diff --git a/docs/resources/google_compute_instance_template.md b/docs/resources/google_compute_instance_template.md index e4aa3e7e7..7b5a9985d 100644 --- a/docs/resources/google_compute_instance_template.md +++ b/docs/resources/google_compute_instance_template.md @@ -110,6 +110,12 @@ Properties that can be accessed from the `google_compute_instance_template` reso * `type`: The type of configuration. The default and only option is ONE_TO_ONE_NAT. + * `set_public_ptr`: Specifies whether a public DNS PTR record should be created to map the external IP address of the instance to a DNS domain name. + + * `public_ptr_domain_name`: The DNS domain name for the public PTR record. You can set this field only if the setPublicPtr field is enabled. + + * `network_tier`: This signifies the networking tier used for configuring this access configuration. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. + * `alias_ip_ranges`: An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. * `ip_cidr_range`: The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (e.g. 10.2.3.4), a netmask (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). diff --git a/docs/resources/google_compute_router_nat.md b/docs/resources/google_compute_router_nat.md new file mode 100644 index 000000000..e2fae89fe --- /dev/null +++ b/docs/resources/google_compute_router_nat.md @@ -0,0 +1,68 @@ +--- +title: About the google_compute_router_nat resource +platform: gcp +--- + +## Syntax +A `google_compute_router_nat` is used to test a Google RouterNat resource + +## Examples +``` +describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do + it { should exist } + its('nat_ip_allocate_option') { should cmp 'AUTO_ONLY' } + its('source_subnetwork_ip_ranges_to_nat') { should cmp 'ALL_SUBNETWORKS_ALL_IP_RANGES' } + its('min_ports_per_vm') { should cmp '2' } + its('log_config.enable') { should cmp 'true' } + its('log_config.filter') { should cmp 'ERRORS_ONLY' } +end + +describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'nonexistent', name: 'nonexistent') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_router_nat` resource: + + + * `name`: Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035. + + * `nat_ip_allocate_option`: How external IPs should be allocated for this NAT. Valid values are `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. + + * `nat_ips`: Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + + * `source_subnetwork_ip_ranges_to_nat`: How NAT should be configured per Subnetwork. If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the IP ranges in every Subnetwork are allowed to Nat. If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP ranges in every Subnetwork are allowed to Nat. `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. + + * `subnetwork`: One or more subnetwork NAT configurations. Only used if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS` + + * `name`: Self-link of subnetwork to NAT + + * `source_ip_ranges_to_nat`: List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include: `ALL_IP_RANGES`, `LIST_OF_SECONDARY_IP_RANGES`, `PRIMARY_IP_RANGE`. + + * `secondary_ip_range_names`: List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if `LIST_OF_SECONDARY_IP_RANGES` is one of the values in sourceIpRangesToNat + + * `min_ports_per_vm`: Minimum number of ports allocated to a VM from this NAT. + + * `udp_idle_timeout_sec`: Timeout (in seconds) for UDP connections. Defaults to 30s if not set. + + * `icmp_idle_timeout_sec`: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. + + * `tcp_established_idle_timeout_sec`: Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. + + * `tcp_transitory_idle_timeout_sec`: Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. + + * `log_config`: Configuration for logging on NAT + + * `enable`: Indicates whether or not to export logs. + + * `filter`: Specifies the desired filtering of logs on this NAT. Valid values are: `"ERRORS_ONLY"`, `"TRANSLATIONS_ONLY"`, `"ALL"` + + * `router`: The name of the Cloud Router in which this NAT will be configured. + + * `region`: Region where the router and NAT reside. + + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_compute_router_nats.md b/docs/resources/google_compute_router_nats.md new file mode 100644 index 000000000..5e5558c07 --- /dev/null +++ b/docs/resources/google_compute_router_nats.md @@ -0,0 +1,40 @@ +--- +title: About the google_compute_router_nats resource +platform: gcp +--- + +## Syntax +A `google_compute_router_nats` is used to test a Google RouterNat resource + +## Examples +``` +describe google_compute_router_nats(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router') do + its('names') { should include 'inspec-router-nat' } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_router_nats` resource: + +See [google_compute_router_nat.md](google_compute_router_nat.md) for more detailed information + * `names`: an array of `google_compute_router_nat` name + * `nat_ip_allocate_options`: an array of `google_compute_router_nat` nat_ip_allocate_option + * `nat_ips`: an array of `google_compute_router_nat` nat_ips + * `source_subnetwork_ip_ranges_to_nats`: an array of `google_compute_router_nat` source_subnetwork_ip_ranges_to_nat + * `subnetworks`: an array of `google_compute_router_nat` subnetwork + * `min_ports_per_vms`: an array of `google_compute_router_nat` min_ports_per_vm + * `udp_idle_timeout_secs`: an array of `google_compute_router_nat` udp_idle_timeout_sec + * `icmp_idle_timeout_secs`: an array of `google_compute_router_nat` icmp_idle_timeout_sec + * `tcp_established_idle_timeout_secs`: an array of `google_compute_router_nat` tcp_established_idle_timeout_sec + * `tcp_transitory_idle_timeout_secs`: an array of `google_compute_router_nat` tcp_transitory_idle_timeout_sec + * `log_configs`: an array of `google_compute_router_nat` log_config + * `routers`: an array of `google_compute_router_nat` router + * `regions`: an array of `google_compute_router_nat` region + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/compute/property/instancetemplate_properties_network_interfaces_access_configs.rb b/libraries/google/compute/property/instancetemplate_properties_network_interfaces_access_configs.rb index 6396fddcb..7d8cc89d8 100644 --- a/libraries/google/compute/property/instancetemplate_properties_network_interfaces_access_configs.rb +++ b/libraries/google/compute/property/instancetemplate_properties_network_interfaces_access_configs.rb @@ -23,12 +23,21 @@ class InstanceTemplatePropertiesNetworkInterfacesAccessConfigs attr_reader :type + attr_reader :set_public_ptr + + attr_reader :public_ptr_domain_name + + attr_reader :network_tier + def initialize(args = nil, parent_identifier = nil) return if args.nil? @parent_identifier = parent_identifier @name = args['name'] @nat_ip = args['natIP'] @type = args['type'] + @set_public_ptr = args['setPublicPtr'] + @public_ptr_domain_name = args['publicPtrDomainName'] + @network_tier = args['networkTier'] end def to_s diff --git a/libraries/google/compute/property/routernat_log_config.rb b/libraries/google/compute/property/routernat_log_config.rb new file mode 100644 index 000000000..5b562a257 --- /dev/null +++ b/libraries/google/compute/property/routernat_log_config.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RouterNatLogConfig + attr_reader :enable + + attr_reader :filter + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enable = args['enable'] + @filter = args['filter'] + end + + def to_s + "#{@parent_identifier} RouterNatLogConfig" + end + end + end + end +end diff --git a/libraries/google/compute/property/routernat_subnetwork.rb b/libraries/google/compute/property/routernat_subnetwork.rb new file mode 100644 index 000000000..43942822f --- /dev/null +++ b/libraries/google/compute/property/routernat_subnetwork.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RouterNatSubnetwork + attr_reader :name + + attr_reader :source_ip_ranges_to_nat + + attr_reader :secondary_ip_range_names + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @name = args['name'] + @source_ip_ranges_to_nat = args['sourceIpRangesToNat'] + @secondary_ip_range_names = args['secondaryIpRangeNames'] + end + + def to_s + "#{@parent_identifier} RouterNatSubnetwork" + end + end + + class RouterNatSubnetworkArray + def self.parse(value, parent_identifier) + return if value.nil? + return RouterNatSubnetwork.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| RouterNatSubnetwork.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google_compute_router_nat.rb b/libraries/google_compute_router_nat.rb new file mode 100644 index 000000000..1396d6cae --- /dev/null +++ b/libraries/google_compute_router_nat.rb @@ -0,0 +1,99 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/compute/property/routernat_log_config' +require 'google/compute/property/routernat_subnetwork' + +# A provider to manage Compute Engine resources. +class ComputeRouterNat < GcpResourceBase + name 'google_compute_router_nat' + desc 'RouterNat' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :nat_ip_allocate_option + attr_reader :nat_ips + attr_reader :source_subnetwork_ip_ranges_to_nat + attr_reader :subnetwork + attr_reader :min_ports_per_vm + attr_reader :udp_idle_timeout_sec + attr_reader :icmp_idle_timeout_sec + attr_reader :tcp_established_idle_timeout_sec + attr_reader :tcp_transitory_idle_timeout_sec + attr_reader :log_config + attr_reader :router + attr_reader :region + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') + @fetched = unwrap(fetched, params) + parse unless @fetched.nil? + end + + def identity + %w{name} + end + + def collection_item + 'nats' + end + + def unwrap(fetched, params) + fetched[collection_item].find { |result| identity.all? { |id| result[id.to_sym] == params[id] } } + end + + def parse + @name = @fetched['name'] + @nat_ip_allocate_option = @fetched['natIpAllocateOption'] + @nat_ips = @fetched['natIps'] + @source_subnetwork_ip_ranges_to_nat = @fetched['sourceSubnetworkIpRangesToNat'] + @subnetwork = GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(@fetched['subnetworks'], to_s) + @min_ports_per_vm = @fetched['minPortsPerVm'] + @udp_idle_timeout_sec = @fetched['udpIdleTimeoutSec'] + @icmp_idle_timeout_sec = @fetched['icmpIdleTimeoutSec'] + @tcp_established_idle_timeout_sec = @fetched['tcpEstablishedIdleTimeoutSec'] + @tcp_transitory_idle_timeout_sec = @fetched['tcpTransitoryIdleTimeoutSec'] + @log_config = GoogleInSpec::Compute::Property::RouterNatLogConfig.new(@fetched['logConfig'], to_s) + @router = @fetched['router'] + @region = @fetched['region'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end + + def to_s + "RouterNat #{@params[:router]}" + end + + private + + def product_url + 'https://www.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/routers/{{router}}' + end +end diff --git a/libraries/google_compute_router_nats.rb b/libraries/google_compute_router_nats.rb new file mode 100644 index 000000000..c5ad08e36 --- /dev/null +++ b/libraries/google_compute_router_nats.rb @@ -0,0 +1,108 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class ComputeRouterNats < GcpResourceBase + name 'google_compute_router_nats' + desc 'RouterNat plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:nat_ip_allocate_options, field: :nat_ip_allocate_option) + filter_table_config.add(:nat_ips, field: :nat_ips) + filter_table_config.add(:source_subnetwork_ip_ranges_to_nats, field: :source_subnetwork_ip_ranges_to_nat) + filter_table_config.add(:subnetworks, field: :subnetwork) + filter_table_config.add(:min_ports_per_vms, field: :min_ports_per_vm) + filter_table_config.add(:udp_idle_timeout_secs, field: :udp_idle_timeout_sec) + filter_table_config.add(:icmp_idle_timeout_secs, field: :icmp_idle_timeout_sec) + filter_table_config.add(:tcp_established_idle_timeout_secs, field: :tcp_established_idle_timeout_sec) + filter_table_config.add(:tcp_transitory_idle_timeout_secs, field: :tcp_transitory_idle_timeout_sec) + filter_table_config.add(:log_configs, field: :log_config) + filter_table_config.add(:routers, field: :router) + filter_table_config.add(:regions, field: :region) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('nats') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { return :name, obj['name'] }, + 'natIpAllocateOption' => ->(obj) { return :nat_ip_allocate_option, obj['natIpAllocateOption'] }, + 'natIps' => ->(obj) { return :nat_ips, obj['natIps'] }, + 'sourceSubnetworkIpRangesToNat' => ->(obj) { return :source_subnetwork_ip_ranges_to_nat, obj['sourceSubnetworkIpRangesToNat'] }, + 'subnetworks' => ->(obj) { return :subnetwork, GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(obj['subnetworks'], to_s) }, + 'minPortsPerVm' => ->(obj) { return :min_ports_per_vm, obj['minPortsPerVm'] }, + 'udpIdleTimeoutSec' => ->(obj) { return :udp_idle_timeout_sec, obj['udpIdleTimeoutSec'] }, + 'icmpIdleTimeoutSec' => ->(obj) { return :icmp_idle_timeout_sec, obj['icmpIdleTimeoutSec'] }, + 'tcpEstablishedIdleTimeoutSec' => ->(obj) { return :tcp_established_idle_timeout_sec, obj['tcpEstablishedIdleTimeoutSec'] }, + 'tcpTransitoryIdleTimeoutSec' => ->(obj) { return :tcp_transitory_idle_timeout_sec, obj['tcpTransitoryIdleTimeoutSec'] }, + 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::RouterNatLogConfig.new(obj['logConfig'], to_s) }, + 'router' => ->(obj) { return :router, obj['router'] }, + 'region' => ->(obj) { return :region, obj['region'] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + private + + def product_url + 'https://www.