Add plural resources

docs/resources/google_compute_firewalls.md.erb

@@ -0,0 +1,80 @@
+---
+title: About the google_compute_firewalls Resource
+platform: gcp
+---
+
+# google\_compute\_firewalls
+
+Use the `google_compute_firewalls` InSpec audit resource to test properties of all GCP compute firewalls for a project.
+
+<br>
+
+## Syntax
+
+A `google_compute_firewalls` resource block collects GCP firewalls by project then tests that group.
+
+    describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+      it { should exist }
+    end
+
+Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_firewall`.
+
+    google_compute_firewalls(project: 'chef-inspec-gcp').firewall_names.each do |firewall_name|
+      describe google_compute_firewall(project: 'chef-inspec-gcp',  name: firewall_name) do
+        it { should exist }
+        its('kind') { should eq "compute#firewall" }
+      end
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that there are no more than a specified number of firewalls available for the project
+
+    describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+      its('entries.count') { should be <= 100}
+    end
+
+### Test the exact number of firewalls in the project
+
+    describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+      its('firewall_ids.count') { should cmp 8 }
+    end
+
+### Test that an expected firewall is available for the project
+
+    describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+      its('firewall_names') { should include "my-app-firewall-rule" }
+    end
+
+### Test that a particular named rule does not exist
+
+    describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+      its('firewall_names') { should_not include "default-allow-ssh" }
+    end
+
+### Test there are no firewalls for the "INGRESS" direction
+
+    describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+      its('firewall_directions') { should_not include "INGRESS" }
+    end
+
+<br>
+
+## Filter Criteria
+
+This resource currently does not support any filter criteria; it will always fetch all available firewalls.
+
+## Properties
+
+*  `firewall_id`, `firewall_name`, `firewall_directions`
+
+<br>
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.

docs/resources/google_compute_instance.md.erb

@@ -75,11 +75,17 @@ The following examples show how to use this InSpec audit resource.
       its('first_network_interface_type'){ should eq "one_to_one_nat" }
     end
 
+### Test that a particular compute instance label key is present
+
+    describe google_compute_instance(project: 'chef-inspec-gcp',  zone: 'us-east1-b', name: 'inspec-test-vm') do
+      its('labels_keys') { should include 'my_favourite_label' }
+    end
+
 <br>
 
 ## Properties
 
-*  `cpu_platform`, `creation_timestamp`, `deletion_protection`, `disks`, `id`, `kind`, `label_fingerprint`, `machine_type`, `metadata`, `name`, `network_interfaces`, `scheduling`, `start_restricted`, `status`, `tags`, `zone`
+*  `cpu_platform`, `creation_timestamp`, `deletion_protection`, `disks`, `id`, `kind`, `label_fingerprint`, `machine_type`, `metadata`, `name`, `network_interfaces`, `scheduling`, `start_restricted`, `status`, `tags`, `zone`, `labels_keys`, `labels_values`
 
 <br>
 

docs/resources/google_compute_zone.md.erb

@@ -0,0 +1,56 @@
+---
+title: About the google_compute_zone Resource
+platform: gcp
+---
+
+# google\_compute\_zone
+
+Use the `google_compute_zone` InSpec audit resource to test properties of a single GCP compute zone.
+
+<br>
+
+## Syntax
+
+A `google_compute_zone` resource block declares the tests for a single GCP zone by project and name.
+
+    describe google_compute_zone(project: 'chef-inspec-gcp',  zone: 'us-east1-b') do
+      it { should exist }
+      its('name') { should match 'us-east1-b' }
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that a GCP compute zone does not exist
+
+    describe google_compute_zone(project: 'chef-inspec-gcp',  zone: 'us-east1-b') do
+      it { should_not exist }
+    end
+
+### Test that a GCP compute zone is in the expected state
+
+    describe google_compute_zone(project: 'chef-inspec-gcp',  zone: 'us-east1-b') do
+      its('status') { should eq 'UP' }
+    end
+
+### Test that a GCP compute zone has an expected CPU platform
+
+    describe google_compute_zone(project: 'chef-inspec-gcp',  zone: 'us-east1-b') do
+      its('available_cpu_platforms') { should include "Intel Skylake" }
+    end
+
+<br>
+
+## Properties
+
+*  `available_cpu_platforms`, `creation_timestamp`, `description`, `id`, `kind`, `name`, `region`, `status`, `region_name`
+
+<br>
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.

