compute_region_instance_group_manager](docs/resources/google_compute_region_instance_group_manager.md) | [google_compute_region_instance_group_managers](docs/resources/google_compute_region_instance_group_managers.md) | +| [google_compute_regions](docs/resources/google_compute_regions.md) | [google_compute_route](docs/resources/google_compute_route.md) | +| [google_compute_router](docs/resources/google_compute_router.md) | [google_compute_routers](docs/resources/google_compute_routers.md) | +| [google_compute_routes](docs/resources/google_compute_routes.md) | [google_compute_snapshot](docs/resources/google_compute_snapshot.md) | +| [google_compute_snapshots](docs/resources/google_compute_snapshots.md) | [google_compute_ssl_certificate](docs/resources/google_compute_ssl_certificate.md) | +| [google_compute_ssl_certificates](docs/resources/google_compute_ssl_certificates.md) | [google_compute_ssl_policies](docs/resources/google_compute_ssl_policies.md) | +| [google_compute_ssl_policy](docs/resources/google_compute_ssl_policy.md) | [google_compute_subnetwork](docs/resources/google_compute_subnetwork.md) | +| [google_compute_subnetworks](docs/resources/google_compute_subnetworks.md) | [google_compute_target_http_proxies](docs/resources/google_compute_target_http_proxies.md) | +| [google_compute_target_http_proxy](docs/resources/google_compute_target_http_proxy.md) | [google_compute_target_https_proxies](docs/resources/google_compute_target_https_proxies.md) | +| [google_compute_target_https_proxy](docs/resources/google_compute_target_https_proxy.md) | [google_compute_target_pool](docs/resources/google_compute_target_pool.md) | +| [google_compute_target_pools](docs/resources/google_compute_target_pools.md) | [google_compute_target_tcp_proxies](docs/resources/google_compute_target_tcp_proxies.md) | +| [google_compute_target_tcp_proxy](docs/resources/google_compute_target_tcp_proxy.md) | [google_compute_url_map](docs/resources/google_compute_url_map.md) | +| [google_compute_url_maps](docs/resources/google_compute_url_maps.md) | [google_compute_vpn_tunnel](docs/resources/google_compute_vpn_tunnel.md) | +| [google_compute_vpn_tunnels](docs/resources/google_compute_vpn_tunnels.md) | [google_compute_zone](docs/resources/google_compute_zone.md) | +| [google_compute_zones](docs/resources/google_compute_zones.md) | [google_container_cluster](docs/resources/google_container_cluster.md) | +| [google_container_clusters](docs/resources/google_container_clusters.md) | [google_container_node_pool](docs/resources/google_container_node_pool.md) | +| [google_container_node_pools](docs/resources/google_container_node_pools.md) | [google_container_regional_cluster](docs/resources/google_container_regional_cluster.md) | +| [google_container_regional_clusters](docs/resources/google_container_regional_clusters.md) | [google_dns_managed_zone](docs/resources/google_dns_managed_zone.md) | +| [google_dns_managed_zones](docs/resources/google_dns_managed_zones.md) | [google_dns_resource_record_set](docs/resources/google_dns_resource_record_set.md) | +| [google_dns_resource_record_sets](docs/resources/google_dns_resource_record_sets.md) | [google_kms_crypto_key](docs/resources/google_kms_crypto_key.md) | +| [google_kms_crypto_key_iam_binding](docs/resources/google_kms_crypto_key_iam_binding.md) | [google_kms_crypto_key_iam_bindings](docs/resources/google_kms_crypto_key_iam_bindings.md) | +| [google_kms_crypto_keys](docs/resources/google_kms_crypto_keys.md) | [google_kms_key_ring](docs/resources/google_kms_key_ring.md) | +| [google_kms_key_ring_iam_binding](docs/resources/google_kms_key_ring_iam_binding.md) | [google_kms_key_ring_iam_bindings](docs/resources/google_kms_key_ring_iam_bindings.md) | +| [google_kms_key_rings](docs/resources/google_kms_key_rings.md) | [google_logging_project_exclusion](docs/resources/google_logging_project_exclusion.md) | +| [google_logging_project_sink](docs/resources/google_logging_project_sink.md) | [google_logging_project_sinks](docs/resources/google_logging_project_sinks.md) | +| [google_organization](docs/resources/google_organization.md) | [google_organizations](docs/resources/google_organizations.md) | +| [google_project](docs/resources/google_project.md) | [google_project_alert_policies](docs/resources/google_project_alert_policies.md) | +| [google_project_alert_policy](docs/resources/google_project_alert_policy.md) | [google_project_alert_policy_condition](docs/resources/google_project_alert_policy_condition.md) | +| [google_project_iam_binding](docs/resources/google_project_iam_binding.md) | [google_project_iam_bindings](docs/resources/google_project_