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/routers/{{router}}' + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 4e4e55348..4e9619e09 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -193,6 +193,10 @@ variable "node_group" { type = "map" } +variable "router_nat" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" @@ -690,7 +694,7 @@ resource "google_compute_firewall" "dataproc" { resource "google_compute_network" "dataproc" { project = var.gcp_project_id - name = "dataproc-network" + name = "dataproc-network" } resource "google_dataproc_cluster" "mycluster" { @@ -838,3 +842,18 @@ resource "google_compute_node_group" "inspec-node-group" { size = var.node_group["size"] node_template = "${google_compute_node_template.inspec-template.self_link}" } + +resource "google_compute_router_nat" "inspec-nat" { + project = var.gcp_project_id + name = var.router_nat["name"] + router = google_compute_router.gcp-inspec-router.name + region = google_compute_router.gcp-inspec-router.region + nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] + source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] + min_ports_per_vm = var.router_nat["min_ports_per_vm"] + + log_config { + enable = var.router_nat["log_config_enable"] + filter = var.router_nat["log_config_filter"] + } +} diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 92b6cfdcb..89aabf593 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -315,4 +315,12 @@ node_template: node_group: name: inspec-node-group description: A description of the node group - size: 0 \ No newline at end of file + size: 0 + +router_nat: + name: inspec-router-nat + nat_ip_allocate_option: AUTO_ONLY + source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES + min_ports_per_vm: 2 + log_config_enable: true + log_config_filter: ERRORS_ONLY \ No newline at end of file diff --git a/test/integration/verify/controls/google_compute_router_nat.rb b/test/integration/verify/controls/google_compute_router_nat.rb new file mode 100644 index 000000000..6bd07f2be --- /dev/null +++ b/test/integration/verify/controls/google_compute_router_nat.rb @@ -0,0 +1,52 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_router_nat resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') +router = attribute('router', default: { + "name": "inspec-gcp-router", + "bgp_asn": 64514, + "bgp_advertise_mode": "CUSTOM", + "bgp_advertised_group": "ALL_SUBNETS", + "bgp_advertised_ip_range1": "1.2.3.4", + "bgp_advertised_ip_range2": "6.7.0.0/16" +}, description: 'Compute router description') +router_nat = attribute('router_nat', default: { + "name": "inspec-router-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "source_subnetwork_ip_ranges_to_nat": "ALL_SUBNETWORKS_ALL_IP_RANGES", + "min_ports_per_vm": 2, + "log_config_enable": true, + "log_config_filter": "ERRORS_ONLY" +}, description: 'Compute router NAT description') + +control 'google_compute_router_nat-1.0' do + impact 1.0 + title 'google_compute_router_nat resource test' + + describe google_compute_router_nat(project: gcp_project_id, region: gcp_location, router: router['name'], name: router_nat['name']) do + it { should exist } + its('nat_ip_allocate_option') { should cmp router_nat['nat_ip_allocate_option'] } + its('source_subnetwork_ip_ranges_to_nat') { should cmp router_nat['source_subnetwork_ip_ranges_to_nat'] } + its('min_ports_per_vm') { should cmp router_nat['min_ports_per_vm'] } + its('log_config.enable') { should cmp router_nat['log_config_enable'] } + its('log_config.filter') { should cmp router_nat['log_config_filter'] } + end + + describe google_compute_router(project: gcp_project_id, region: gcp_location, router: 'nonexistent', name: 'nonexistent') do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_compute_router_nats.rb b/test/integration/verify/controls/google_compute_router_nats.rb new file mode 100644 index 000000000..b0d46eaff --- /dev/null +++ b/test/integration/verify/controls/google_compute_router_nats.rb @@ -0,0 +1,43 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_router_nats resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') +router = attribute('router', default: { + "name": "inspec-gcp-router", + "bgp_asn": 64514, + "bgp_advertise_mode": "CUSTOM", + "bgp_advertised_group": "ALL_SUBNETS", + "bgp_advertised_ip_range1": "1.2.3.4", + "bgp_advertised_ip_range2": "6.7.0.0/16" +}, description: 'Compute router description') +router_nat = attribute('router_nat', default: { + "name": "inspec-router-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "source_subnetwork_ip_ranges_to_nat": "ALL_SUBNETWORKS_ALL_IP_RANGES", + "min_ports_per_vm": 2, + "log_config_enable": true, + "log_config_filter": "ERRORS_ONLY" +}, description: 'Compute router NAT description') + +control 'google_compute_router_nats-1.0' do + impact 1.0 + title 'google_compute_router_nats resource test' + + describe google_compute_router_nats(project: gcp_project_id, region: gcp_location, router: router['name']) do + its('names') { should include router_nat['name'] } + end +end