docs/resources/google_compute_zones.md.erb

@@ -0,0 +1,75 @@
+---
+title: About the google_compute_zones Resource
+platform: gcp
+---
+
+# google\_compute\_zones
+
+Use the `google_compute_zones` InSpec audit resource to test properties of all GCP compute zones for a project in a particular zone.
+
+<br>
+
+## Syntax
+
+A `google_compute_zones` resource block collects GCP zones by project then tests that group.
+
+    describe google_compute_zones(project: 'chef-inspec-gcp') do
+      it { should exist }
+    end
+
+Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_zone`.
+
+    google_compute_zones(project: 'chef-inspec-gcp').zone_names.each do |zone_name|
+      describe google_compute_zone(project: 'chef-inspec-gcp',  zone: zone_name) do
+        it { should exist }
+        its('kind') { should eq "compute#zone" }
+        its('status') { should eq 'UP' }
+      end
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that there are no more than a specified number of zones available for the project
+
+    describe google_compute_zones(project: 'chef-inspec-gcp') do
+      its('entries.count') { should be <= 100}
+    end
+
+### Test the exact number of zones in the project
+
+    describe google_compute_zones(project: 'chef-inspec-gcp') do
+      its('zone_ids.count') { should cmp 9 }
+    end
+
+### Test that an expected zone is available for the project
+
+    describe google_compute_zones(project: 'chef-inspec-gcp') do
+      its('zone_names') { should include "us-east1-b" }
+    end
+
+### Test whether any zones are in status "DOWN"
+
+    describe google_compute_zones(project: 'chef-inspec-gcp') do
+      its('zone_statuses') { should_not include "DOWN" }
+    end
+
+<br>
+
+## Filter Criteria
+
+This resource currently does not support any filter criteria; it will always fetch all available zones.
+
+## Properties
+
+*  `zone_id`, `zone_name`, `zone_statuses`
+
+<br>
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.

libraries/google_compute_firewall.rb

@@ -8,7 +8,7 @@ class GoogleComputeFirewall < GcpResourceBase
     desc 'Verifies settings for a compute firewall rule'
 
     example "
-      describe google_compute_firewall(project: 'chef-inspec-gcp', location: 'us-west2', name: 'gcp-inspec-test') do
+      describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'gcp-inspec-test') do
         it { should exist }
         its('name') { should eq 'inspec-test' }
         its('status') { should eq 'in_use' }
@@ -51,6 +51,10 @@ def ports_protocol_allowed(port_list, protocol = 'tcp', index = 0)
       end
     end
 
+    def exists?
+      [email protected]?
+    end
+
     def to_s
       "Firewall Rule #{@display_name}"
     end

libraries/google_compute_firewalls.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'gcp_backend'
+
+module Inspec::Resources
+  class GoogleComputeFirewalls < GcpResourceBase
+    name 'google_compute_firewalls'
+    desc 'Verifies settings for GCP compute firewalls in bulk'
+
+    example "
+      describe google_compute_firewalls(project: 'chef-inspec-gcp') do
+        it { should exist }
+        ...
+      end
+    "
+
+    def initialize(opts = {})
+      # Call the parent class constructor
+      super(opts)
+      @display_name = opts[:name]
+      @project = opts[:project]
+    end
+
+    # FilterTable setup
+    filter_table_config = FilterTable.create
+    filter_table_config.add_accessor(:where)
+    filter_table_config.add_accessor(:entries)
+    filter_table_config.add(:exist?) { |filter_table| !filter_table.entries.empty? }
+    filter_table_config.add(:count) { |filter_table| filter_table.entries.count }
+    filter_table_config.add(:firewall_ids, field: :firewall_id)
+    filter_table_config.add(:firewall_names, field: :firewall_name)
+    filter_table_config.add(:firewall_directions, field: :firewall_direction)
+    filter_table_config.add(:colors, field: :color, type: :simple)
+    filter_table_config.connect(self, :fetch_data)
+
+    def fetch_data
+      firewall_rows = []
+      catch_gcp_errors do
+        @firewalls = @gcp.gcp_compute_client.list_firewalls(@project)
+      end
+      return [] if [email protected]
+      @firewalls.items.map do |firewall|
+        firewall_rows+=[{ firewall_id: firewall.id,
+                      firewall_name: firewall.name,
+                      firewall_direction: firewall.direction }]
+      end
+      @table = firewall_rows
+    end
+  end
+end

libraries/google_compute_instance.rb

@@ -98,6 +98,18 @@ def machine_size
       machine_type.split('/').last
     end
 
+    # helper for returning label keys to perform checks
+    def labels_keys
+      return [] if !defined?(labels)
+      labels.item.keys
+    end
+
+    # helper for returning label values to perform checks
+    def labels_values
+      return [] if !defined?(labels)
+      labels.item.values
+    end
+
     def exists?
       [email protected]?
     end

libraries/google_compute_instances.rb

@@ -38,6 +38,7 @@ def fetch_data
       catch_gcp_errors do
         @instances = @gcp.gcp_compute_client.list_instances(@project, @zone)
       end
+      return [] if [email protected]
       @instances.items.map do |instance|
         instance_rows+=[{ instance_id: instance.id,
                         instance_name: instance.name }]

libraries/google_compute_zone.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'gcp_backend'
+
+module Inspec::Resources
+  class GoogleComputeZone < GcpResourceBase
+    name 'google_compute_zone'
+    desc 'Verifies settings for a zone'
+
+    example "
+      describe google_compute_zone(project: 'chef-inspec-gcp',  zone: 'us-east1-b') do
+        it { should exist }
+        its('name') { should match 'us-east1-b' }
+      end
+    "
+
+    def initialize(opts = {})
+      # Call the parent class constructor
+      super(opts)
+      @display_name = opts[:name]
+      catch_gcp_errors do
+        @zone = @gcp.gcp_compute_client.get_zone(opts[:project], opts[:name])
+        create_resource_methods(@zone)
+      end
+    end
+
+    # helper method for retrieving a region name
+    def region_name
+      return false if !defined?(region)
+      region.split('/').last
+    end
+
+    def exists?
+      [email protected]?
+    end
+
+    def to_s
+      "Zone #{@display_name}"
+    end
+  end
+end