iam_bindings.md) | +| [google_project_iam_custom_role](docs/resources/google_project_iam_custom_role.md) | [google_project_logging_audit_config](docs/resources/google_project_logging_audit_config.md) | +| [google_project_metric](docs/resources/google_project_metric.md) | [google_project_metrics](docs/resources/google_project_metrics.md) | +| [google_projects](docs/resources/google_projects.md) | [google_pubsub_subscription](docs/resources/google_pubsub_subscription.md) | +| [google_pubsub_subscriptions](docs/resources/google_pubsub_subscriptions.md) | [google_pubsub_topic](docs/resources/google_pubsub_topic.md) | +| [google_pubsub_topics](docs/resources/google_pubsub_topics.md) | [google_service_account](docs/resources/google_service_account.md) | +| [google_service_account_key](docs/resources/google_service_account_key.md) | [google_service_account_keys](docs/resources/google_service_account_keys.md) | +| [google_service_accounts](docs/resources/google_service_accounts.md) | [google_sourcerepo_repositories](docs/resources/google_sourcerepo_repositories.md) | +| [google_sourcerepo_repository](docs/resources/google_sourcerepo_repository.md) | [google_sql_database_instance](docs/resources/google_sql_database_instance.md) | +| [google_sql_database_instances](docs/resources/google_sql_database_instances.md) | [google_sql_users](docs/resources/google_sql_users.md) | +| [google_storage_bucket](docs/resources/google_storage_bucket.md) | [google_storage_bucket_acl](docs/resources/google_storage_bucket_acl.md) | +| [google_storage_bucket_iam_binding](docs/resources/google_storage_bucket_iam_binding.md) | [google_storage_bucket_iam_bindings](docs/resources/google_storage_bucket_iam_bindings.md) | +| [google_storage_bucket_object](docs/resources/google_storage_bucket_object.md) | [google_storage_bucket_objects](docs/resources/google_storage_bucket_objects.md) | +| [google_storage_buckets](docs/resources/google_storage_buckets.md) | [google_storage_default_object_acl](docs/resources/google_storage_default_object_acl.md) | +| [google_storage_object_acl](docs/resources/google_storage_object_acl.md) | [google_user](docs/resources/google_user.md) | +| [google_users](docs/resources/google_users.md) | | ## Examples @@ -296,9 +280,8 @@ $ gcloud services enable compute.googleapis.com \ cloudkms.googleapis.com \ cloudbuild.googleapis.com ``` -5. Ensure the `In-use IP addresses` [quota](https://console.cloud.google.com/iam-admin/quotas) is set to 20 or above for `europe-west2` -6. Environment variables can be used to specify project details e.g. +5. Environment variables can be used to specify project details e.g. ```bash export GCP_PROJECT_NAME= export GCP_PROJECT_NUMBER= @@ -311,6 +294,23 @@ export GCP_ENABLE_PRIVILEGED_RESOURCES=1 ``` This takes effect during the "plan" task as described in the next section. Affected terraform resources are included/excluded and associated inspec tests enabled/disabled accordingly. +The resource pack defaults to region `europe-west2`. If a different region is desired e.g. `us-central1`, the following variables should be set: +```bash +export GCP_LOCATION="us-central1" +export GCP_ZONE="us-central1-a" +export GCP_LB_REGION="us-central1" +export GCP_LB_ZONE="us-central1-a" +export GCP_LB_ZONE_MIG2="us-central1-b" +export GCP_LB_ZONE_MIG3="us-central1-c" +export GCP_KUBE_CLUSTER_ZONE="us-central1-a" +export GCP_KUBE_CLUSTER_ZONE_EXTRA1="us-central1-b" +export GCP_KUBE_CLUSTER_ZONE_EXTRA2="us-central1-c" +``` + +Other regions can be targeted by updating the above. For example, see [https://cloud.google.com/compute/docs/regions-zones/](https://cloud.google.com/compute/docs/regions-zones/) for suitable values. + +6. Ensure the `In-use IP addresses` [quota](https://console.cloud.google.com/iam-admin/quotas) is set to 20 or above for chosen region + 7. Run the integration tests via: ```bash diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index b940273d5..6bdc69a95 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -349,7 +349,7 @@ resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { resource "google_container_cluster" "gcp-inspec-regional-cluster" { project = "${var.gcp_project_id}" name = "${var.regional_cluster["name"]}" - region = "${var.regional_cluster["region"]}" + region = "${var.gcp_location}" initial_node_count = "${var.regional_cluster["initial_node_count"]}" } diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 3c3dde1ce..f5c71daf1 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -118,7 +118,6 @@ target_tcp_proxy: regional_cluster: name: inspec-gcp-regional-cluster - region: europe-west2 initial_node_count: 1 route: